################################################################
# abuse.ch URLhaus IDS ruleset (Snort / Suricata)              #
# Last updated: 2024-07-27 01:53:22 (UTC)                      #
#                                                              #
# Terms Of Use: https://urlhaus.abuse.ch/api/                  #
# For questions please contact urlhaus [at] abuse.ch           #
################################################################
#
# url
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.220.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072460/; classtype:trojan-activity;sid:83935560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.41.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072459/; classtype:trojan-activity;sid:83935559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.105.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072458/; classtype:trojan-activity;sid:83935558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.9.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072457/; classtype:trojan-activity;sid:83935557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.51.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072456/; classtype:trojan-activity;sid:83935556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.171.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072455/; classtype:trojan-activity;sid:83935555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.104.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072454/; classtype:trojan-activity;sid:83935554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.55.22.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072453/; classtype:trojan-activity;sid:83935553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.153.109.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072452/; classtype:trojan-activity;sid:83935552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.141.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072451/; classtype:trojan-activity;sid:83935551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072448)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.137.223.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072448/; classtype:trojan-activity;sid:83935548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.163.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072449/; classtype:trojan-activity;sid:83935549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072450)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.188.135.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072450/; classtype:trojan-activity;sid:83935550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072447)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.123.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072447/; classtype:trojan-activity;sid:83935547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072446)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.90.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072446/; classtype:trojan-activity;sid:83935546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.74.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072445/; classtype:trojan-activity;sid:83935545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.18.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072443/; classtype:trojan-activity;sid:83935543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.41.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072442/; classtype:trojan-activity;sid:83935542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.250.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072441/; classtype:trojan-activity;sid:83935541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.128.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072439/; classtype:trojan-activity;sid:83935539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.92.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072440/; classtype:trojan-activity;sid:83935540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.148.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072438/; classtype:trojan-activity;sid:83935538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.88.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072437/; classtype:trojan-activity;sid:83935537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.241.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072436/; classtype:trojan-activity;sid:83935536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.82.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072435/; classtype:trojan-activity;sid:83935535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.172.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072434/; classtype:trojan-activity;sid:83935534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.208.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072433/; classtype:trojan-activity;sid:83935533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072432)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.164.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072432/; classtype:trojan-activity;sid:83935532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.203.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072431/; classtype:trojan-activity;sid:83935531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.117.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072430/; classtype:trojan-activity;sid:83935530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.137.195.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072429/; classtype:trojan-activity;sid:83935529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072428)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.13.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072428/; classtype:trojan-activity;sid:83935528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072427)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.117.183.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072427/; classtype:trojan-activity;sid:83935527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072426)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.237.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072426/; classtype:trojan-activity;sid:83935526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.74.109.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072425/; classtype:trojan-activity;sid:83935525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.183.42.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072424/; classtype:trojan-activity;sid:83935524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.255.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072423/; classtype:trojan-activity;sid:83935523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.82.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072422/; classtype:trojan-activity;sid:83935522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072421)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.139.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072421/; classtype:trojan-activity;sid:83935521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.185.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072420/; classtype:trojan-activity;sid:83935520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.4.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072419/; classtype:trojan-activity;sid:83935519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.230.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072418/; classtype:trojan-activity;sid:83935518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.10.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072417/; classtype:trojan-activity;sid:83935517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.41.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072416/; classtype:trojan-activity;sid:83935516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.250.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072415/; classtype:trojan-activity;sid:83935515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.160.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072414/; classtype:trojan-activity;sid:83935514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.46.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072413/; classtype:trojan-activity;sid:83935513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072411)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.212.54.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072411/; classtype:trojan-activity;sid:83935511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072412)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.110.69.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072412/; classtype:trojan-activity;sid:83935512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072410)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.255.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072410/; classtype:trojan-activity;sid:83935510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072409)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.14.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072409/; classtype:trojan-activity;sid:83935509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.128.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072406/; classtype:trojan-activity;sid:83935506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072407)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.19.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072407/; classtype:trojan-activity;sid:83935507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.125.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072408/; classtype:trojan-activity;sid:83935508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.207.174.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072404/; classtype:trojan-activity;sid:83935504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072403)"; flow:established,from_client; content:"GET"; http_method; content:"/586"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.154.172.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072403/; classtype:trojan-activity;sid:83935503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072402)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.154.172.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072402/; classtype:trojan-activity;sid:83935502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.147.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072400/; classtype:trojan-activity;sid:83935500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.241.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072401/; classtype:trojan-activity;sid:83935501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072396)"; flow:established,from_client; content:"GET"; http_method; content:"/sex.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.154.172.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072396/; classtype:trojan-activity;sid:83935496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072397)"; flow:established,from_client; content:"GET"; http_method; content:"/dss"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.154.172.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072397/; classtype:trojan-activity;sid:83935497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072398)"; flow:established,from_client; content:"GET"; http_method; content:"/dc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.154.172.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072398/; classtype:trojan-activity;sid:83935498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072399)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.154.172.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072399/; classtype:trojan-activity;sid:83935499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.148.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072395/; classtype:trojan-activity;sid:83935495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072386)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.154.172.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072386/; classtype:trojan-activity;sid:83935486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072387)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.154.172.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072387/; classtype:trojan-activity;sid:83935487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072388)"; flow:established,from_client; content:"GET"; http_method; content:"/co"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.154.172.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072388/; classtype:trojan-activity;sid:83935488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072389)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.154.172.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072389/; classtype:trojan-activity;sid:83935489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072390)"; flow:established,from_client; content:"GET"; http_method; content:"/arm61"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.154.172.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072390/; classtype:trojan-activity;sid:83935490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072391)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.154.172.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072391/; classtype:trojan-activity;sid:83935491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072392)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.154.172.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072392/; classtype:trojan-activity;sid:83935492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.204.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072393/; classtype:trojan-activity;sid:83935493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.92.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072394/; classtype:trojan-activity;sid:83935494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.172.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072385/; classtype:trojan-activity;sid:83935485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.213.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072384/; classtype:trojan-activity;sid:83935484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.208.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072383/; classtype:trojan-activity;sid:83935483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072382)"; flow:established,from_client; content:"GET"; http_method; content:"/build.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.172.114.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072382/; classtype:trojan-activity;sid:83935482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.46.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072381/; classtype:trojan-activity;sid:83935481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.9.95"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072380/; classtype:trojan-activity;sid:83935480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072379)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.28.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072379/; classtype:trojan-activity;sid:83935479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.214.227.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072378/; classtype:trojan-activity;sid:83935478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072377)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.6.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072377/; classtype:trojan-activity;sid:83935477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.223.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072376/; classtype:trojan-activity;sid:83935476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.157.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072375/; classtype:trojan-activity;sid:83935475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.10.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072374/; classtype:trojan-activity;sid:83935474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.157.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072373/; classtype:trojan-activity;sid:83935473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.56.10.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072371/; classtype:trojan-activity;sid:83935471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.118.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072370/; classtype:trojan-activity;sid:83935470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.185.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072369/; classtype:trojan-activity;sid:83935469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.230.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072368/; classtype:trojan-activity;sid:83935468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.125.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072366/; classtype:trojan-activity;sid:83935466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.154.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072365/; classtype:trojan-activity;sid:83935465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072364)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.114.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072364/; classtype:trojan-activity;sid:83935464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.140.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072363/; classtype:trojan-activity;sid:83935463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.207.174.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072362/; classtype:trojan-activity;sid:83935462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.125.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072361/; classtype:trojan-activity;sid:83935461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.142.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072360/; classtype:trojan-activity;sid:83935460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.154.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072359/; classtype:trojan-activity;sid:83935459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.222.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072358/; classtype:trojan-activity;sid:83935458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.224.137.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072357/; classtype:trojan-activity;sid:83935457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.56.13.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072356/; classtype:trojan-activity;sid:83935456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.65.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072355/; classtype:trojan-activity;sid:83935455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.88.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072354/; classtype:trojan-activity;sid:83935454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.9.95"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072353/; classtype:trojan-activity;sid:83935453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.62.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072352/; classtype:trojan-activity;sid:83935452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.64.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072351/; classtype:trojan-activity;sid:83935451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.193.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072350/; classtype:trojan-activity;sid:83935450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.121.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072349/; classtype:trojan-activity;sid:83935449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.49.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072346/; classtype:trojan-activity;sid:83935446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.1.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072347/; classtype:trojan-activity;sid:83935447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072348/; classtype:trojan-activity;sid:83935448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.227.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072344/; classtype:trojan-activity;sid:83935444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072343)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.183.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072343/; classtype:trojan-activity;sid:83935443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.157.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072341/; classtype:trojan-activity;sid:83935441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072342)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072342/; classtype:trojan-activity;sid:83935442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072339)"; flow:established,from_client; content:"GET"; http_method; content:"/cdn-vs/22per.php"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"megasena777.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072339/; classtype:trojan-activity;sid:83935439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072340)"; flow:established,from_client; content:"GET"; http_method; content:"/cdn-vs/22per.php"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"megasena777.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072340/; classtype:trojan-activity;sid:83935440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.169.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072338/; classtype:trojan-activity;sid:83935438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.38.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072337/; classtype:trojan-activity;sid:83935437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.118.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072336/; classtype:trojan-activity;sid:83935436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.19.50.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072335/; classtype:trojan-activity;sid:83935435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.170.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072334/; classtype:trojan-activity;sid:83935434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.125.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072331/; classtype:trojan-activity;sid:83935431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.11.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072329/; classtype:trojan-activity;sid:83935429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.221.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072328/; classtype:trojan-activity;sid:83935428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.19.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072327/; classtype:trojan-activity;sid:83935427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.241.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072326/; classtype:trojan-activity;sid:83935426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072325)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.110.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072325/; classtype:trojan-activity;sid:83935425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.160.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072322/; classtype:trojan-activity;sid:83935422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072321)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.137.193.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072321/; classtype:trojan-activity;sid:83935421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072320)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.205.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072320/; classtype:trojan-activity;sid:83935420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072319)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.241.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072319/; classtype:trojan-activity;sid:83935419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.25.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072317/; classtype:trojan-activity;sid:83935417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.159.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072316/; classtype:trojan-activity;sid:83935416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.159.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072315/; classtype:trojan-activity;sid:83935415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072314)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.0.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072314/; classtype:trojan-activity;sid:83935414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.65.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072313/; classtype:trojan-activity;sid:83935413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.89.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072312/; classtype:trojan-activity;sid:83935412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072311)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.49.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072311/; classtype:trojan-activity;sid:83935411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.121.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072310/; classtype:trojan-activity;sid:83935410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.162.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072308/; classtype:trojan-activity;sid:83935408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.35.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072309/; classtype:trojan-activity;sid:83935409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.128.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072306/; classtype:trojan-activity;sid:83935406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.215.172.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072305/; classtype:trojan-activity;sid:83935405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072304)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.94.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072304/; classtype:trojan-activity;sid:83935404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.26.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072303/; classtype:trojan-activity;sid:83935403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072302)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.37.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072302/; classtype:trojan-activity;sid:83935402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.169.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072301/; classtype:trojan-activity;sid:83935401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072298)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.7.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072298/; classtype:trojan-activity;sid:83935398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072297)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.182.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072297/; classtype:trojan-activity;sid:83935397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.110.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072296/; classtype:trojan-activity;sid:83935396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.19.50.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072295/; classtype:trojan-activity;sid:83935395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.160.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072294/; classtype:trojan-activity;sid:83935394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072293)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.10.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072293/; classtype:trojan-activity;sid:83935393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.194.107.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072292/; classtype:trojan-activity;sid:83935392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.11.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072291/; classtype:trojan-activity;sid:83935391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.235.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072290/; classtype:trojan-activity;sid:83935390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.159.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072289/; classtype:trojan-activity;sid:83935389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.62.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072287/; classtype:trojan-activity;sid:83935387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.48.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072288/; classtype:trojan-activity;sid:83935388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072286)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.159.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072286/; classtype:trojan-activity;sid:83935386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.25.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072285/; classtype:trojan-activity;sid:83935385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.162.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072284/; classtype:trojan-activity;sid:83935384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072283)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.1.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072283/; classtype:trojan-activity;sid:83935383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072282)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.83.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072282/; classtype:trojan-activity;sid:83935382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.236.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072281/; classtype:trojan-activity;sid:83935381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072280/; classtype:trojan-activity;sid:83935380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.68.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072279/; classtype:trojan-activity;sid:83935379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.89.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072278/; classtype:trojan-activity;sid:83935378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.225.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072276/; classtype:trojan-activity;sid:83935376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.228.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072277/; classtype:trojan-activity;sid:83935377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.35.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072275/; classtype:trojan-activity;sid:83935375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072273)"; flow:established,from_client; content:"GET"; http_method; content:"/swagodi.doc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"meridianresourcellc.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072273/; classtype:trojan-activity;sid:83935373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072274)"; flow:established,from_client; content:"GET"; http_method; content:"/swagodi.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"meridianresourcellc.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072274/; classtype:trojan-activity;sid:83935374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072272)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.217.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072272/; classtype:trojan-activity;sid:83935372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072271)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.92.240.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072271/; classtype:trojan-activity;sid:83935371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.218.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072270/; classtype:trojan-activity;sid:83935370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.20.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072269/; classtype:trojan-activity;sid:83935369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.30.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072268/; classtype:trojan-activity;sid:83935368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.151.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072267/; classtype:trojan-activity;sid:83935367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.249.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072266/; classtype:trojan-activity;sid:83935366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.168.88.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072265/; classtype:trojan-activity;sid:83935365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.62.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072264/; classtype:trojan-activity;sid:83935364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.225.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072263/; classtype:trojan-activity;sid:83935363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.81.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072262/; classtype:trojan-activity;sid:83935362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.48.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072260/; classtype:trojan-activity;sid:83935360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.114.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072261/; classtype:trojan-activity;sid:83935361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.68.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072259/; classtype:trojan-activity;sid:83935359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.132.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072258/; classtype:trojan-activity;sid:83935358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.225.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072257/; classtype:trojan-activity;sid:83935357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.169.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072256/; classtype:trojan-activity;sid:83935356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.218.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072255/; classtype:trojan-activity;sid:83935355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.181.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072253/; classtype:trojan-activity;sid:83935353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.73.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072254/; classtype:trojan-activity;sid:83935354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.87.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072252/; classtype:trojan-activity;sid:83935352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.53.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072251/; classtype:trojan-activity;sid:83935351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.63.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072250/; classtype:trojan-activity;sid:83935350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.22.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072248/; classtype:trojan-activity;sid:83935348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.90.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072249/; classtype:trojan-activity;sid:83935349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.207.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072247/; classtype:trojan-activity;sid:83935347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.251.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072246/; classtype:trojan-activity;sid:83935346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.158.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072245/; classtype:trojan-activity;sid:83935345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.30.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072244/; classtype:trojan-activity;sid:83935344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.143.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072243/; classtype:trojan-activity;sid:83935343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.114.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072242/; classtype:trojan-activity;sid:83935342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.169.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072241/; classtype:trojan-activity;sid:83935341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.109.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072240/; classtype:trojan-activity;sid:83935340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.40.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072239/; classtype:trojan-activity;sid:83935339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072238)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.44.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072238/; classtype:trojan-activity;sid:83935338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.87.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072236/; classtype:trojan-activity;sid:83935336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.109.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072237/; classtype:trojan-activity;sid:83935337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.103.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072235/; classtype:trojan-activity;sid:83935335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.219.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072234/; classtype:trojan-activity;sid:83935334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.90.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072233/; classtype:trojan-activity;sid:83935333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.73.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072232/; classtype:trojan-activity;sid:83935332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.143.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072231/; classtype:trojan-activity;sid:83935331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.199.110.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072230/; classtype:trojan-activity;sid:83935330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.212.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072229/; classtype:trojan-activity;sid:83935329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072228/; classtype:trojan-activity;sid:83935328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.25.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072227/; classtype:trojan-activity;sid:83935327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.251.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072226/; classtype:trojan-activity;sid:83935326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.158.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072225/; classtype:trojan-activity;sid:83935325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.125.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072224/; classtype:trojan-activity;sid:83935324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.104.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072223/; classtype:trojan-activity;sid:83935323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072222)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.199.110.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072222/; classtype:trojan-activity;sid:83935322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072221)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.95.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072221/; classtype:trojan-activity;sid:83935321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.108.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072220/; classtype:trojan-activity;sid:83935320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072219)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.26.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072219/; classtype:trojan-activity;sid:83935319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072218)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.108.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072218/; classtype:trojan-activity;sid:83935318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.41.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072217/; classtype:trojan-activity;sid:83935317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.2.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072215/; classtype:trojan-activity;sid:83935315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.238.206.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072216/; classtype:trojan-activity;sid:83935316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.40.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072214/; classtype:trojan-activity;sid:83935314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.109.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072213/; classtype:trojan-activity;sid:83935313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.240.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072212/; classtype:trojan-activity;sid:83935312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.114.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072211/; classtype:trojan-activity;sid:83935311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072209)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.88.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072209/; classtype:trojan-activity;sid:83935309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072210)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.61.6.224"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072210/; classtype:trojan-activity;sid:83935310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072208)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.113.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072208/; classtype:trojan-activity;sid:83935308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.222.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072207/; classtype:trojan-activity;sid:83935307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.135.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072206/; classtype:trojan-activity;sid:83935306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.68.142.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072205/; classtype:trojan-activity;sid:83935305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.22.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072203/; classtype:trojan-activity;sid:83935303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.227.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072204/; classtype:trojan-activity;sid:83935304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.220.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072202/; classtype:trojan-activity;sid:83935302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.90.208"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072201/; classtype:trojan-activity;sid:83935301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.182.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072200/; classtype:trojan-activity;sid:83935300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.208.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072199/; classtype:trojan-activity;sid:83935299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.108.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072198/; classtype:trojan-activity;sid:83935298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.41.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072197/; classtype:trojan-activity;sid:83935297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072196)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.253.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072196/; classtype:trojan-activity;sid:83935296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072195)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.111.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072195/; classtype:trojan-activity;sid:83935295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072193)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.180.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072193/; classtype:trojan-activity;sid:83935293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072194)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.37.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072194/; classtype:trojan-activity;sid:83935294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072192)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.114.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072192/; classtype:trojan-activity;sid:83935292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072191)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.113.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072191/; classtype:trojan-activity;sid:83935291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.118.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072190/; classtype:trojan-activity;sid:83935290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.139.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072188/; classtype:trojan-activity;sid:83935288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.12.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072189/; classtype:trojan-activity;sid:83935289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.212.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072187/; classtype:trojan-activity;sid:83935287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.238.206.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072186/; classtype:trojan-activity;sid:83935286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.109.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072185/; classtype:trojan-activity;sid:83935285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.131.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072184/; classtype:trojan-activity;sid:83935284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.95.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072183/; classtype:trojan-activity;sid:83935283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.35.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072182/; classtype:trojan-activity;sid:83935282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.2.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072181/; classtype:trojan-activity;sid:83935281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072180)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.68.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072180/; classtype:trojan-activity;sid:83935280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072179)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.245.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072179/; classtype:trojan-activity;sid:83935279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072178)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.184.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072178/; classtype:trojan-activity;sid:83935278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072176)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.62.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072176/; classtype:trojan-activity;sid:83935276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072177)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.246.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072177/; classtype:trojan-activity;sid:83935277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072175)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.240.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072175/; classtype:trojan-activity;sid:83935275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.68.142.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072173/; classtype:trojan-activity;sid:83935273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072174)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.27.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072174/; classtype:trojan-activity;sid:83935274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.114.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072172/; classtype:trojan-activity;sid:83935272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.227.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072171/; classtype:trojan-activity;sid:83935271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072170)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.22.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072170/; classtype:trojan-activity;sid:83935270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.22.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072169/; classtype:trojan-activity;sid:83935269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.109.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072168/; classtype:trojan-activity;sid:83935268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.71.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072167/; classtype:trojan-activity;sid:83935267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.38.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072166/; classtype:trojan-activity;sid:83935266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.113.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072165/; classtype:trojan-activity;sid:83935265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.220.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072164/; classtype:trojan-activity;sid:83935264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.118.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072163/; classtype:trojan-activity;sid:83935263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.182.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072162/; classtype:trojan-activity;sid:83935262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.45.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072161/; classtype:trojan-activity;sid:83935261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.83.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072160/; classtype:trojan-activity;sid:83935260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.243.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072159/; classtype:trojan-activity;sid:83935259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072158)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%af%ab%e7%9c%9f1%20(2).apk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"168.76.20.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072158/; classtype:trojan-activity;sid:83935258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072157)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%af%ab%e7%9c%9f1%20(2).apk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"168.76.20.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072157/; classtype:trojan-activity;sid:83935257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072156)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%af%ab%e7%9c%9f1%20(2).apk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"168.76.20.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072156/; classtype:trojan-activity;sid:83935256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072155)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%af%ab%e7%9c%9f1%20(2).apk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"168.76.20.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072155/; classtype:trojan-activity;sid:83935255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072154)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%af%ab%e7%9c%9f1%20(2).apk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"168.76.20.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072154/; classtype:trojan-activity;sid:83935254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072153)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%af%ab%e7%9c%9f1%20(2).apk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"168.76.20.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072153/; classtype:trojan-activity;sid:83935253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072151)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%af%ab%e7%9c%9f1%20(2).apk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"168.76.20.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072151/; classtype:trojan-activity;sid:83935251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072152)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%af%ab%e7%9c%9f1%20(2).apk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"168.76.20.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072152/; classtype:trojan-activity;sid:83935252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072150)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%af%ab%e7%9c%9f1%20(2).apk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"168.76.20.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072150/; classtype:trojan-activity;sid:83935250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072149)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%af%ab%e7%9c%9f1%20(2).apk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"168.76.20.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072149/; classtype:trojan-activity;sid:83935249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072148)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.220.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072148/; classtype:trojan-activity;sid:83935248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.95.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072147/; classtype:trojan-activity;sid:83935247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.139.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072145/; classtype:trojan-activity;sid:83935245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.161.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072146/; classtype:trojan-activity;sid:83935246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.12.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072144/; classtype:trojan-activity;sid:83935244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.245.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072142/; classtype:trojan-activity;sid:83935242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.235.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072143/; classtype:trojan-activity;sid:83935243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.131.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072141/; classtype:trojan-activity;sid:83935241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.79.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072140/; classtype:trojan-activity;sid:83935240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.5.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072139/; classtype:trojan-activity;sid:83935239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.90.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072138/; classtype:trojan-activity;sid:83935238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.71.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072137/; classtype:trojan-activity;sid:83935237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.148.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072135/; classtype:trojan-activity;sid:83935235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072136/; classtype:trojan-activity;sid:83935236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.218.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072134/; classtype:trojan-activity;sid:83935234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.200.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072132/; classtype:trojan-activity;sid:83935232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.89.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072133/; classtype:trojan-activity;sid:83935233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.0.171"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072131/; classtype:trojan-activity;sid:83935231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.45.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072129/; classtype:trojan-activity;sid:83935229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.87.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072130/; classtype:trojan-activity;sid:83935230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.176.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072128/; classtype:trojan-activity;sid:83935228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.215.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072127/; classtype:trojan-activity;sid:83935227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.208.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072126/; classtype:trojan-activity;sid:83935226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.97.92.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072125/; classtype:trojan-activity;sid:83935225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072124)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.196.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072124/; classtype:trojan-activity;sid:83935224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072123)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.180.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072123/; classtype:trojan-activity;sid:83935223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072122)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.237.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072122/; classtype:trojan-activity;sid:83935222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072120)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.9.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072120/; classtype:trojan-activity;sid:83935220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072121)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.118.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072121/; classtype:trojan-activity;sid:83935221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072119)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.135.0"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072119/; classtype:trojan-activity;sid:83935219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.104.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072118/; classtype:trojan-activity;sid:83935218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072115)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.137.249.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072115/; classtype:trojan-activity;sid:83935215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072116)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.6.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072116/; classtype:trojan-activity;sid:83935216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072117)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.246.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072117/; classtype:trojan-activity;sid:83935217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.178.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072114/; classtype:trojan-activity;sid:83935214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.128.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072113/; classtype:trojan-activity;sid:83935213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.176.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072112/; classtype:trojan-activity;sid:83935212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.79.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072111/; classtype:trojan-activity;sid:83935211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.44.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072110/; classtype:trojan-activity;sid:83935210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.5.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072109/; classtype:trojan-activity;sid:83935209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.17.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072108/; classtype:trojan-activity;sid:83935208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.159.232.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072107/; classtype:trojan-activity;sid:83935207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072106)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.90.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072106/; classtype:trojan-activity;sid:83935206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.200.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072105/; classtype:trojan-activity;sid:83935205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.247.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072104/; classtype:trojan-activity;sid:83935204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072103)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.218.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072103/; classtype:trojan-activity;sid:83935203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.248.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072100/; classtype:trojan-activity;sid:83935200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072101)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.93.44.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072101/; classtype:trojan-activity;sid:83935201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072102)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.224.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072102/; classtype:trojan-activity;sid:83935202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.0.171"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072099/; classtype:trojan-activity;sid:83935199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.100.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072098/; classtype:trojan-activity;sid:83935198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.83.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072097/; classtype:trojan-activity;sid:83935197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.176.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072096/; classtype:trojan-activity;sid:83935196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"69.117.18.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072095/; classtype:trojan-activity;sid:83935195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.253.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072093/; classtype:trojan-activity;sid:83935193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.188.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072094/; classtype:trojan-activity;sid:83935194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.208.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072092/; classtype:trojan-activity;sid:83935192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072091)"; flow:established,from_client; content:"GET"; http_method; content:"/777/mtxjm3y.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mkstat595.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072091/; classtype:trojan-activity;sid:83935191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072090)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.185.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072090/; classtype:trojan-activity;sid:83935190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072089)"; flow:established,from_client; content:"GET"; http_method; content:"/pages/ballsclassified.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"51.77.140.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072089/; classtype:trojan-activity;sid:83935189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072088)"; flow:established,from_client; content:"GET"; http_method; content:"/statweb255/index.php"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"serverlogs275.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072088/; classtype:trojan-activity;sid:83935188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072086)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.14.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072086/; classtype:trojan-activity;sid:83935186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072087)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.189.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072087/; classtype:trojan-activity;sid:83935187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.234.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072085/; classtype:trojan-activity;sid:83935185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.119.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072084/; classtype:trojan-activity;sid:83935184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.215.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072083/; classtype:trojan-activity;sid:83935183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.178.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072082/; classtype:trojan-activity;sid:83935182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.44.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072081/; classtype:trojan-activity;sid:83935181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.214.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072079/; classtype:trojan-activity;sid:83935179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.190.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072080/; classtype:trojan-activity;sid:83935180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.235.192.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072078/; classtype:trojan-activity;sid:83935178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.173.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072077/; classtype:trojan-activity;sid:83935177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072076)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072076/; classtype:trojan-activity;sid:83935176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.133.208"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072075/; classtype:trojan-activity;sid:83935175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.83.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072074/; classtype:trojan-activity;sid:83935174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072073)"; flow:established,from_client; content:"GET"; http_method; content:"/orderreview"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"maa.parish.chuathuongxot.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072073/; classtype:trojan-activity;sid:83935173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.185.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072072/; classtype:trojan-activity;sid:83935172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072071)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.70.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072071/; classtype:trojan-activity;sid:83935171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.100.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072070/; classtype:trojan-activity;sid:83935170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.111.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072069/; classtype:trojan-activity;sid:83935169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.39.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072068/; classtype:trojan-activity;sid:83935168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.10.146.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072067/; classtype:trojan-activity;sid:83935167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.1.159"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072066/; classtype:trojan-activity;sid:83935166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.188.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072065/; classtype:trojan-activity;sid:83935165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.137.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072064/; classtype:trojan-activity;sid:83935164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.108.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072063/; classtype:trojan-activity;sid:83935163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.226.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072062/; classtype:trojan-activity;sid:83935162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.175.161.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072061/; classtype:trojan-activity;sid:83935161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.116.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072060/; classtype:trojan-activity;sid:83935160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072059)"; flow:established,from_client; content:"GET"; http_method; content:"/ldx111.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mktrex155.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072059/; classtype:trojan-activity;sid:83935159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072058)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.93.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072058/; classtype:trojan-activity;sid:83935158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.208.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072057/; classtype:trojan-activity;sid:83935157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072056)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.252.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072056/; classtype:trojan-activity;sid:83935156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.164.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072055/; classtype:trojan-activity;sid:83935155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.113.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072054/; classtype:trojan-activity;sid:83935154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.189.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072053/; classtype:trojan-activity;sid:83935153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.190.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072052/; classtype:trojan-activity;sid:83935152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.140.175.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072051/; classtype:trojan-activity;sid:83935151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.161.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072050/; classtype:trojan-activity;sid:83935150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.137.11.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072049/; classtype:trojan-activity;sid:83935149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.186.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072048/; classtype:trojan-activity;sid:83935148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.87.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072047/; classtype:trojan-activity;sid:83935147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072046/; classtype:trojan-activity;sid:83935146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.133.208"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072045/; classtype:trojan-activity;sid:83935145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072044)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.6.88.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072044/; classtype:trojan-activity;sid:83935144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072043)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.153.109.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072043/; classtype:trojan-activity;sid:83935143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.254.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072042/; classtype:trojan-activity;sid:83935142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072041)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.66.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072041/; classtype:trojan-activity;sid:83935141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.92.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072040/; classtype:trojan-activity;sid:83935140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072039)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.75.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072039/; classtype:trojan-activity;sid:83935139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072038)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.68.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072038/; classtype:trojan-activity;sid:83935138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.108.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072037/; classtype:trojan-activity;sid:83935137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.111.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072036/; classtype:trojan-activity;sid:83935136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.39.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072035/; classtype:trojan-activity;sid:83935135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.1.159"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072034/; classtype:trojan-activity;sid:83935134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.137.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072033/; classtype:trojan-activity;sid:83935133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.33.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072032/; classtype:trojan-activity;sid:83935132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.74.23.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072030/; classtype:trojan-activity;sid:83935130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.176.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072031/; classtype:trojan-activity;sid:83935131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.226.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072028/; classtype:trojan-activity;sid:83935128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.171.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072029/; classtype:trojan-activity;sid:83935129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.123.216.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072027/; classtype:trojan-activity;sid:83935127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.116.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072026/; classtype:trojan-activity;sid:83935126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.126.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072025/; classtype:trojan-activity;sid:83935125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.37.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072024/; classtype:trojan-activity;sid:83935124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.160.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072023/; classtype:trojan-activity;sid:83935123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072022)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.143.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072022/; classtype:trojan-activity;sid:83935122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.113.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072021/; classtype:trojan-activity;sid:83935121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.160.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072020/; classtype:trojan-activity;sid:83935120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.224.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072018/; classtype:trojan-activity;sid:83935118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.166.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072019/; classtype:trojan-activity;sid:83935119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.211.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072017/; classtype:trojan-activity;sid:83935117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.108.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072016/; classtype:trojan-activity;sid:83935116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.87.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072014/; classtype:trojan-activity;sid:83935114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.161.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072015/; classtype:trojan-activity;sid:83935115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.6.88.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072013/; classtype:trojan-activity;sid:83935113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.87.111.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072012/; classtype:trojan-activity;sid:83935112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.173.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072011/; classtype:trojan-activity;sid:83935111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072010)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.231.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072010/; classtype:trojan-activity;sid:83935110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.171.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072009/; classtype:trojan-activity;sid:83935109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.33.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072008/; classtype:trojan-activity;sid:83935108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.176.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072007/; classtype:trojan-activity;sid:83935107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.44.12.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072006/; classtype:trojan-activity;sid:83935106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.143.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072005/; classtype:trojan-activity;sid:83935105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.243.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072004/; classtype:trojan-activity;sid:83935104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.56.216.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072003/; classtype:trojan-activity;sid:83935103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.82.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072002/; classtype:trojan-activity;sid:83935102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.160.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072001/; classtype:trojan-activity;sid:83935101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.52.161"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3072000/; classtype:trojan-activity;sid:83935100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071999)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.84.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071999/; classtype:trojan-activity;sid:83935099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071998)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.238.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071998/; classtype:trojan-activity;sid:83935098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071997/; classtype:trojan-activity;sid:83935097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.211.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071996/; classtype:trojan-activity;sid:83935096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.210.22.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071995/; classtype:trojan-activity;sid:83935095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.87.111.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071994/; classtype:trojan-activity;sid:83935094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.155.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071993/; classtype:trojan-activity;sid:83935093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.46.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071992/; classtype:trojan-activity;sid:83935092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.150.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071990/; classtype:trojan-activity;sid:83935090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.231.59.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071991/; classtype:trojan-activity;sid:83935091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.35.252.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071989/; classtype:trojan-activity;sid:83935089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.108.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071988/; classtype:trojan-activity;sid:83935088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.143.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071987/; classtype:trojan-activity;sid:83935087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.214.231.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071986/; classtype:trojan-activity;sid:83935086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.56.216.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071985/; classtype:trojan-activity;sid:83935085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.44.12.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071984/; classtype:trojan-activity;sid:83935084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.192.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071983/; classtype:trojan-activity;sid:83935083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071982)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.131.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071982/; classtype:trojan-activity;sid:83935082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071981)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.178.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071981/; classtype:trojan-activity;sid:83935081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.134.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071980/; classtype:trojan-activity;sid:83935080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.208.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071979/; classtype:trojan-activity;sid:83935079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071978)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.71.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071978/; classtype:trojan-activity;sid:83935078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.11.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071977/; classtype:trojan-activity;sid:83935077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.88.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071976/; classtype:trojan-activity;sid:83935076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.126.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071975/; classtype:trojan-activity;sid:83935075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.137.219.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071974/; classtype:trojan-activity;sid:83935074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.111.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071973/; classtype:trojan-activity;sid:83935073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.231.59.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071972/; classtype:trojan-activity;sid:83935072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.195.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071971/; classtype:trojan-activity;sid:83935071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.108.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071970/; classtype:trojan-activity;sid:83935070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.194.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071969/; classtype:trojan-activity;sid:83935069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.211.101.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071968/; classtype:trojan-activity;sid:83935068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.188.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071967/; classtype:trojan-activity;sid:83935067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071966)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.27.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071966/; classtype:trojan-activity;sid:83935066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.177.28.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071965/; classtype:trojan-activity;sid:83935065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.24.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071964/; classtype:trojan-activity;sid:83935064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071963)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.195.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071963/; classtype:trojan-activity;sid:83935063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.192.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071961/; classtype:trojan-activity;sid:83935061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071962)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.88.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071962/; classtype:trojan-activity;sid:83935062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071960)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.253.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071960/; classtype:trojan-activity;sid:83935060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071959)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.120.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071959/; classtype:trojan-activity;sid:83935059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071958)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.126.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071958/; classtype:trojan-activity;sid:83935058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.66.68.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071956/; classtype:trojan-activity;sid:83935056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071957)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.2.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071957/; classtype:trojan-activity;sid:83935057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071955)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.147.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071955/; classtype:trojan-activity;sid:83935055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071954)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.192.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071954/; classtype:trojan-activity;sid:83935054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.88.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071953/; classtype:trojan-activity;sid:83935053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071951)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.229.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071951/; classtype:trojan-activity;sid:83935051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071952)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.82.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071952/; classtype:trojan-activity;sid:83935052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071950)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.245.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071950/; classtype:trojan-activity;sid:83935050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071949)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.85.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071949/; classtype:trojan-activity;sid:83935049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.145.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071946/; classtype:trojan-activity;sid:83935046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071947)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.234.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071947/; classtype:trojan-activity;sid:83935047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071948)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.96.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071948/; classtype:trojan-activity;sid:83935048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.159.232.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071945/; classtype:trojan-activity;sid:83935045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.18.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071943/; classtype:trojan-activity;sid:83935043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.199.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071944/; classtype:trojan-activity;sid:83935044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071942)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.137.219.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071942/; classtype:trojan-activity;sid:83935042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.111.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071941/; classtype:trojan-activity;sid:83935041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071940)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build2.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071940/; classtype:trojan-activity;sid:83935040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071939)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pharmaciesdetection.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071939/; classtype:trojan-activity;sid:83935039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071938)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.101.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071938/; classtype:trojan-activity;sid:83935038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.234.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071937/; classtype:trojan-activity;sid:83935037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071935)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.227.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071935/; classtype:trojan-activity;sid:83935035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071936)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.87.61.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071936/; classtype:trojan-activity;sid:83935036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.237.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071934/; classtype:trojan-activity;sid:83935034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.177.28.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071933/; classtype:trojan-activity;sid:83935033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.175.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071932/; classtype:trojan-activity;sid:83935032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.7.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071931/; classtype:trojan-activity;sid:83935031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.71.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071930/; classtype:trojan-activity;sid:83935030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.35.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071929/; classtype:trojan-activity;sid:83935029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.204.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071928/; classtype:trojan-activity;sid:83935028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.157.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071927/; classtype:trojan-activity;sid:83935027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071926)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.225.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071926/; classtype:trojan-activity;sid:83935026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.38.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071925/; classtype:trojan-activity;sid:83935025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071924)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.173.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071924/; classtype:trojan-activity;sid:83935024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.204.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071923/; classtype:trojan-activity;sid:83935023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071922)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.35.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071922/; classtype:trojan-activity;sid:83935022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.18.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071921/; classtype:trojan-activity;sid:83935021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.145.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071919/; classtype:trojan-activity;sid:83935019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.199.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071920/; classtype:trojan-activity;sid:83935020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.230.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071918/; classtype:trojan-activity;sid:83935018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.166.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071917/; classtype:trojan-activity;sid:83935017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.71.32.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071916/; classtype:trojan-activity;sid:83935016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071915)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.148.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071915/; classtype:trojan-activity;sid:83935015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071914)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.172.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071914/; classtype:trojan-activity;sid:83935014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.116.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071911/; classtype:trojan-activity;sid:83935011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071912)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.167.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071912/; classtype:trojan-activity;sid:83935012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071913)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.167.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071913/; classtype:trojan-activity;sid:83935013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.235.192.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071910/; classtype:trojan-activity;sid:83935010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.71.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071909/; classtype:trojan-activity;sid:83935009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.35.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071908/; classtype:trojan-activity;sid:83935008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.167.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071907/; classtype:trojan-activity;sid:83935007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.239.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071906/; classtype:trojan-activity;sid:83935006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.81.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071904/; classtype:trojan-activity;sid:83935004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.38.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071905/; classtype:trojan-activity;sid:83935005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.98.242.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071903/; classtype:trojan-activity;sid:83935003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071902)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.165.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071902/; classtype:trojan-activity;sid:83935002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071901)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.173.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071901/; classtype:trojan-activity;sid:83935001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071899)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071899/; classtype:trojan-activity;sid:83934999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071900)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.160.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071900/; classtype:trojan-activity;sid:83935000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.163.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071898/; classtype:trojan-activity;sid:83934998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.214.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071897/; classtype:trojan-activity;sid:83934997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.154.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071896/; classtype:trojan-activity;sid:83934996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.54.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071895/; classtype:trojan-activity;sid:83934995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.207.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071894/; classtype:trojan-activity;sid:83934994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071893/; classtype:trojan-activity;sid:83934993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.39.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071892/; classtype:trojan-activity;sid:83934992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.7.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071891/; classtype:trojan-activity;sid:83934991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.167.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071890/; classtype:trojan-activity;sid:83934990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.225.206.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071889/; classtype:trojan-activity;sid:83934989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.145.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071888/; classtype:trojan-activity;sid:83934988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.197.133.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071887/; classtype:trojan-activity;sid:83934987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.192.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071886/; classtype:trojan-activity;sid:83934986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.15.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071885/; classtype:trojan-activity;sid:83934985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.78.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071884/; classtype:trojan-activity;sid:83934984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.243.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071883/; classtype:trojan-activity;sid:83934983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.62.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071882/; classtype:trojan-activity;sid:83934982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.43.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071881/; classtype:trojan-activity;sid:83934981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.49.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071880/; classtype:trojan-activity;sid:83934980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071879)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.161.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071879/; classtype:trojan-activity;sid:83934979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071878)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.208.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071878/; classtype:trojan-activity;sid:83934978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.55.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071877/; classtype:trojan-activity;sid:83934977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.163.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071876/; classtype:trojan-activity;sid:83934976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.154.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071875/; classtype:trojan-activity;sid:83934975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.15.12"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071874/; classtype:trojan-activity;sid:83934974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.214.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071873/; classtype:trojan-activity;sid:83934973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.244.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071872/; classtype:trojan-activity;sid:83934972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.89.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071871/; classtype:trojan-activity;sid:83934971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.46.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071870/; classtype:trojan-activity;sid:83934970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.7.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071869/; classtype:trojan-activity;sid:83934969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.39.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071868/; classtype:trojan-activity;sid:83934968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.204.237.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071867/; classtype:trojan-activity;sid:83934967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.219.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071866/; classtype:trojan-activity;sid:83934966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.225.206.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071865/; classtype:trojan-activity;sid:83934965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.248.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071864/; classtype:trojan-activity;sid:83934964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.211.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071863/; classtype:trojan-activity;sid:83934963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071862)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.87.49.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071862/; classtype:trojan-activity;sid:83934962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.192.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071861/; classtype:trojan-activity;sid:83934961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.81.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071860/; classtype:trojan-activity;sid:83934960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.15.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071859/; classtype:trojan-activity;sid:83934959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.78.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071858/; classtype:trojan-activity;sid:83934958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.127.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071857/; classtype:trojan-activity;sid:83934957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.81.74.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071856/; classtype:trojan-activity;sid:83934956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.211.70.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071855/; classtype:trojan-activity;sid:83934955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071853)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.15.12"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071853/; classtype:trojan-activity;sid:83934953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.41.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071854/; classtype:trojan-activity;sid:83934954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.89.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071852/; classtype:trojan-activity;sid:83934952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.184.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071851/; classtype:trojan-activity;sid:83934951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.46.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071850/; classtype:trojan-activity;sid:83934950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.111.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071849/; classtype:trojan-activity;sid:83934949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.119.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071848/; classtype:trojan-activity;sid:83934948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.20.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071847/; classtype:trojan-activity;sid:83934947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.175.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071846/; classtype:trojan-activity;sid:83934946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"134.236.22.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071845/; classtype:trojan-activity;sid:83934945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071844)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/influencednervous.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071844/; classtype:trojan-activity;sid:83934944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071843)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/buildred.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071843/; classtype:trojan-activity;sid:83934943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.74.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071842/; classtype:trojan-activity;sid:83934942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071840)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.127.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071840/; classtype:trojan-activity;sid:83934940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.196.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071841/; classtype:trojan-activity;sid:83934941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.233.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071839/; classtype:trojan-activity;sid:83934939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071838)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.221.74.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071838/; classtype:trojan-activity;sid:83934938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.60.233.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071837/; classtype:trojan-activity;sid:83934937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.81.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071836/; classtype:trojan-activity;sid:83934936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.226.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071835/; classtype:trojan-activity;sid:83934935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071833)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.251.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071833/; classtype:trojan-activity;sid:83934933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071834)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.80.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071834/; classtype:trojan-activity;sid:83934934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.184.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071832/; classtype:trojan-activity;sid:83934932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.139.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071831/; classtype:trojan-activity;sid:83934931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071830)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.144.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071830/; classtype:trojan-activity;sid:83934930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071829)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.168.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071829/; classtype:trojan-activity;sid:83934929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.74.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071828/; classtype:trojan-activity;sid:83934928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071827)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.69.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071827/; classtype:trojan-activity;sid:83934927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.70.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071826/; classtype:trojan-activity;sid:83934926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.111.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071825/; classtype:trojan-activity;sid:83934925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.105.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071824/; classtype:trojan-activity;sid:83934924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071823)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"134.236.22.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071823/; classtype:trojan-activity;sid:83934923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.186.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071822/; classtype:trojan-activity;sid:83934922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.158.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071821/; classtype:trojan-activity;sid:83934921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.20.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071820/; classtype:trojan-activity;sid:83934920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071819)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.137.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071819/; classtype:trojan-activity;sid:83934919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071818)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.109.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071818/; classtype:trojan-activity;sid:83934918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071817)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.88.145"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071817/; classtype:trojan-activity;sid:83934917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071815)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.78.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071815/; classtype:trojan-activity;sid:83934915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071816)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.219.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071816/; classtype:trojan-activity;sid:83934916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071814)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071814/; classtype:trojan-activity;sid:83934914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.247.106.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071813/; classtype:trojan-activity;sid:83934913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071806)"; flow:established,from_client; content:"GET"; http_method; content:"/xd_/cyber-sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.156.71.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071806/; classtype:trojan-activity;sid:83934906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071807)"; flow:established,from_client; content:"GET"; http_method; content:"/xd_/cyber-arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.71.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071807/; classtype:trojan-activity;sid:83934907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071808)"; flow:established,from_client; content:"GET"; http_method; content:"/xd_/cyber-arm4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.71.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071808/; classtype:trojan-activity;sid:83934908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071809)"; flow:established,from_client; content:"GET"; http_method; content:"/xd_/cyber-arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.71.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071809/; classtype:trojan-activity;sid:83934909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071810)"; flow:established,from_client; content:"GET"; http_method; content:"/xd_/cyber-arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.71.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071810/; classtype:trojan-activity;sid:83934910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071811)"; flow:established,from_client; content:"GET"; http_method; content:"/xd_/cyber-mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.71.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071811/; classtype:trojan-activity;sid:83934911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071812)"; flow:established,from_client; content:"GET"; http_method; content:"/xd_/cyber-x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.156.71.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071812/; classtype:trojan-activity;sid:83934912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071801)"; flow:established,from_client; content:"GET"; http_method; content:"/xd_/cyber-mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.71.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071801/; classtype:trojan-activity;sid:83934901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071802)"; flow:established,from_client; content:"GET"; http_method; content:"/xd_/cyber-ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.156.71.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071802/; classtype:trojan-activity;sid:83934902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071803)"; flow:established,from_client; content:"GET"; http_method; content:"/cyber.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.71.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071803/; classtype:trojan-activity;sid:83934903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071804)"; flow:established,from_client; content:"GET"; http_method; content:"/xd_/cyber-m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.71.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071804/; classtype:trojan-activity;sid:83934904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071805)"; flow:established,from_client; content:"GET"; http_method; content:"/android.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.71.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071805/; classtype:trojan-activity;sid:83934905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.189.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071800/; classtype:trojan-activity;sid:83934900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.236.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071799/; classtype:trojan-activity;sid:83934899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.174.238.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071798/; classtype:trojan-activity;sid:83934898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"73.171.230.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071797/; classtype:trojan-activity;sid:83934897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.233.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071796/; classtype:trojan-activity;sid:83934896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.139.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071795/; classtype:trojan-activity;sid:83934895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071793)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.218.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071793/; classtype:trojan-activity;sid:83934893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.160.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071794/; classtype:trojan-activity;sid:83934894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071792)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.51.216.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071792/; classtype:trojan-activity;sid:83934892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071791)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.2.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071791/; classtype:trojan-activity;sid:83934891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071790)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.169.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071790/; classtype:trojan-activity;sid:83934890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071789)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.94.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071789/; classtype:trojan-activity;sid:83934889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071788)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.218.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071788/; classtype:trojan-activity;sid:83934888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071787)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.7.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071787/; classtype:trojan-activity;sid:83934887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071786)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.102.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071786/; classtype:trojan-activity;sid:83934886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071785)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.152.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071785/; classtype:trojan-activity;sid:83934885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071783)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.200.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071783/; classtype:trojan-activity;sid:83934883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071784)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.133.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071784/; classtype:trojan-activity;sid:83934884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071781)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.220.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071781/; classtype:trojan-activity;sid:83934881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071782)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.159.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071782/; classtype:trojan-activity;sid:83934882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071778)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.148.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071778/; classtype:trojan-activity;sid:83934878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071779)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.190.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071779/; classtype:trojan-activity;sid:83934879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071780)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.54.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071780/; classtype:trojan-activity;sid:83934880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.186.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071777/; classtype:trojan-activity;sid:83934877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.125.117.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071775/; classtype:trojan-activity;sid:83934875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.157.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071776/; classtype:trojan-activity;sid:83934876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.132.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071774/; classtype:trojan-activity;sid:83934874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.148.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071773/; classtype:trojan-activity;sid:83934873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.91.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071772/; classtype:trojan-activity;sid:83934872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071771)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.126.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071771/; classtype:trojan-activity;sid:83934871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071769)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.89.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071769/; classtype:trojan-activity;sid:83934869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071770)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.220.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071770/; classtype:trojan-activity;sid:83934870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071768)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.74.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071768/; classtype:trojan-activity;sid:83934868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071766)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.222.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071766/; classtype:trojan-activity;sid:83934866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071767)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.209.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071767/; classtype:trojan-activity;sid:83934867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.153.208.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071763/; classtype:trojan-activity;sid:83934863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.233.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071764/; classtype:trojan-activity;sid:83934864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071765)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.22.177.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071765/; classtype:trojan-activity;sid:83934865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.1.86"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071762/; classtype:trojan-activity;sid:83934862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.236.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071761/; classtype:trojan-activity;sid:83934861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.250.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071760/; classtype:trojan-activity;sid:83934860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.189.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071759/; classtype:trojan-activity;sid:83934859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.174.238.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071757/; classtype:trojan-activity;sid:83934857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.196.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071758/; classtype:trojan-activity;sid:83934858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.57.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071756/; classtype:trojan-activity;sid:83934856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.254.204.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071755/; classtype:trojan-activity;sid:83934855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071754)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.93.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071754/; classtype:trojan-activity;sid:83934854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071753)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.174.238.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071753/; classtype:trojan-activity;sid:83934853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071752)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.229.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071752/; classtype:trojan-activity;sid:83934852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.14.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071751/; classtype:trojan-activity;sid:83934851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.254.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071750/; classtype:trojan-activity;sid:83934850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071749)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.154.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071749/; classtype:trojan-activity;sid:83934849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071748)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.73.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071748/; classtype:trojan-activity;sid:83934848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.193.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071747/; classtype:trojan-activity;sid:83934847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.213.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071746/; classtype:trojan-activity;sid:83934846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.91.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071745/; classtype:trojan-activity;sid:83934845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071744)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.157.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071744/; classtype:trojan-activity;sid:83934844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.109.49.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071743/; classtype:trojan-activity;sid:83934843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.119.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071742/; classtype:trojan-activity;sid:83934842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.132.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071741/; classtype:trojan-activity;sid:83934841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.165.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071740/; classtype:trojan-activity;sid:83934840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.148.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071739/; classtype:trojan-activity;sid:83934839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.250.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071738/; classtype:trojan-activity;sid:83934838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.42.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071737/; classtype:trojan-activity;sid:83934837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.1.86"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071736/; classtype:trojan-activity;sid:83934836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071735)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.88.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071735/; classtype:trojan-activity;sid:83934835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071734)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.114.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071734/; classtype:trojan-activity;sid:83934834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.159.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071733/; classtype:trojan-activity;sid:83934833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.80.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071732/; classtype:trojan-activity;sid:83934832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.232.231.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071731/; classtype:trojan-activity;sid:83934831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.247.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071730/; classtype:trojan-activity;sid:83934830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.2.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071728/; classtype:trojan-activity;sid:83934828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.254.204.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071729/; classtype:trojan-activity;sid:83934829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071727)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.42.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071727/; classtype:trojan-activity;sid:83934827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.109.49.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071726/; classtype:trojan-activity;sid:83934826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071725/; classtype:trojan-activity;sid:83934825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.35.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071724/; classtype:trojan-activity;sid:83934824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.119.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071723/; classtype:trojan-activity;sid:83934823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.47.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071722/; classtype:trojan-activity;sid:83934822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.246.41.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071721/; classtype:trojan-activity;sid:83934821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071718)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.101.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071718/; classtype:trojan-activity;sid:83934818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071719)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.146.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071719/; classtype:trojan-activity;sid:83934819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071720)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.12.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071720/; classtype:trojan-activity;sid:83934820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.232.231.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071717/; classtype:trojan-activity;sid:83934817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.161.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071716/; classtype:trojan-activity;sid:83934816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071714)"; flow:established,from_client; content:"GET"; http_method; content:"/59/lmts.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"104.168.45.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071714/; classtype:trojan-activity;sid:83934814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071715)"; flow:established,from_client; content:"GET"; http_method; content:"/59/lmts.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"104.168.45.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071715/; classtype:trojan-activity;sid:83934815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071713)"; flow:established,from_client; content:"GET"; http_method; content:"/50/hnbc.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"192.3.176.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071713/; classtype:trojan-activity;sid:83934813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071712)"; flow:established,from_client; content:"GET"; http_method; content:"/50/hnbc.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"192.3.176.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071712/; classtype:trojan-activity;sid:83934812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"73.171.230.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071711/; classtype:trojan-activity;sid:83934811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.73.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071710/; classtype:trojan-activity;sid:83934810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.247.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071709/; classtype:trojan-activity;sid:83934809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071708)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/glo/kbv.txt"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"192.3.176.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071708/; classtype:trojan-activity;sid:83934808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071707)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/glo/kbv.txt"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"192.3.176.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071707/; classtype:trojan-activity;sid:83934807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.193.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071706/; classtype:trojan-activity;sid:83934806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.164.179.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071705/; classtype:trojan-activity;sid:83934805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.40.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071704/; classtype:trojan-activity;sid:83934804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071703)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.1.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071703/; classtype:trojan-activity;sid:83934803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071702)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.254.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071702/; classtype:trojan-activity;sid:83934802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.41.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071701/; classtype:trojan-activity;sid:83934801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.216.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071700/; classtype:trojan-activity;sid:83934800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071698)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.25.255"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071698/; classtype:trojan-activity;sid:83934798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.15.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071699/; classtype:trojan-activity;sid:83934799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071696)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.100.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071696/; classtype:trojan-activity;sid:83934796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071697)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.197.133.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071697/; classtype:trojan-activity;sid:83934797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071695)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071695/; classtype:trojan-activity;sid:83934795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071694)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.34.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071694/; classtype:trojan-activity;sid:83934794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.117.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071693/; classtype:trojan-activity;sid:83934793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.26.141"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071692/; classtype:trojan-activity;sid:83934792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.213.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071691/; classtype:trojan-activity;sid:83934791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.73.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071690/; classtype:trojan-activity;sid:83934790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.176.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071689/; classtype:trojan-activity;sid:83934789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.45.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071687/; classtype:trojan-activity;sid:83934787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.89.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071688/; classtype:trojan-activity;sid:83934788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.186.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071686/; classtype:trojan-activity;sid:83934786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.161.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071685/; classtype:trojan-activity;sid:83934785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071684)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071684/; classtype:trojan-activity;sid:83934784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.176.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071683/; classtype:trojan-activity;sid:83934783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071682)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.24.32.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071682/; classtype:trojan-activity;sid:83934782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.175.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071681/; classtype:trojan-activity;sid:83934781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071670)"; flow:established,from_client; content:"GET"; http_method; content:"/peinstall.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071670/; classtype:trojan-activity;sid:83934770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071671)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071671/; classtype:trojan-activity;sid:83934771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071672)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071672/; classtype:trojan-activity;sid:83934772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071673)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071673/; classtype:trojan-activity;sid:83934773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071674)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071674/; classtype:trojan-activity;sid:83934774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071675)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071675/; classtype:trojan-activity;sid:83934775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071676)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071676/; classtype:trojan-activity;sid:83934776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071677)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071677/; classtype:trojan-activity;sid:83934777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071678)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071678/; classtype:trojan-activity;sid:83934778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071679)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071679/; classtype:trojan-activity;sid:83934779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071680)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071680/; classtype:trojan-activity;sid:83934780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071667)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071667/; classtype:trojan-activity;sid:83934767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071668)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071668/; classtype:trojan-activity;sid:83934768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071669)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071669/; classtype:trojan-activity;sid:83934769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071641)"; flow:established,from_client; content:"GET"; http_method; content:"/753.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071641/; classtype:trojan-activity;sid:83934741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071642)"; flow:established,from_client; content:"GET"; http_method; content:"/3"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071642/; classtype:trojan-activity;sid:83934742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071643)"; flow:established,from_client; content:"GET"; http_method; content:"/vnc.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071643/; classtype:trojan-activity;sid:83934743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071644)"; flow:established,from_client; content:"GET"; http_method; content:"/etcminer.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071644/; classtype:trojan-activity;sid:83934744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071645)"; flow:established,from_client; content:"GET"; http_method; content:"/2"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071645/; classtype:trojan-activity;sid:83934745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071646)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071646/; classtype:trojan-activity;sid:83934746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071647)"; flow:established,from_client; content:"GET"; http_method; content:"/5"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071647/; classtype:trojan-activity;sid:83934747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071648)"; flow:established,from_client; content:"GET"; http_method; content:"/miner.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071648/; classtype:trojan-activity;sid:83934748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071649)"; flow:established,from_client; content:"GET"; http_method; content:"/mup.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071649/; classtype:trojan-activity;sid:83934749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071650)"; flow:established,from_client; content:"GET"; http_method; content:"/phorm.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071650/; classtype:trojan-activity;sid:83934750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071651)"; flow:established,from_client; content:"GET"; http_method; content:"/6"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071651/; classtype:trojan-activity;sid:83934751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071652)"; flow:established,from_client; content:"GET"; http_method; content:"/phorrem.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071652/; classtype:trojan-activity;sid:83934752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071653)"; flow:established,from_client; content:"GET"; http_method; content:"/ec.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071653/; classtype:trojan-activity;sid:83934753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071654)"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071654/; classtype:trojan-activity;sid:83934754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071655)"; flow:established,from_client; content:"GET"; http_method; content:"/loadetc.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071655/; classtype:trojan-activity;sid:83934755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071656)"; flow:established,from_client; content:"GET"; http_method; content:"/secdis.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071656/; classtype:trojan-activity;sid:83934756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071657)"; flow:established,from_client; content:"GET"; http_method; content:"/m/p.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071657/; classtype:trojan-activity;sid:83934757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071658)"; flow:established,from_client; content:"GET"; http_method; content:"/inf"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071658/; classtype:trojan-activity;sid:83934758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071659)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071659/; classtype:trojan-activity;sid:83934759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071660)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071660/; classtype:trojan-activity;sid:83934760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071661)"; flow:established,from_client; content:"GET"; http_method; content:"/getxmr.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071661/; classtype:trojan-activity;sid:83934761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071662)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrminer.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071662/; classtype:trojan-activity;sid:83934762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071663)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/upd/"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071663/; classtype:trojan-activity;sid:83934763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071664)"; flow:established,from_client; content:"GET"; http_method; content:"/sd.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071664/; classtype:trojan-activity;sid:83934764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071665)"; flow:established,from_client; content:"GET"; http_method; content:"/4"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071665/; classtype:trojan-activity;sid:83934765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071666)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/xmr.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071666/; classtype:trojan-activity;sid:83934766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.85.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071639/; classtype:trojan-activity;sid:83934739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.236.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071640/; classtype:trojan-activity;sid:83934740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.1.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071638/; classtype:trojan-activity;sid:83934738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.96.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071636/; classtype:trojan-activity;sid:83934736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.120.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071637/; classtype:trojan-activity;sid:83934737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.193.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071635/; classtype:trojan-activity;sid:83934735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.62.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071634/; classtype:trojan-activity;sid:83934734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.15.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071633/; classtype:trojan-activity;sid:83934733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071632)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.224.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071632/; classtype:trojan-activity;sid:83934732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.30.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071630/; classtype:trojan-activity;sid:83934730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071631)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.214.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071631/; classtype:trojan-activity;sid:83934731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.186.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071629/; classtype:trojan-activity;sid:83934729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.179.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071628/; classtype:trojan-activity;sid:83934728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071627)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.220.166.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071627/; classtype:trojan-activity;sid:83934727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.117.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071626/; classtype:trojan-activity;sid:83934726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.30.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071625/; classtype:trojan-activity;sid:83934725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.93.44.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071624/; classtype:trojan-activity;sid:83934724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.49.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071623/; classtype:trojan-activity;sid:83934723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071622)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.45.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071622/; classtype:trojan-activity;sid:83934722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.176.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071620/; classtype:trojan-activity;sid:83934720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.89.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071621/; classtype:trojan-activity;sid:83934721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071619)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/glo/gl/funtogetbacktomeforgetbacktogetbackkissthingtheentirethingstogetbacktomewithentirethingstogetback_____imangreadytoseegirlfrnd.doc"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"192.3.176.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071619/; classtype:trojan-activity;sid:83934719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071618)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/glo/createactiveimagesbeautygirlfrnd.gif"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"192.3.176.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071618/; classtype:trojan-activity;sid:83934718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.85.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071617/; classtype:trojan-activity;sid:83934717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071615)"; flow:established,from_client; content:"GET"; http_method; content:"/50/screensimplethingstohandlecream.gif"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"192.3.176.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071615/; classtype:trojan-activity;sid:83934715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071616)"; flow:established,from_client; content:"GET"; http_method; content:"/50/bnc/iamtotalnewpersontogetmebackwithentirenewthingstounderstandhowmuchkissineedtodosoican_________sheisbeautifulgirleverthings.doc"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"192.3.176.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071616/; classtype:trojan-activity;sid:83934716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071613)"; flow:established,from_client; content:"GET"; http_method; content:"/59/createdthingstobefrankwithmeeverywhere.gif"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"104.168.45.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071613/; classtype:trojan-activity;sid:83934713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071614)"; flow:established,from_client; content:"GET"; http_method; content:"/59/bn/createdgoodthingstogetmebacktheentirethingsinolineswitchtogilfrnfboobstounderstandhowfeelurareinthesituation_____________creanthesituationgirlfrnd.doc"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"104.168.45.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071614/; classtype:trojan-activity;sid:83934714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.17.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071612/; classtype:trojan-activity;sid:83934712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.29.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071611/; classtype:trojan-activity;sid:83934711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.105.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071610/; classtype:trojan-activity;sid:83934710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071608)"; flow:established,from_client; content:"GET"; http_method; content:"/60/gbh/creamthingstohappenedgetmebackwithentirethingstogetbackeverythingtounderstandhowmuchpowerfulthingsitis__________wearegreatwithentirethingstobeback.doc"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"192.3.176.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071608/; classtype:trojan-activity;sid:83934708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.194.254.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071609/; classtype:trojan-activity;sid:83934709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071607)"; flow:established,from_client; content:"GET"; http_method; content:"/60/creatednewwaterbottleforme.gif"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"192.3.176.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071607/; classtype:trojan-activity;sid:83934707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071606)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.118.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071606/; classtype:trojan-activity;sid:83934706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.214.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071605/; classtype:trojan-activity;sid:83934705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071604)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.1.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071604/; classtype:trojan-activity;sid:83934704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071603)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.157.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071603/; classtype:trojan-activity;sid:83934703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071602)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.128.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071602/; classtype:trojan-activity;sid:83934702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.85.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071601/; classtype:trojan-activity;sid:83934701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.228.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071600/; classtype:trojan-activity;sid:83934700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.116.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071599/; classtype:trojan-activity;sid:83934699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.62.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071598/; classtype:trojan-activity;sid:83934698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071586)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"a012a656-f566-48a1-afad-3dcc46018380.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071586/; classtype:trojan-activity;sid:83934686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071587)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071587/; classtype:trojan-activity;sid:83934687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071588)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071588/; classtype:trojan-activity;sid:83934688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071589)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"3746c740-22d8-4bc2-9f60-c6c8db13ee88.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071589/; classtype:trojan-activity;sid:83934689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071590)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"de91e0c0-23c2-457f-9d5d-21e0ce13ac57.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071590/; classtype:trojan-activity;sid:83934690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071591)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"de91e0c0-23c2-457f-9d5d-21e0ce13ac57.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071591/; classtype:trojan-activity;sid:83934691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071592)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cpanel.tsrv1.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071592/; classtype:trojan-activity;sid:83934692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071593)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"community.tsrv1.ws"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071593/; classtype:trojan-activity;sid:83934693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071594)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"450d4a71-458d-4d35-bd01-b075cdb0d900.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071594/; classtype:trojan-activity;sid:83934694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071595)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"dfmtjmptskr.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071595/; classtype:trojan-activity;sid:83934695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071596)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071596/; classtype:trojan-activity;sid:83934696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071597)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071597/; classtype:trojan-activity;sid:83934697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071574)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071574/; classtype:trojan-activity;sid:83934674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071575)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"53e2e72e-92ec-45bd-b5bf-5230e35c1564.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071575/; classtype:trojan-activity;sid:83934675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071576)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ujkujiiempp.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071576/; classtype:trojan-activity;sid:83934676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071577)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"225c2cd6-cbd3-4ac2-8464-cc7686273c9c.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071577/; classtype:trojan-activity;sid:83934677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071578)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"smtp.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071578/; classtype:trojan-activity;sid:83934678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071579)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"cmp5itpp9h30577inogg.tsrv1.ws"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071579/; classtype:trojan-activity;sid:83934679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071580)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"450d4a71-458d-4d35-bd01-b075cdb0d900.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071580/; classtype:trojan-activity;sid:83934680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071581)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"de91e0c0-23c2-457f-9d5d-21e0ce13ac57.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071581/; classtype:trojan-activity;sid:83934681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071582)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071582/; classtype:trojan-activity;sid:83934682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071583)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"yzcplsibdtq.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071583/; classtype:trojan-activity;sid:83934683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071584)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"stltpweavzg.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071584/; classtype:trojan-activity;sid:83934684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071585)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"d166ab3b-91ab-410f-a50d-c702fa55858d.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071585/; classtype:trojan-activity;sid:83934685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071565)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071565/; classtype:trojan-activity;sid:83934665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071566)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"support.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071566/; classtype:trojan-activity;sid:83934666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071567)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cpanel.tsrv1.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071567/; classtype:trojan-activity;sid:83934667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071568)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5913942c-0d07-4809-a743-1db0a1076c8f.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071568/; classtype:trojan-activity;sid:83934668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071569)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"mail.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071569/; classtype:trojan-activity;sid:83934669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071570)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"b6bc745a-7b5c-4d56-ab6c-0dd2982cb122.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071570/; classtype:trojan-activity;sid:83934670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071571)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"smtp.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071571/; classtype:trojan-activity;sid:83934671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071572)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"nstools.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071572/; classtype:trojan-activity;sid:83934672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071573)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ujkujiiempp.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071573/; classtype:trojan-activity;sid:83934673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071560)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"225c2cd6-cbd3-4ac2-8464-cc7686273c9c.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071560/; classtype:trojan-activity;sid:83934660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071561)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cmp5itpp9h30577inogg.tsrv1.ws"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071561/; classtype:trojan-activity;sid:83934661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071562)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"53e2e72e-92ec-45bd-b5bf-5230e35c1564.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071562/; classtype:trojan-activity;sid:83934662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071563)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"450d4a71-458d-4d35-bd01-b075cdb0d900.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071563/; classtype:trojan-activity;sid:83934663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071564)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"1855e8b9-5b39-418e-b53e-3259c2f0c3fc.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071564/; classtype:trojan-activity;sid:83934664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071551)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071551/; classtype:trojan-activity;sid:83934651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071552)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"smtp.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071552/; classtype:trojan-activity;sid:83934652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071553)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071553/; classtype:trojan-activity;sid:83934653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071554)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071554/; classtype:trojan-activity;sid:83934654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071555)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1855e8b9-5b39-418e-b53e-3259c2f0c3fc.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071555/; classtype:trojan-activity;sid:83934655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071556)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"d166ab3b-91ab-410f-a50d-c702fa55858d.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071556/; classtype:trojan-activity;sid:83934656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071557)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"cpanel.tsrv1.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071557/; classtype:trojan-activity;sid:83934657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071558)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"docs.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071558/; classtype:trojan-activity;sid:83934658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071559)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"450d4a71-458d-4d35-bd01-b075cdb0d900.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071559/; classtype:trojan-activity;sid:83934659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071546)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071546/; classtype:trojan-activity;sid:83934646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071547)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"226b8f14-a155-4dbb-88f2-b146941c2fc9.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071547/; classtype:trojan-activity;sid:83934647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071548)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"53e2e72e-92ec-45bd-b5bf-5230e35c1564.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071548/; classtype:trojan-activity;sid:83934648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071549)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"92803df9-8cd5-43dd-811b-f2840cdabc14.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071549/; classtype:trojan-activity;sid:83934649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071550)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"450d4a71-458d-4d35-bd01-b075cdb0d900.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071550/; classtype:trojan-activity;sid:83934650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071541)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"53e2e72e-92ec-45bd-b5bf-5230e35c1564.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071541/; classtype:trojan-activity;sid:83934641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071542)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"53e2e72e-92ec-45bd-b5bf-5230e35c1564.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071542/; classtype:trojan-activity;sid:83934642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071543)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"support.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071543/; classtype:trojan-activity;sid:83934643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071544)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cmp5itpp9h30577inogg.tsrv1.ws"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071544/; classtype:trojan-activity;sid:83934644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071545)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"3746c740-22d8-4bc2-9f60-c6c8db13ee88.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071545/; classtype:trojan-activity;sid:83934645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071535)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92803df9-8cd5-43dd-811b-f2840cdabc14.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071535/; classtype:trojan-activity;sid:83934635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071536)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071536/; classtype:trojan-activity;sid:83934636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071537)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cpanel.tsrv1.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071537/; classtype:trojan-activity;sid:83934637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071538)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071538/; classtype:trojan-activity;sid:83934638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071539)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cpanel.tsrv1.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071539/; classtype:trojan-activity;sid:83934639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071540)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92803df9-8cd5-43dd-811b-f2840cdabc14.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071540/; classtype:trojan-activity;sid:83934640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071527)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071527/; classtype:trojan-activity;sid:83934627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071528)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"docs.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071528/; classtype:trojan-activity;sid:83934628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071529)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071529/; classtype:trojan-activity;sid:83934629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071530)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"d166ab3b-91ab-410f-a50d-c702fa55858d.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071530/; classtype:trojan-activity;sid:83934630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071531)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071531/; classtype:trojan-activity;sid:83934631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071532)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"de91e0c0-23c2-457f-9d5d-21e0ce13ac57.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071532/; classtype:trojan-activity;sid:83934632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071533)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"226b8f14-a155-4dbb-88f2-b146941c2fc9.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071533/; classtype:trojan-activity;sid:83934633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071534)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071534/; classtype:trojan-activity;sid:83934634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071526)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"d166ab3b-91ab-410f-a50d-c702fa55858d.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071526/; classtype:trojan-activity;sid:83934626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071523)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071523/; classtype:trojan-activity;sid:83934623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071524)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"1090ce78-a573-43df-908b-4bc549764a3a.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071524/; classtype:trojan-activity;sid:83934624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071525)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"docs.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071525/; classtype:trojan-activity;sid:83934625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071521)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"d166ab3b-91ab-410f-a50d-c702fa55858d.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071521/; classtype:trojan-activity;sid:83934621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071522)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"admin.tsrv1.ws"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071522/; classtype:trojan-activity;sid:83934622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071515)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"1855e8b9-5b39-418e-b53e-3259c2f0c3fc.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071515/; classtype:trojan-activity;sid:83934615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071516)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071516/; classtype:trojan-activity;sid:83934616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071517)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"b6bc745a-7b5c-4d56-ab6c-0dd2982cb122.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071517/; classtype:trojan-activity;sid:83934617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071519)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"450d4a71-458d-4d35-bd01-b075cdb0d900.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071519/; classtype:trojan-activity;sid:83934619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071520)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"de91e0c0-23c2-457f-9d5d-21e0ce13ac57.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071520/; classtype:trojan-activity;sid:83934620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071505)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mail.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071505/; classtype:trojan-activity;sid:83934605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071506)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"a012a656-f566-48a1-afad-3dcc46018380.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071506/; classtype:trojan-activity;sid:83934606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071507)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cpanel.tsrv1.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071507/; classtype:trojan-activity;sid:83934607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071508)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"nstools.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071508/; classtype:trojan-activity;sid:83934608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071509)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"cmp5itpp9h30577inogg.tsrv1.ws"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071509/; classtype:trojan-activity;sid:83934609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071510)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"53e2e72e-92ec-45bd-b5bf-5230e35c1564.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071510/; classtype:trojan-activity;sid:83934610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071511)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071511/; classtype:trojan-activity;sid:83934611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071512)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"226b8f14-a155-4dbb-88f2-b146941c2fc9.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071512/; classtype:trojan-activity;sid:83934612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071513)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"1855e8b9-5b39-418e-b53e-3259c2f0c3fc.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071513/; classtype:trojan-activity;sid:83934613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071502)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"de91e0c0-23c2-457f-9d5d-21e0ce13ac57.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071502/; classtype:trojan-activity;sid:83934602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071503)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"yzcplsibdtq.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071503/; classtype:trojan-activity;sid:83934603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071504)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dfmtjmptskr.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071504/; classtype:trojan-activity;sid:83934604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071492)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cmp5itpp9h30577inogg.tsrv1.ws"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071492/; classtype:trojan-activity;sid:83934592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071493)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"1090ce78-a573-43df-908b-4bc549764a3a.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071493/; classtype:trojan-activity;sid:83934593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071494)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071494/; classtype:trojan-activity;sid:83934594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071495)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"450d4a71-458d-4d35-bd01-b075cdb0d900.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071495/; classtype:trojan-activity;sid:83934595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071496)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071496/; classtype:trojan-activity;sid:83934596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071497)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071497/; classtype:trojan-activity;sid:83934597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071498)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1855e8b9-5b39-418e-b53e-3259c2f0c3fc.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071498/; classtype:trojan-activity;sid:83934598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071499)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"yzcplsibdtq.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071499/; classtype:trojan-activity;sid:83934599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071501)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071501/; classtype:trojan-activity;sid:83934601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071488)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"stltpweavzg.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071488/; classtype:trojan-activity;sid:83934588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071489)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"nstools.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071489/; classtype:trojan-activity;sid:83934589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071490)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"mail.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071490/; classtype:trojan-activity;sid:83934590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071491)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dfmtjmptskr.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071491/; classtype:trojan-activity;sid:83934591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071481)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"yzcplsibdtq.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071481/; classtype:trojan-activity;sid:83934581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071482)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071482/; classtype:trojan-activity;sid:83934582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071483)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"d166ab3b-91ab-410f-a50d-c702fa55858d.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071483/; classtype:trojan-activity;sid:83934583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071484)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"225c2cd6-cbd3-4ac2-8464-cc7686273c9c.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071484/; classtype:trojan-activity;sid:83934584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071485)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"smtp.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071485/; classtype:trojan-activity;sid:83934585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071486)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"53e2e72e-92ec-45bd-b5bf-5230e35c1564.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071486/; classtype:trojan-activity;sid:83934586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071487)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"support.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071487/; classtype:trojan-activity;sid:83934587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071472)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"yzcplsibdtq.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071472/; classtype:trojan-activity;sid:83934572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071473)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071473/; classtype:trojan-activity;sid:83934573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071474)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"dfmtjmptskr.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071474/; classtype:trojan-activity;sid:83934574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071475)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"226b8f14-a155-4dbb-88f2-b146941c2fc9.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071475/; classtype:trojan-activity;sid:83934575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071476)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"d166ab3b-91ab-410f-a50d-c702fa55858d.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071476/; classtype:trojan-activity;sid:83934576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071477)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"admin.tsrv1.ws"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071477/; classtype:trojan-activity;sid:83934577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071478)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071478/; classtype:trojan-activity;sid:83934578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071479)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"450d4a71-458d-4d35-bd01-b075cdb0d900.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071479/; classtype:trojan-activity;sid:83934579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071480)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"225c2cd6-cbd3-4ac2-8464-cc7686273c9c.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071480/; classtype:trojan-activity;sid:83934580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071464)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cpanel.tsrv1.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071464/; classtype:trojan-activity;sid:83934564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071465)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071465/; classtype:trojan-activity;sid:83934565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071467)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"smtp.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071467/; classtype:trojan-activity;sid:83934567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071468)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071468/; classtype:trojan-activity;sid:83934568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071469)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a012a656-f566-48a1-afad-3dcc46018380.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071469/; classtype:trojan-activity;sid:83934569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071470)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"226b8f14-a155-4dbb-88f2-b146941c2fc9.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071470/; classtype:trojan-activity;sid:83934570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071471)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"450d4a71-458d-4d35-bd01-b075cdb0d900.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071471/; classtype:trojan-activity;sid:83934571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071459)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071459/; classtype:trojan-activity;sid:83934559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071460)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"support.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071460/; classtype:trojan-activity;sid:83934560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071461)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071461/; classtype:trojan-activity;sid:83934561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071462)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071462/; classtype:trojan-activity;sid:83934562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071453)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"mail.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071453/; classtype:trojan-activity;sid:83934553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071454)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"ujkujiiempp.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071454/; classtype:trojan-activity;sid:83934554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071455)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cpanel.tsrv1.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071455/; classtype:trojan-activity;sid:83934555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071456)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"de91e0c0-23c2-457f-9d5d-21e0ce13ac57.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071456/; classtype:trojan-activity;sid:83934556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071458)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071458/; classtype:trojan-activity;sid:83934558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071443)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071443/; classtype:trojan-activity;sid:83934543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071444)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"3746c740-22d8-4bc2-9f60-c6c8db13ee88.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071444/; classtype:trojan-activity;sid:83934544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071445)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"admin.tsrv1.ws"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071445/; classtype:trojan-activity;sid:83934545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071446)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cpanel.tsrv1.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071446/; classtype:trojan-activity;sid:83934546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071447)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"community.tsrv1.ws"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071447/; classtype:trojan-activity;sid:83934547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071448)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071448/; classtype:trojan-activity;sid:83934548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071449)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"support.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071449/; classtype:trojan-activity;sid:83934549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071450)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"de91e0c0-23c2-457f-9d5d-21e0ce13ac57.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071450/; classtype:trojan-activity;sid:83934550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071452)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"support.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071452/; classtype:trojan-activity;sid:83934552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071439)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071439/; classtype:trojan-activity;sid:83934539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071440)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"de91e0c0-23c2-457f-9d5d-21e0ce13ac57.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071440/; classtype:trojan-activity;sid:83934540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071441)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"92803df9-8cd5-43dd-811b-f2840cdabc14.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071441/; classtype:trojan-activity;sid:83934541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071428)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"ujkujiiempp.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071428/; classtype:trojan-activity;sid:83934528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071429)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"de91e0c0-23c2-457f-9d5d-21e0ce13ac57.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071429/; classtype:trojan-activity;sid:83934529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071431)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"blog.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071431/; classtype:trojan-activity;sid:83934531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071432)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"53e2e72e-92ec-45bd-b5bf-5230e35c1564.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071432/; classtype:trojan-activity;sid:83934532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071433)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"53e2e72e-92ec-45bd-b5bf-5230e35c1564.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071433/; classtype:trojan-activity;sid:83934533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071434)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1855e8b9-5b39-418e-b53e-3259c2f0c3fc.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071434/; classtype:trojan-activity;sid:83934534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071435)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"1855e8b9-5b39-418e-b53e-3259c2f0c3fc.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071435/; classtype:trojan-activity;sid:83934535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071436)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"smtp.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071436/; classtype:trojan-activity;sid:83934536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071438)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"support.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071438/; classtype:trojan-activity;sid:83934538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071422)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"226b8f14-a155-4dbb-88f2-b146941c2fc9.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071422/; classtype:trojan-activity;sid:83934522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071423)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5913942c-0d07-4809-a743-1db0a1076c8f.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071423/; classtype:trojan-activity;sid:83934523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071424)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"d166ab3b-91ab-410f-a50d-c702fa55858d.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071424/; classtype:trojan-activity;sid:83934524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071425)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"1855e8b9-5b39-418e-b53e-3259c2f0c3fc.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071425/; classtype:trojan-activity;sid:83934525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071426)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"cpanel.tsrv1.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071426/; classtype:trojan-activity;sid:83934526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071427)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"docs.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071427/; classtype:trojan-activity;sid:83934527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071416)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"stltpweavzg.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071416/; classtype:trojan-activity;sid:83934516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071417)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.212.104.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071417/; classtype:trojan-activity;sid:83934517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071418)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071418/; classtype:trojan-activity;sid:83934518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071419)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cpanel.tsrv1.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071419/; classtype:trojan-activity;sid:83934519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071420)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"226b8f14-a155-4dbb-88f2-b146941c2fc9.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071420/; classtype:trojan-activity;sid:83934520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071421)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"1855e8b9-5b39-418e-b53e-3259c2f0c3fc.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071421/; classtype:trojan-activity;sid:83934521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071409)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"nstools.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071409/; classtype:trojan-activity;sid:83934509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071410)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071410/; classtype:trojan-activity;sid:83934510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071411)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"support.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071411/; classtype:trojan-activity;sid:83934511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071412)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"d166ab3b-91ab-410f-a50d-c702fa55858d.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071412/; classtype:trojan-activity;sid:83934512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071413)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cpanel.tsrv1.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071413/; classtype:trojan-activity;sid:83934513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071414)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nstools.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071414/; classtype:trojan-activity;sid:83934514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071415)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071415/; classtype:trojan-activity;sid:83934515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071402)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cmp5itpp9h30577inogg.tsrv1.ws"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071402/; classtype:trojan-activity;sid:83934502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071403)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"de91e0c0-23c2-457f-9d5d-21e0ce13ac57.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071403/; classtype:trojan-activity;sid:83934503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071404)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"1855e8b9-5b39-418e-b53e-3259c2f0c3fc.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071404/; classtype:trojan-activity;sid:83934504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071405)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"a012a656-f566-48a1-afad-3dcc46018380.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071405/; classtype:trojan-activity;sid:83934505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071406)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"450d4a71-458d-4d35-bd01-b075cdb0d900.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071406/; classtype:trojan-activity;sid:83934506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071407)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nstools.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071407/; classtype:trojan-activity;sid:83934507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071408)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cpanel.tsrv1.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071408/; classtype:trojan-activity;sid:83934508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071396)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"3746c740-22d8-4bc2-9f60-c6c8db13ee88.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071396/; classtype:trojan-activity;sid:83934496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071397)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"admin.tsrv1.ws"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071397/; classtype:trojan-activity;sid:83934497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071398)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cpanel.tsrv1.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071398/; classtype:trojan-activity;sid:83934498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071399)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"226b8f14-a155-4dbb-88f2-b146941c2fc9.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071399/; classtype:trojan-activity;sid:83934499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071400)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"cmp5itpp9h30577inogg.tsrv1.ws"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071400/; classtype:trojan-activity;sid:83934500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071401)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"ujkujiiempp.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071401/; classtype:trojan-activity;sid:83934501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071391)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"dfmtjmptskr.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071391/; classtype:trojan-activity;sid:83934491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071392)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"community.tsrv1.ws"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071392/; classtype:trojan-activity;sid:83934492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071394)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"226b8f14-a155-4dbb-88f2-b146941c2fc9.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071394/; classtype:trojan-activity;sid:83934494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071395)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"support.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071395/; classtype:trojan-activity;sid:83934495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071383)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"53e2e72e-92ec-45bd-b5bf-5230e35c1564.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071383/; classtype:trojan-activity;sid:83934483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071384)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"cmp5itpp9h30577inogg.tsrv1.ws"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071384/; classtype:trojan-activity;sid:83934484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071385)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071385/; classtype:trojan-activity;sid:83934485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071386)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071386/; classtype:trojan-activity;sid:83934486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071387)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"blog.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071387/; classtype:trojan-activity;sid:83934487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071388)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"b6bc745a-7b5c-4d56-ab6c-0dd2982cb122.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071388/; classtype:trojan-activity;sid:83934488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071389)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"stltpweavzg.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071389/; classtype:trojan-activity;sid:83934489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071390)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cmp5itpp9h30577inogg.tsrv1.ws"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071390/; classtype:trojan-activity;sid:83934490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071378)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"225c2cd6-cbd3-4ac2-8464-cc7686273c9c.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071378/; classtype:trojan-activity;sid:83934478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071379)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"226b8f14-a155-4dbb-88f2-b146941c2fc9.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071379/; classtype:trojan-activity;sid:83934479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.214.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071380/; classtype:trojan-activity;sid:83934480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071381)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cmp5itpp9h30577inogg.tsrv1.ws"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071381/; classtype:trojan-activity;sid:83934481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071382)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cmp5itpp9h30577inogg.tsrv1.ws"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071382/; classtype:trojan-activity;sid:83934482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071370)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"support.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071370/; classtype:trojan-activity;sid:83934470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071371)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"450d4a71-458d-4d35-bd01-b075cdb0d900.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071371/; classtype:trojan-activity;sid:83934471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071372)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"yzcplsibdtq.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071372/; classtype:trojan-activity;sid:83934472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071373)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071373/; classtype:trojan-activity;sid:83934473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071374)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"d166ab3b-91ab-410f-a50d-c702fa55858d.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071374/; classtype:trojan-activity;sid:83934474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071375)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"d166ab3b-91ab-410f-a50d-c702fa55858d.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071375/; classtype:trojan-activity;sid:83934475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071376)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"support.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071376/; classtype:trojan-activity;sid:83934476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071377)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071377/; classtype:trojan-activity;sid:83934477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071364)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cpanel.tsrv1.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071364/; classtype:trojan-activity;sid:83934464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071365)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cmp5itpp9h30577inogg.tsrv1.ws"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071365/; classtype:trojan-activity;sid:83934465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071366)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"1855e8b9-5b39-418e-b53e-3259c2f0c3fc.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071366/; classtype:trojan-activity;sid:83934466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071367)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"community.tsrv1.ws"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071367/; classtype:trojan-activity;sid:83934467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071368)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"help.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071368/; classtype:trojan-activity;sid:83934468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071369)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071369/; classtype:trojan-activity;sid:83934469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071359)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"92803df9-8cd5-43dd-811b-f2840cdabc14.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071359/; classtype:trojan-activity;sid:83934459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071360)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"de91e0c0-23c2-457f-9d5d-21e0ce13ac57.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071360/; classtype:trojan-activity;sid:83934460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071362)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"d166ab3b-91ab-410f-a50d-c702fa55858d.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071362/; classtype:trojan-activity;sid:83934462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071351)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cpanel.tsrv1.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071351/; classtype:trojan-activity;sid:83934451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071352)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"cpanel.tsrv1.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071352/; classtype:trojan-activity;sid:83934452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071353)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mail.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071353/; classtype:trojan-activity;sid:83934453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071354)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071354/; classtype:trojan-activity;sid:83934454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071355)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"450d4a71-458d-4d35-bd01-b075cdb0d900.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071355/; classtype:trojan-activity;sid:83934455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071357)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"a012a656-f566-48a1-afad-3dcc46018380.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071357/; classtype:trojan-activity;sid:83934457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071342)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"53e2e72e-92ec-45bd-b5bf-5230e35c1564.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071342/; classtype:trojan-activity;sid:83934442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071343)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"d166ab3b-91ab-410f-a50d-c702fa55858d.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071343/; classtype:trojan-activity;sid:83934443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071344)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"admin.tsrv1.ws"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071344/; classtype:trojan-activity;sid:83934444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071345)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"help.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071345/; classtype:trojan-activity;sid:83934445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071346)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"225c2cd6-cbd3-4ac2-8464-cc7686273c9c.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071346/; classtype:trojan-activity;sid:83934446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071347)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1855e8b9-5b39-418e-b53e-3259c2f0c3fc.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071347/; classtype:trojan-activity;sid:83934447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071348)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071348/; classtype:trojan-activity;sid:83934448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071349)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5913942c-0d07-4809-a743-1db0a1076c8f.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071349/; classtype:trojan-activity;sid:83934449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071350)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1855e8b9-5b39-418e-b53e-3259c2f0c3fc.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071350/; classtype:trojan-activity;sid:83934450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071332)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"3746c740-22d8-4bc2-9f60-c6c8db13ee88.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071332/; classtype:trojan-activity;sid:83934432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071333)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"d166ab3b-91ab-410f-a50d-c702fa55858d.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071333/; classtype:trojan-activity;sid:83934433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071334)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1855e8b9-5b39-418e-b53e-3259c2f0c3fc.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071334/; classtype:trojan-activity;sid:83934434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071335)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"a012a656-f566-48a1-afad-3dcc46018380.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071335/; classtype:trojan-activity;sid:83934435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071336)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"226b8f14-a155-4dbb-88f2-b146941c2fc9.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071336/; classtype:trojan-activity;sid:83934436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071337)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071337/; classtype:trojan-activity;sid:83934437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071338)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071338/; classtype:trojan-activity;sid:83934438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071339)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"1855e8b9-5b39-418e-b53e-3259c2f0c3fc.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071339/; classtype:trojan-activity;sid:83934439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071340)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"smtp.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071340/; classtype:trojan-activity;sid:83934440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071341)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"d166ab3b-91ab-410f-a50d-c702fa55858d.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071341/; classtype:trojan-activity;sid:83934441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071325)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"1855e8b9-5b39-418e-b53e-3259c2f0c3fc.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071325/; classtype:trojan-activity;sid:83934425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071326)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dfmtjmptskr.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071326/; classtype:trojan-activity;sid:83934426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071327)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cmp5itpp9h30577inogg.tsrv1.ws"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071327/; classtype:trojan-activity;sid:83934427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071328)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cpanel.tsrv1.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071328/; classtype:trojan-activity;sid:83934428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071329)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"a012a656-f566-48a1-afad-3dcc46018380.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071329/; classtype:trojan-activity;sid:83934429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071321)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cmp5itpp9h30577inogg.tsrv1.ws"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071321/; classtype:trojan-activity;sid:83934421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071322)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92803df9-8cd5-43dd-811b-f2840cdabc14.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071322/; classtype:trojan-activity;sid:83934422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071323)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071323/; classtype:trojan-activity;sid:83934423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071324)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071324/; classtype:trojan-activity;sid:83934424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071318)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cpanel.tsrv1.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071318/; classtype:trojan-activity;sid:83934418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071319)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"docs.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071319/; classtype:trojan-activity;sid:83934419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071320)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1090ce78-a573-43df-908b-4bc549764a3a.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071320/; classtype:trojan-activity;sid:83934420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071311)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"de91e0c0-23c2-457f-9d5d-21e0ce13ac57.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071311/; classtype:trojan-activity;sid:83934411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071312)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"a012a656-f566-48a1-afad-3dcc46018380.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071312/; classtype:trojan-activity;sid:83934412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071313)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cpanel.tsrv1.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071313/; classtype:trojan-activity;sid:83934413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071314)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"support.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071314/; classtype:trojan-activity;sid:83934414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071315)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"de91e0c0-23c2-457f-9d5d-21e0ce13ac57.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071315/; classtype:trojan-activity;sid:83934415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071316)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"226b8f14-a155-4dbb-88f2-b146941c2fc9.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071316/; classtype:trojan-activity;sid:83934416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071317)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"support.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071317/; classtype:trojan-activity;sid:83934417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071305)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071305/; classtype:trojan-activity;sid:83934405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071306)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"de91e0c0-23c2-457f-9d5d-21e0ce13ac57.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071306/; classtype:trojan-activity;sid:83934406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071307)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"blog.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071307/; classtype:trojan-activity;sid:83934407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071308)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"d166ab3b-91ab-410f-a50d-c702fa55858d.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071308/; classtype:trojan-activity;sid:83934408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071309)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"450d4a71-458d-4d35-bd01-b075cdb0d900.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071309/; classtype:trojan-activity;sid:83934409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071310)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071310/; classtype:trojan-activity;sid:83934410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071303)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"1090ce78-a573-43df-908b-4bc549764a3a.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071303/; classtype:trojan-activity;sid:83934403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071304)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"53e2e72e-92ec-45bd-b5bf-5230e35c1564.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071304/; classtype:trojan-activity;sid:83934404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071300)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cpanel.tsrv1.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071300/; classtype:trojan-activity;sid:83934400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071301)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"community.tsrv1.ws"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071301/; classtype:trojan-activity;sid:83934401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071302)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"1855e8b9-5b39-418e-b53e-3259c2f0c3fc.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071302/; classtype:trojan-activity;sid:83934402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071292)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071292/; classtype:trojan-activity;sid:83934392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071293)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cpanel.tsrv1.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071293/; classtype:trojan-activity;sid:83934393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071294)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"admin.tsrv1.ws"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071294/; classtype:trojan-activity;sid:83934394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071295)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"docs.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071295/; classtype:trojan-activity;sid:83934395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071296)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cmp5itpp9h30577inogg.tsrv1.ws"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071296/; classtype:trojan-activity;sid:83934396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071297)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"a012a656-f566-48a1-afad-3dcc46018380.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071297/; classtype:trojan-activity;sid:83934397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071298)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"community.tsrv1.ws"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071298/; classtype:trojan-activity;sid:83934398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071286)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"a012a656-f566-48a1-afad-3dcc46018380.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071286/; classtype:trojan-activity;sid:83934386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071287)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071287/; classtype:trojan-activity;sid:83934387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071288)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"smtp.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071288/; classtype:trojan-activity;sid:83934388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071289)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"d166ab3b-91ab-410f-a50d-c702fa55858d.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071289/; classtype:trojan-activity;sid:83934389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071290)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071290/; classtype:trojan-activity;sid:83934390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071291)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"3746c740-22d8-4bc2-9f60-c6c8db13ee88.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071291/; classtype:trojan-activity;sid:83934391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071284)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071284/; classtype:trojan-activity;sid:83934384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071285)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"226b8f14-a155-4dbb-88f2-b146941c2fc9.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071285/; classtype:trojan-activity;sid:83934385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071276)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92803df9-8cd5-43dd-811b-f2840cdabc14.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071276/; classtype:trojan-activity;sid:83934376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071277)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cmp5itpp9h30577inogg.tsrv1.ws"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071277/; classtype:trojan-activity;sid:83934377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071279)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"1855e8b9-5b39-418e-b53e-3259c2f0c3fc.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071279/; classtype:trojan-activity;sid:83934379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071280)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071280/; classtype:trojan-activity;sid:83934380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071281)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071281/; classtype:trojan-activity;sid:83934381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071282)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"53e2e72e-92ec-45bd-b5bf-5230e35c1564.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071282/; classtype:trojan-activity;sid:83934382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071283)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cmp5itpp9h30577inogg.tsrv1.ws"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071283/; classtype:trojan-activity;sid:83934383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071266)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"450d4a71-458d-4d35-bd01-b075cdb0d900.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071266/; classtype:trojan-activity;sid:83934366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071268)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"226b8f14-a155-4dbb-88f2-b146941c2fc9.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071268/; classtype:trojan-activity;sid:83934368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071269)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"225c2cd6-cbd3-4ac2-8464-cc7686273c9c.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071269/; classtype:trojan-activity;sid:83934369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071270)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071270/; classtype:trojan-activity;sid:83934370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071271)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"b6bc745a-7b5c-4d56-ab6c-0dd2982cb122.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071271/; classtype:trojan-activity;sid:83934371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071272)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"help.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071272/; classtype:trojan-activity;sid:83934372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071273)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"community.tsrv1.ws"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071273/; classtype:trojan-activity;sid:83934373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071274)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071274/; classtype:trojan-activity;sid:83934374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071275)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"450d4a71-458d-4d35-bd01-b075cdb0d900.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071275/; classtype:trojan-activity;sid:83934375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071260)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"1855e8b9-5b39-418e-b53e-3259c2f0c3fc.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071260/; classtype:trojan-activity;sid:83934360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071261)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"450d4a71-458d-4d35-bd01-b075cdb0d900.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071261/; classtype:trojan-activity;sid:83934361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071262)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"de91e0c0-23c2-457f-9d5d-21e0ce13ac57.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071262/; classtype:trojan-activity;sid:83934362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071263)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"docs.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071263/; classtype:trojan-activity;sid:83934363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071264)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071264/; classtype:trojan-activity;sid:83934364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071265)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"226b8f14-a155-4dbb-88f2-b146941c2fc9.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071265/; classtype:trojan-activity;sid:83934365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071253)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"226b8f14-a155-4dbb-88f2-b146941c2fc9.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071253/; classtype:trojan-activity;sid:83934353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071254)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"docs.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071254/; classtype:trojan-activity;sid:83934354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071255)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071255/; classtype:trojan-activity;sid:83934355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071256)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1090ce78-a573-43df-908b-4bc549764a3a.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071256/; classtype:trojan-activity;sid:83934356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071257)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071257/; classtype:trojan-activity;sid:83934357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071258)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"53e2e72e-92ec-45bd-b5bf-5230e35c1564.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071258/; classtype:trojan-activity;sid:83934358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071259)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"support.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071259/; classtype:trojan-activity;sid:83934359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071245)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071245/; classtype:trojan-activity;sid:83934345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071246)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"226b8f14-a155-4dbb-88f2-b146941c2fc9.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071246/; classtype:trojan-activity;sid:83934346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071247)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"225c2cd6-cbd3-4ac2-8464-cc7686273c9c.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071247/; classtype:trojan-activity;sid:83934347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071248)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071248/; classtype:trojan-activity;sid:83934348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071249)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1090ce78-a573-43df-908b-4bc549764a3a.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071249/; classtype:trojan-activity;sid:83934349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071250)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"53e2e72e-92ec-45bd-b5bf-5230e35c1564.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071250/; classtype:trojan-activity;sid:83934350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071251)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cmp5itpp9h30577inogg.tsrv1.ws"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071251/; classtype:trojan-activity;sid:83934351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071252)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"d166ab3b-91ab-410f-a50d-c702fa55858d.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071252/; classtype:trojan-activity;sid:83934352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071240)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071240/; classtype:trojan-activity;sid:83934340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071241)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"d166ab3b-91ab-410f-a50d-c702fa55858d.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071241/; classtype:trojan-activity;sid:83934341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071242)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071242/; classtype:trojan-activity;sid:83934342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071243)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"cpanel.tsrv1.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071243/; classtype:trojan-activity;sid:83934343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071244)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"de91e0c0-23c2-457f-9d5d-21e0ce13ac57.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071244/; classtype:trojan-activity;sid:83934344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071235)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071235/; classtype:trojan-activity;sid:83934335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071236)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5913942c-0d07-4809-a743-1db0a1076c8f.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071236/; classtype:trojan-activity;sid:83934336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071237)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071237/; classtype:trojan-activity;sid:83934337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071238)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071238/; classtype:trojan-activity;sid:83934338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071239)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"226b8f14-a155-4dbb-88f2-b146941c2fc9.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071239/; classtype:trojan-activity;sid:83934339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071227)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"dfmtjmptskr.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071227/; classtype:trojan-activity;sid:83934327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071228)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"53e2e72e-92ec-45bd-b5bf-5230e35c1564.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071228/; classtype:trojan-activity;sid:83934328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071229)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071229/; classtype:trojan-activity;sid:83934329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071230)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cmp5itpp9h30577inogg.tsrv1.ws"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071230/; classtype:trojan-activity;sid:83934330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071231)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071231/; classtype:trojan-activity;sid:83934331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071232)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1855e8b9-5b39-418e-b53e-3259c2f0c3fc.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071232/; classtype:trojan-activity;sid:83934332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071233)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"de91e0c0-23c2-457f-9d5d-21e0ce13ac57.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071233/; classtype:trojan-activity;sid:83934333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071234)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071234/; classtype:trojan-activity;sid:83934334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071219)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"53e2e72e-92ec-45bd-b5bf-5230e35c1564.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071219/; classtype:trojan-activity;sid:83934319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071220)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"53e2e72e-92ec-45bd-b5bf-5230e35c1564.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071220/; classtype:trojan-activity;sid:83934320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071221)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"de91e0c0-23c2-457f-9d5d-21e0ce13ac57.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071221/; classtype:trojan-activity;sid:83934321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071222)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1855e8b9-5b39-418e-b53e-3259c2f0c3fc.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071222/; classtype:trojan-activity;sid:83934322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071223)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"1090ce78-a573-43df-908b-4bc549764a3a.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071223/; classtype:trojan-activity;sid:83934323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071224)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"de91e0c0-23c2-457f-9d5d-21e0ce13ac57.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071224/; classtype:trojan-activity;sid:83934324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071225)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"d166ab3b-91ab-410f-a50d-c702fa55858d.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071225/; classtype:trojan-activity;sid:83934325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071215)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mail.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071215/; classtype:trojan-activity;sid:83934315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071216)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"yzcplsibdtq.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071216/; classtype:trojan-activity;sid:83934316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071217)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5913942c-0d07-4809-a743-1db0a1076c8f.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071217/; classtype:trojan-activity;sid:83934317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071218)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"d166ab3b-91ab-410f-a50d-c702fa55858d.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071218/; classtype:trojan-activity;sid:83934318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071210)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"d166ab3b-91ab-410f-a50d-c702fa55858d.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071210/; classtype:trojan-activity;sid:83934310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071211)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"help.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071211/; classtype:trojan-activity;sid:83934311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071212)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"53e2e72e-92ec-45bd-b5bf-5230e35c1564.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071212/; classtype:trojan-activity;sid:83934312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071213)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071213/; classtype:trojan-activity;sid:83934313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071214)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"mail.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071214/; classtype:trojan-activity;sid:83934314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071201)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071201/; classtype:trojan-activity;sid:83934301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071202)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"d166ab3b-91ab-410f-a50d-c702fa55858d.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071202/; classtype:trojan-activity;sid:83934302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071203)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"mail.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071203/; classtype:trojan-activity;sid:83934303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071204)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071204/; classtype:trojan-activity;sid:83934304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.30.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071205/; classtype:trojan-activity;sid:83934305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071206)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1090ce78-a573-43df-908b-4bc549764a3a.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071206/; classtype:trojan-activity;sid:83934306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071207)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"226b8f14-a155-4dbb-88f2-b146941c2fc9.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071207/; classtype:trojan-activity;sid:83934307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071209)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"de91e0c0-23c2-457f-9d5d-21e0ce13ac57.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071209/; classtype:trojan-activity;sid:83934309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071195)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"community.tsrv1.ws"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071195/; classtype:trojan-activity;sid:83934295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071196)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nstools.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071196/; classtype:trojan-activity;sid:83934296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071197)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"450d4a71-458d-4d35-bd01-b075cdb0d900.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071197/; classtype:trojan-activity;sid:83934297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071198)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"stltpweavzg.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071198/; classtype:trojan-activity;sid:83934298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071199)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"d166ab3b-91ab-410f-a50d-c702fa55858d.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071199/; classtype:trojan-activity;sid:83934299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071200)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071200/; classtype:trojan-activity;sid:83934300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071190)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"de91e0c0-23c2-457f-9d5d-21e0ce13ac57.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071190/; classtype:trojan-activity;sid:83934290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071191)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"help.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071191/; classtype:trojan-activity;sid:83934291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071192)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"226b8f14-a155-4dbb-88f2-b146941c2fc9.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071192/; classtype:trojan-activity;sid:83934292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071193)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071193/; classtype:trojan-activity;sid:83934293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071194)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"53e2e72e-92ec-45bd-b5bf-5230e35c1564.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071194/; classtype:trojan-activity;sid:83934294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071178)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92803df9-8cd5-43dd-811b-f2840cdabc14.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071178/; classtype:trojan-activity;sid:83934278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071179)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"53e2e72e-92ec-45bd-b5bf-5230e35c1564.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071179/; classtype:trojan-activity;sid:83934279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071180)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"450d4a71-458d-4d35-bd01-b075cdb0d900.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071180/; classtype:trojan-activity;sid:83934280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071181)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"1855e8b9-5b39-418e-b53e-3259c2f0c3fc.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071181/; classtype:trojan-activity;sid:83934281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071182)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"d166ab3b-91ab-410f-a50d-c702fa55858d.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071182/; classtype:trojan-activity;sid:83934282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071183)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"yzcplsibdtq.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071183/; classtype:trojan-activity;sid:83934283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071184)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"d166ab3b-91ab-410f-a50d-c702fa55858d.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071184/; classtype:trojan-activity;sid:83934284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071185)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1090ce78-a573-43df-908b-4bc549764a3a.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071185/; classtype:trojan-activity;sid:83934285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071186)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"admin.tsrv1.ws"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071186/; classtype:trojan-activity;sid:83934286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071189)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"3746c740-22d8-4bc2-9f60-c6c8db13ee88.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071189/; classtype:trojan-activity;sid:83934289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071172)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071172/; classtype:trojan-activity;sid:83934272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071173)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cmp5itpp9h30577inogg.tsrv1.ws"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071173/; classtype:trojan-activity;sid:83934273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071175)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"b6bc745a-7b5c-4d56-ab6c-0dd2982cb122.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071175/; classtype:trojan-activity;sid:83934275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071176)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cpanel.tsrv1.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071176/; classtype:trojan-activity;sid:83934276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071177)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1855e8b9-5b39-418e-b53e-3259c2f0c3fc.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071177/; classtype:trojan-activity;sid:83934277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071165)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071165/; classtype:trojan-activity;sid:83934265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071166)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"53e2e72e-92ec-45bd-b5bf-5230e35c1564.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071166/; classtype:trojan-activity;sid:83934266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071167)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"stltpweavzg.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071167/; classtype:trojan-activity;sid:83934267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071168)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cmp5itpp9h30577inogg.tsrv1.ws"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071168/; classtype:trojan-activity;sid:83934268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071169)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1855e8b9-5b39-418e-b53e-3259c2f0c3fc.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071169/; classtype:trojan-activity;sid:83934269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071170)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"docs.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071170/; classtype:trojan-activity;sid:83934270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071171)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"de91e0c0-23c2-457f-9d5d-21e0ce13ac57.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071171/; classtype:trojan-activity;sid:83934271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071155)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5913942c-0d07-4809-a743-1db0a1076c8f.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071155/; classtype:trojan-activity;sid:83934255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071156)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"53e2e72e-92ec-45bd-b5bf-5230e35c1564.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071156/; classtype:trojan-activity;sid:83934256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071157)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"b6bc745a-7b5c-4d56-ab6c-0dd2982cb122.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071157/; classtype:trojan-activity;sid:83934257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071158)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"450d4a71-458d-4d35-bd01-b075cdb0d900.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071158/; classtype:trojan-activity;sid:83934258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071159)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071159/; classtype:trojan-activity;sid:83934259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071160)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071160/; classtype:trojan-activity;sid:83934260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071161)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"450d4a71-458d-4d35-bd01-b075cdb0d900.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071161/; classtype:trojan-activity;sid:83934261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071162)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"ujkujiiempp.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071162/; classtype:trojan-activity;sid:83934262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071163)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"d166ab3b-91ab-410f-a50d-c702fa55858d.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071163/; classtype:trojan-activity;sid:83934263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071164)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1855e8b9-5b39-418e-b53e-3259c2f0c3fc.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071164/; classtype:trojan-activity;sid:83934264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071151)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"de91e0c0-23c2-457f-9d5d-21e0ce13ac57.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071151/; classtype:trojan-activity;sid:83934251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071152)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"b6bc745a-7b5c-4d56-ab6c-0dd2982cb122.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071152/; classtype:trojan-activity;sid:83934252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071153)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"de91e0c0-23c2-457f-9d5d-21e0ce13ac57.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071153/; classtype:trojan-activity;sid:83934253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071154)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"help.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071154/; classtype:trojan-activity;sid:83934254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071143)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"de91e0c0-23c2-457f-9d5d-21e0ce13ac57.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071143/; classtype:trojan-activity;sid:83934243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071144)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5913942c-0d07-4809-a743-1db0a1076c8f.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071144/; classtype:trojan-activity;sid:83934244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071145)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"cpanel.tsrv1.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071145/; classtype:trojan-activity;sid:83934245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071146)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5913942c-0d07-4809-a743-1db0a1076c8f.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071146/; classtype:trojan-activity;sid:83934246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071147)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"help.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071147/; classtype:trojan-activity;sid:83934247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071148)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"b6bc745a-7b5c-4d56-ab6c-0dd2982cb122.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071148/; classtype:trojan-activity;sid:83934248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071149)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"3746c740-22d8-4bc2-9f60-c6c8db13ee88.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071149/; classtype:trojan-activity;sid:83934249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071150)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"d166ab3b-91ab-410f-a50d-c702fa55858d.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071150/; classtype:trojan-activity;sid:83934250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071133)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"stltpweavzg.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071133/; classtype:trojan-activity;sid:83934233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071134)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"53e2e72e-92ec-45bd-b5bf-5230e35c1564.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071134/; classtype:trojan-activity;sid:83934234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071135)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ujkujiiempp.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071135/; classtype:trojan-activity;sid:83934235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071136)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"help.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071136/; classtype:trojan-activity;sid:83934236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071137)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071137/; classtype:trojan-activity;sid:83934237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071138)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"smtp.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071138/; classtype:trojan-activity;sid:83934238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071139)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5913942c-0d07-4809-a743-1db0a1076c8f.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071139/; classtype:trojan-activity;sid:83934239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071140)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cpanel.tsrv1.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071140/; classtype:trojan-activity;sid:83934240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071141)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"admin.tsrv1.ws"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071141/; classtype:trojan-activity;sid:83934241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071142)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"b6bc745a-7b5c-4d56-ab6c-0dd2982cb122.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071142/; classtype:trojan-activity;sid:83934242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071130)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nstools.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071130/; classtype:trojan-activity;sid:83934230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071131)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"226b8f14-a155-4dbb-88f2-b146941c2fc9.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071131/; classtype:trojan-activity;sid:83934231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071132)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"blog.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071132/; classtype:trojan-activity;sid:83934232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071126)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"450d4a71-458d-4d35-bd01-b075cdb0d900.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071126/; classtype:trojan-activity;sid:83934226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071127)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"225c2cd6-cbd3-4ac2-8464-cc7686273c9c.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071127/; classtype:trojan-activity;sid:83934227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071128)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"b6bc745a-7b5c-4d56-ab6c-0dd2982cb122.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071128/; classtype:trojan-activity;sid:83934228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071129)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071129/; classtype:trojan-activity;sid:83934229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071123)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"stltpweavzg.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071123/; classtype:trojan-activity;sid:83934223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071124)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071124/; classtype:trojan-activity;sid:83934224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071125)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"support.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071125/; classtype:trojan-activity;sid:83934225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071120)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"admin.tsrv1.ws"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071120/; classtype:trojan-activity;sid:83934220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071121)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"community.tsrv1.ws"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071121/; classtype:trojan-activity;sid:83934221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071122)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"b6bc745a-7b5c-4d56-ab6c-0dd2982cb122.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071122/; classtype:trojan-activity;sid:83934222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071118)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"a012a656-f566-48a1-afad-3dcc46018380.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071118/; classtype:trojan-activity;sid:83934218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071119)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"53e2e72e-92ec-45bd-b5bf-5230e35c1564.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071119/; classtype:trojan-activity;sid:83934219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071113)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"3746c740-22d8-4bc2-9f60-c6c8db13ee88.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071113/; classtype:trojan-activity;sid:83934213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071114)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071114/; classtype:trojan-activity;sid:83934214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071115)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"d166ab3b-91ab-410f-a50d-c702fa55858d.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071115/; classtype:trojan-activity;sid:83934215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071116)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"nstools.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071116/; classtype:trojan-activity;sid:83934216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071117)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071117/; classtype:trojan-activity;sid:83934217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071106)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"450d4a71-458d-4d35-bd01-b075cdb0d900.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071106/; classtype:trojan-activity;sid:83934206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071107)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071107/; classtype:trojan-activity;sid:83934207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071108)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cpanel.tsrv1.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071108/; classtype:trojan-activity;sid:83934208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071109)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"docs.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071109/; classtype:trojan-activity;sid:83934209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071110)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071110/; classtype:trojan-activity;sid:83934210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071111)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cmp5itpp9h30577inogg.tsrv1.ws"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071111/; classtype:trojan-activity;sid:83934211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071112)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"226b8f14-a155-4dbb-88f2-b146941c2fc9.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071112/; classtype:trojan-activity;sid:83934212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071099)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071099/; classtype:trojan-activity;sid:83934199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071100)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"blog.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071100/; classtype:trojan-activity;sid:83934200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071101)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071101/; classtype:trojan-activity;sid:83934201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071102)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071102/; classtype:trojan-activity;sid:83934202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071103)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"d166ab3b-91ab-410f-a50d-c702fa55858d.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071103/; classtype:trojan-activity;sid:83934203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071104)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"admin.tsrv1.ws"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071104/; classtype:trojan-activity;sid:83934204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071105)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"community.tsrv1.ws"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071105/; classtype:trojan-activity;sid:83934205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071094)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"dfmtjmptskr.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071094/; classtype:trojan-activity;sid:83934194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071096)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"225c2cd6-cbd3-4ac2-8464-cc7686273c9c.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071096/; classtype:trojan-activity;sid:83934196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071097)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92803df9-8cd5-43dd-811b-f2840cdabc14.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071097/; classtype:trojan-activity;sid:83934197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071098)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1855e8b9-5b39-418e-b53e-3259c2f0c3fc.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071098/; classtype:trojan-activity;sid:83934198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071090)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"226b8f14-a155-4dbb-88f2-b146941c2fc9.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071090/; classtype:trojan-activity;sid:83934190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071091)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"53e2e72e-92ec-45bd-b5bf-5230e35c1564.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071091/; classtype:trojan-activity;sid:83934191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071092)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"de91e0c0-23c2-457f-9d5d-21e0ce13ac57.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071092/; classtype:trojan-activity;sid:83934192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071093)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"226b8f14-a155-4dbb-88f2-b146941c2fc9.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071093/; classtype:trojan-activity;sid:83934193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071087)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"dfmtjmptskr.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071087/; classtype:trojan-activity;sid:83934187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071088)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"450d4a71-458d-4d35-bd01-b075cdb0d900.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071088/; classtype:trojan-activity;sid:83934188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071089)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"53e2e72e-92ec-45bd-b5bf-5230e35c1564.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071089/; classtype:trojan-activity;sid:83934189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071083)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"de91e0c0-23c2-457f-9d5d-21e0ce13ac57.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071083/; classtype:trojan-activity;sid:83934183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071084)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"help.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071084/; classtype:trojan-activity;sid:83934184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071085)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"smtp.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071085/; classtype:trojan-activity;sid:83934185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071086)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"de91e0c0-23c2-457f-9d5d-21e0ce13ac57.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071086/; classtype:trojan-activity;sid:83934186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071079)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"nstools.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071079/; classtype:trojan-activity;sid:83934179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071081)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071081/; classtype:trojan-activity;sid:83934181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071082)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"stltpweavzg.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071082/; classtype:trojan-activity;sid:83934182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071071)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071071/; classtype:trojan-activity;sid:83934171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071072)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"53e2e72e-92ec-45bd-b5bf-5230e35c1564.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071072/; classtype:trojan-activity;sid:83934172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071074)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cmp5itpp9h30577inogg.tsrv1.ws"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071074/; classtype:trojan-activity;sid:83934174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071075)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"450d4a71-458d-4d35-bd01-b075cdb0d900.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071075/; classtype:trojan-activity;sid:83934175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071076)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"de91e0c0-23c2-457f-9d5d-21e0ce13ac57.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071076/; classtype:trojan-activity;sid:83934176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071077)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"mail.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071077/; classtype:trojan-activity;sid:83934177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071078)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5913942c-0d07-4809-a743-1db0a1076c8f.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071078/; classtype:trojan-activity;sid:83934178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071067)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cpanel.tsrv1.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071067/; classtype:trojan-activity;sid:83934167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071068)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071068/; classtype:trojan-activity;sid:83934168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071069)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"450d4a71-458d-4d35-bd01-b075cdb0d900.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071069/; classtype:trojan-activity;sid:83934169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071070)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"support.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071070/; classtype:trojan-activity;sid:83934170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071064)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"226b8f14-a155-4dbb-88f2-b146941c2fc9.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071064/; classtype:trojan-activity;sid:83934164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071065)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071065/; classtype:trojan-activity;sid:83934165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071066)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"help.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071066/; classtype:trojan-activity;sid:83934166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071056)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071056/; classtype:trojan-activity;sid:83934156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071057)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"blog.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071057/; classtype:trojan-activity;sid:83934157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071058)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"support.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071058/; classtype:trojan-activity;sid:83934158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071059)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cpanel.tsrv1.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071059/; classtype:trojan-activity;sid:83934159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071060)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071060/; classtype:trojan-activity;sid:83934160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071061)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"226b8f14-a155-4dbb-88f2-b146941c2fc9.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071061/; classtype:trojan-activity;sid:83934161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071062)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071062/; classtype:trojan-activity;sid:83934162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071063)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"cpanel.tsrv1.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071063/; classtype:trojan-activity;sid:83934163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071048)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"1855e8b9-5b39-418e-b53e-3259c2f0c3fc.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071048/; classtype:trojan-activity;sid:83934148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071050)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"53e2e72e-92ec-45bd-b5bf-5230e35c1564.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071050/; classtype:trojan-activity;sid:83934150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071051)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"blog.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071051/; classtype:trojan-activity;sid:83934151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071052)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"cmp5itpp9h30577inogg.tsrv1.ws"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071052/; classtype:trojan-activity;sid:83934152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071053)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"nstools.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071053/; classtype:trojan-activity;sid:83934153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071054)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"nstools.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071054/; classtype:trojan-activity;sid:83934154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071039)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"stltpweavzg.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071039/; classtype:trojan-activity;sid:83934139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071040)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071040/; classtype:trojan-activity;sid:83934140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071041)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"53e2e72e-92ec-45bd-b5bf-5230e35c1564.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071041/; classtype:trojan-activity;sid:83934141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071042)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"226b8f14-a155-4dbb-88f2-b146941c2fc9.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071042/; classtype:trojan-activity;sid:83934142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071043)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071043/; classtype:trojan-activity;sid:83934143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071044)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071044/; classtype:trojan-activity;sid:83934144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071045)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"450d4a71-458d-4d35-bd01-b075cdb0d900.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071045/; classtype:trojan-activity;sid:83934145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071046)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"450d4a71-458d-4d35-bd01-b075cdb0d900.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071046/; classtype:trojan-activity;sid:83934146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071047)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"dfmtjmptskr.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071047/; classtype:trojan-activity;sid:83934147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071032)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92803df9-8cd5-43dd-811b-f2840cdabc14.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071032/; classtype:trojan-activity;sid:83934132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071033)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mail.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071033/; classtype:trojan-activity;sid:83934133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071034)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"cmp5itpp9h30577inogg.tsrv1.ws"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071034/; classtype:trojan-activity;sid:83934134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071035)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"450d4a71-458d-4d35-bd01-b075cdb0d900.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071035/; classtype:trojan-activity;sid:83934135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071036)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cmp5itpp9h30577inogg.tsrv1.ws"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071036/; classtype:trojan-activity;sid:83934136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071037)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071037/; classtype:trojan-activity;sid:83934137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071038)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"blog.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071038/; classtype:trojan-activity;sid:83934138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071022)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"yzcplsibdtq.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071022/; classtype:trojan-activity;sid:83934122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071023)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071023/; classtype:trojan-activity;sid:83934123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071024)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cmp5itpp9h30577inogg.tsrv1.ws"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071024/; classtype:trojan-activity;sid:83934124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071025)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cmp5itpp9h30577inogg.tsrv1.ws"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071025/; classtype:trojan-activity;sid:83934125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071026)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mail.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071026/; classtype:trojan-activity;sid:83934126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071027)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"blog.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071027/; classtype:trojan-activity;sid:83934127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071028)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1855e8b9-5b39-418e-b53e-3259c2f0c3fc.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071028/; classtype:trojan-activity;sid:83934128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071029)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"226b8f14-a155-4dbb-88f2-b146941c2fc9.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071029/; classtype:trojan-activity;sid:83934129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071030)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"450d4a71-458d-4d35-bd01-b075cdb0d900.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071030/; classtype:trojan-activity;sid:83934130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071031)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1855e8b9-5b39-418e-b53e-3259c2f0c3fc.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071031/; classtype:trojan-activity;sid:83934131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071018)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"help.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071018/; classtype:trojan-activity;sid:83934118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071019)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"cpanel.tsrv1.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071019/; classtype:trojan-activity;sid:83934119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071020)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"support.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071020/; classtype:trojan-activity;sid:83934120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071021)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"de91e0c0-23c2-457f-9d5d-21e0ce13ac57.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071021/; classtype:trojan-activity;sid:83934121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071015)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"450d4a71-458d-4d35-bd01-b075cdb0d900.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071015/; classtype:trojan-activity;sid:83934115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071016)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"cpanel.tsrv1.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071016/; classtype:trojan-activity;sid:83934116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071017)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071017/; classtype:trojan-activity;sid:83934117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071012)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"3746c740-22d8-4bc2-9f60-c6c8db13ee88.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071012/; classtype:trojan-activity;sid:83934112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071013)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5913942c-0d07-4809-a743-1db0a1076c8f.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071013/; classtype:trojan-activity;sid:83934113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071003)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ujkujiiempp.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071003/; classtype:trojan-activity;sid:83934103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071004)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"92803df9-8cd5-43dd-811b-f2840cdabc14.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071004/; classtype:trojan-activity;sid:83934104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071005)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"d166ab3b-91ab-410f-a50d-c702fa55858d.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071005/; classtype:trojan-activity;sid:83934105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071006)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1855e8b9-5b39-418e-b53e-3259c2f0c3fc.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071006/; classtype:trojan-activity;sid:83934106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071007)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"de91e0c0-23c2-457f-9d5d-21e0ce13ac57.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071007/; classtype:trojan-activity;sid:83934107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071008)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"226b8f14-a155-4dbb-88f2-b146941c2fc9.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071008/; classtype:trojan-activity;sid:83934108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071009)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1855e8b9-5b39-418e-b53e-3259c2f0c3fc.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071009/; classtype:trojan-activity;sid:83934109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071010)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071010/; classtype:trojan-activity;sid:83934110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071011)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071011/; classtype:trojan-activity;sid:83934111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070995)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"cmp5itpp9h30577inogg.tsrv1.ws"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070995/; classtype:trojan-activity;sid:83934095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070996)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"blog.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070996/; classtype:trojan-activity;sid:83934096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070997)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"cmp5itpp9h30577inogg.tsrv1.ws"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070997/; classtype:trojan-activity;sid:83934097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070998)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cmp5itpp9h30577inogg.tsrv1.ws"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070998/; classtype:trojan-activity;sid:83934098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070999)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"stltpweavzg.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070999/; classtype:trojan-activity;sid:83934099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071000)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"1855e8b9-5b39-418e-b53e-3259c2f0c3fc.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071000/; classtype:trojan-activity;sid:83934100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071001)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"3746c740-22d8-4bc2-9f60-c6c8db13ee88.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071001/; classtype:trojan-activity;sid:83934101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071002)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"450d4a71-458d-4d35-bd01-b075cdb0d900.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071002/; classtype:trojan-activity;sid:83934102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070986)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"53e2e72e-92ec-45bd-b5bf-5230e35c1564.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070986/; classtype:trojan-activity;sid:83934086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070987)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"docs.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070987/; classtype:trojan-activity;sid:83934087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070988)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"225c2cd6-cbd3-4ac2-8464-cc7686273c9c.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070988/; classtype:trojan-activity;sid:83934088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070989)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"smtp.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070989/; classtype:trojan-activity;sid:83934089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070990)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"ujkujiiempp.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070990/; classtype:trojan-activity;sid:83934090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070991)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"community.tsrv1.ws"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070991/; classtype:trojan-activity;sid:83934091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070992)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"450d4a71-458d-4d35-bd01-b075cdb0d900.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070992/; classtype:trojan-activity;sid:83934092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070993)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cmp5itpp9h30577inogg.tsrv1.ws"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070993/; classtype:trojan-activity;sid:83934093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070994)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070994/; classtype:trojan-activity;sid:83934094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070978)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"226b8f14-a155-4dbb-88f2-b146941c2fc9.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070978/; classtype:trojan-activity;sid:83934078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070979)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070979/; classtype:trojan-activity;sid:83934079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070980)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070980/; classtype:trojan-activity;sid:83934080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070981)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"226b8f14-a155-4dbb-88f2-b146941c2fc9.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070981/; classtype:trojan-activity;sid:83934081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070984)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"dfmtjmptskr.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070984/; classtype:trojan-activity;sid:83934084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070985)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"support.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070985/; classtype:trojan-activity;sid:83934085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070976)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070976/; classtype:trojan-activity;sid:83934076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070977)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1090ce78-a573-43df-908b-4bc549764a3a.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070977/; classtype:trojan-activity;sid:83934077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070968)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"admin.tsrv1.ws"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070968/; classtype:trojan-activity;sid:83934068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070969)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"ujkujiiempp.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070969/; classtype:trojan-activity;sid:83934069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070970)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"226b8f14-a155-4dbb-88f2-b146941c2fc9.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070970/; classtype:trojan-activity;sid:83934070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070971)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"53e2e72e-92ec-45bd-b5bf-5230e35c1564.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070971/; classtype:trojan-activity;sid:83934071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070972)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"support.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070972/; classtype:trojan-activity;sid:83934072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070973)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070973/; classtype:trojan-activity;sid:83934073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070974)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070974/; classtype:trojan-activity;sid:83934074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070975)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"d166ab3b-91ab-410f-a50d-c702fa55858d.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070975/; classtype:trojan-activity;sid:83934075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070959)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070959/; classtype:trojan-activity;sid:83934059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070960)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"blog.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070960/; classtype:trojan-activity;sid:83934060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070962)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1090ce78-a573-43df-908b-4bc549764a3a.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070962/; classtype:trojan-activity;sid:83934062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070963)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"yzcplsibdtq.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070963/; classtype:trojan-activity;sid:83934063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070964)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"yzcplsibdtq.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070964/; classtype:trojan-activity;sid:83934064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070965)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070965/; classtype:trojan-activity;sid:83934065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070966)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070966/; classtype:trojan-activity;sid:83934066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070967)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ujkujiiempp.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070967/; classtype:trojan-activity;sid:83934067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070955)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.172.89.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070955/; classtype:trojan-activity;sid:83934055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070956)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5913942c-0d07-4809-a743-1db0a1076c8f.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070956/; classtype:trojan-activity;sid:83934056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070957)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"stltpweavzg.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070957/; classtype:trojan-activity;sid:83934057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070954)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"community.tsrv1.ws"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070954/; classtype:trojan-activity;sid:83934054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070946)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"admin.tsrv1.ws"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070946/; classtype:trojan-activity;sid:83934046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070947)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070947/; classtype:trojan-activity;sid:83934047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070948)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"yzcplsibdtq.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070948/; classtype:trojan-activity;sid:83934048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070949)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070949/; classtype:trojan-activity;sid:83934049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070950)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"nstools.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070950/; classtype:trojan-activity;sid:83934050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070951)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ujkujiiempp.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070951/; classtype:trojan-activity;sid:83934051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070952)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"1090ce78-a573-43df-908b-4bc549764a3a.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070952/; classtype:trojan-activity;sid:83934052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070953)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dfmtjmptskr.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070953/; classtype:trojan-activity;sid:83934053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070930)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"smtp.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070930/; classtype:trojan-activity;sid:83934030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070931)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070931/; classtype:trojan-activity;sid:83934031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070932)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"docs.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070932/; classtype:trojan-activity;sid:83934032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070933)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"blog.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070933/; classtype:trojan-activity;sid:83934033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070934)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070934/; classtype:trojan-activity;sid:83934034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070935)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070935/; classtype:trojan-activity;sid:83934035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070936)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mail.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070936/; classtype:trojan-activity;sid:83934036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070937)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"community.tsrv1.ws"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070937/; classtype:trojan-activity;sid:83934037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070938)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"blog.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070938/; classtype:trojan-activity;sid:83934038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070939)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mail.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070939/; classtype:trojan-activity;sid:83934039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070940)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070940/; classtype:trojan-activity;sid:83934040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070941)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070941/; classtype:trojan-activity;sid:83934041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070942)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070942/; classtype:trojan-activity;sid:83934042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070943)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"community.tsrv1.ws"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070943/; classtype:trojan-activity;sid:83934043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070944)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070944/; classtype:trojan-activity;sid:83934044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070945)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"225c2cd6-cbd3-4ac2-8464-cc7686273c9c.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070945/; classtype:trojan-activity;sid:83934045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070925)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"docs.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070925/; classtype:trojan-activity;sid:83934025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070926)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070926/; classtype:trojan-activity;sid:83934026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070927)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070927/; classtype:trojan-activity;sid:83934027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070928)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070928/; classtype:trojan-activity;sid:83934028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070929)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"225c2cd6-cbd3-4ac2-8464-cc7686273c9c.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070929/; classtype:trojan-activity;sid:83934029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070924)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"help.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070924/; classtype:trojan-activity;sid:83934024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070922)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"225c2cd6-cbd3-4ac2-8464-cc7686273c9c.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070922/; classtype:trojan-activity;sid:83934022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070923)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"community.tsrv1.ws"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070923/; classtype:trojan-activity;sid:83934023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070919)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5913942c-0d07-4809-a743-1db0a1076c8f.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070919/; classtype:trojan-activity;sid:83934019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070920)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070920/; classtype:trojan-activity;sid:83934020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070921)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"help.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070921/; classtype:trojan-activity;sid:83934021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070913)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mail.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070913/; classtype:trojan-activity;sid:83934013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070914)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"docs.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070914/; classtype:trojan-activity;sid:83934014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070915)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070915/; classtype:trojan-activity;sid:83934015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070916)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"yzcplsibdtq.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070916/; classtype:trojan-activity;sid:83934016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070917)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070917/; classtype:trojan-activity;sid:83934017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070918)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"3746c740-22d8-4bc2-9f60-c6c8db13ee88.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070918/; classtype:trojan-activity;sid:83934018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070903)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"225c2cd6-cbd3-4ac2-8464-cc7686273c9c.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070903/; classtype:trojan-activity;sid:83934003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070904)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mail.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070904/; classtype:trojan-activity;sid:83934004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070905)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"smtp.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070905/; classtype:trojan-activity;sid:83934005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070906)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dfmtjmptskr.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070906/; classtype:trojan-activity;sid:83934006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070907)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a012a656-f566-48a1-afad-3dcc46018380.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070907/; classtype:trojan-activity;sid:83934007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070908)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070908/; classtype:trojan-activity;sid:83934008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070909)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"a012a656-f566-48a1-afad-3dcc46018380.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070909/; classtype:trojan-activity;sid:83934009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070910)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"stltpweavzg.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070910/; classtype:trojan-activity;sid:83934010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070911)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"5913942c-0d07-4809-a743-1db0a1076c8f.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070911/; classtype:trojan-activity;sid:83934011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070912)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"help.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070912/; classtype:trojan-activity;sid:83934012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070894)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"blog.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070894/; classtype:trojan-activity;sid:83933994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070895)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"225c2cd6-cbd3-4ac2-8464-cc7686273c9c.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070895/; classtype:trojan-activity;sid:83933995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070896)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070896/; classtype:trojan-activity;sid:83933996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070897)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"admin.tsrv1.ws"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070897/; classtype:trojan-activity;sid:83933997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070898)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"3746c740-22d8-4bc2-9f60-c6c8db13ee88.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070898/; classtype:trojan-activity;sid:83933998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070899)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1090ce78-a573-43df-908b-4bc549764a3a.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070899/; classtype:trojan-activity;sid:83933999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070900)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mail.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070900/; classtype:trojan-activity;sid:83934000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070901)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"92803df9-8cd5-43dd-811b-f2840cdabc14.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070901/; classtype:trojan-activity;sid:83934001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070902)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"5913942c-0d07-4809-a743-1db0a1076c8f.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070902/; classtype:trojan-activity;sid:83934002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070888)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"smtp.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070888/; classtype:trojan-activity;sid:83933988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070889)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nstools.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070889/; classtype:trojan-activity;sid:83933989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070890)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"admin.tsrv1.ws"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070890/; classtype:trojan-activity;sid:83933990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070891)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"blog.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070891/; classtype:trojan-activity;sid:83933991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070892)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ujkujiiempp.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070892/; classtype:trojan-activity;sid:83933992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070893)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"dfmtjmptskr.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070893/; classtype:trojan-activity;sid:83933993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070886)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ujkujiiempp.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070886/; classtype:trojan-activity;sid:83933986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070887)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"community.tsrv1.ws"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070887/; classtype:trojan-activity;sid:83933987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070885)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1090ce78-a573-43df-908b-4bc549764a3a.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070885/; classtype:trojan-activity;sid:83933985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070884)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"admin.tsrv1.ws"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070884/; classtype:trojan-activity;sid:83933984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070882)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"smtp.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070882/; classtype:trojan-activity;sid:83933982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070883)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"smtp.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070883/; classtype:trojan-activity;sid:83933983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070881)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"dfmtjmptskr.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070881/; classtype:trojan-activity;sid:83933981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070878)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070878/; classtype:trojan-activity;sid:83933978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070879)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"3746c740-22d8-4bc2-9f60-c6c8db13ee88.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070879/; classtype:trojan-activity;sid:83933979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070880)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"nstools.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070880/; classtype:trojan-activity;sid:83933980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070871)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mail.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070871/; classtype:trojan-activity;sid:83933971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070872)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070872/; classtype:trojan-activity;sid:83933972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070873)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"a012a656-f566-48a1-afad-3dcc46018380.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070873/; classtype:trojan-activity;sid:83933973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070874)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"blog.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070874/; classtype:trojan-activity;sid:83933974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070875)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ujkujiiempp.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070875/; classtype:trojan-activity;sid:83933975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070876)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a012a656-f566-48a1-afad-3dcc46018380.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070876/; classtype:trojan-activity;sid:83933976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070877)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mail.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070877/; classtype:trojan-activity;sid:83933977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070868)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mail.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070868/; classtype:trojan-activity;sid:83933968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070869)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070869/; classtype:trojan-activity;sid:83933969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070870)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mail.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070870/; classtype:trojan-activity;sid:83933970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070866)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5913942c-0d07-4809-a743-1db0a1076c8f.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070866/; classtype:trojan-activity;sid:83933966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070867)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mail.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070867/; classtype:trojan-activity;sid:83933967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070860)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"smtp.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070860/; classtype:trojan-activity;sid:83933960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070861)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"1090ce78-a573-43df-908b-4bc549764a3a.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070861/; classtype:trojan-activity;sid:83933961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070862)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070862/; classtype:trojan-activity;sid:83933962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070863)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"blog.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070863/; classtype:trojan-activity;sid:83933963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070864)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070864/; classtype:trojan-activity;sid:83933964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070865)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070865/; classtype:trojan-activity;sid:83933965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070853)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"community.tsrv1.ws"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070853/; classtype:trojan-activity;sid:83933953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070854)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dfmtjmptskr.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070854/; classtype:trojan-activity;sid:83933954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070855)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dfmtjmptskr.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070855/; classtype:trojan-activity;sid:83933955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070856)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.171.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070856/; classtype:trojan-activity;sid:83933956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070857)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"admin.tsrv1.ws"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070857/; classtype:trojan-activity;sid:83933957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070858)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"nstools.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070858/; classtype:trojan-activity;sid:83933958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070859)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"help.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070859/; classtype:trojan-activity;sid:83933959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070850)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070850/; classtype:trojan-activity;sid:83933950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070851)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"yzcplsibdtq.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070851/; classtype:trojan-activity;sid:83933951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070852)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"225c2cd6-cbd3-4ac2-8464-cc7686273c9c.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070852/; classtype:trojan-activity;sid:83933952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070848)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"92803df9-8cd5-43dd-811b-f2840cdabc14.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070848/; classtype:trojan-activity;sid:83933948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070849)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"nstools.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070849/; classtype:trojan-activity;sid:83933949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070846)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"community.tsrv1.ws"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070846/; classtype:trojan-activity;sid:83933946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070847)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ujkujiiempp.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070847/; classtype:trojan-activity;sid:83933947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070844)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"b6bc745a-7b5c-4d56-ab6c-0dd2982cb122.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070844/; classtype:trojan-activity;sid:83933944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070845)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ujkujiiempp.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070845/; classtype:trojan-activity;sid:83933945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070838)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"b6bc745a-7b5c-4d56-ab6c-0dd2982cb122.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070838/; classtype:trojan-activity;sid:83933938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070839)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"stltpweavzg.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070839/; classtype:trojan-activity;sid:83933939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070840)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"smtp.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070840/; classtype:trojan-activity;sid:83933940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070841)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5913942c-0d07-4809-a743-1db0a1076c8f.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070841/; classtype:trojan-activity;sid:83933941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070842)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"3746c740-22d8-4bc2-9f60-c6c8db13ee88.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070842/; classtype:trojan-activity;sid:83933942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070843)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"admin.tsrv1.ws"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070843/; classtype:trojan-activity;sid:83933943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070828)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070828/; classtype:trojan-activity;sid:83933928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070829)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a012a656-f566-48a1-afad-3dcc46018380.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070829/; classtype:trojan-activity;sid:83933929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070830)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"a012a656-f566-48a1-afad-3dcc46018380.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070830/; classtype:trojan-activity;sid:83933930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070831)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"3746c740-22d8-4bc2-9f60-c6c8db13ee88.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070831/; classtype:trojan-activity;sid:83933931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070832)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ujkujiiempp.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070832/; classtype:trojan-activity;sid:83933932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070833)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"community.tsrv1.ws"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070833/; classtype:trojan-activity;sid:83933933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070834)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"a012a656-f566-48a1-afad-3dcc46018380.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070834/; classtype:trojan-activity;sid:83933934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070835)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"help.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070835/; classtype:trojan-activity;sid:83933935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070836)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070836/; classtype:trojan-activity;sid:83933936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070837)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070837/; classtype:trojan-activity;sid:83933937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070823)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070823/; classtype:trojan-activity;sid:83933923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070824)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070824/; classtype:trojan-activity;sid:83933924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070825)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"1090ce78-a573-43df-908b-4bc549764a3a.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070825/; classtype:trojan-activity;sid:83933925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070826)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"community.tsrv1.ws"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070826/; classtype:trojan-activity;sid:83933926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070827)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070827/; classtype:trojan-activity;sid:83933927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070820)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nstools.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070820/; classtype:trojan-activity;sid:83933920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070821)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nstools.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070821/; classtype:trojan-activity;sid:83933921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070822)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"docs.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070822/; classtype:trojan-activity;sid:83933922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070816)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"nstools.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070816/; classtype:trojan-activity;sid:83933916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070817)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"docs.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070817/; classtype:trojan-activity;sid:83933917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070818)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"3746c740-22d8-4bc2-9f60-c6c8db13ee88.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070818/; classtype:trojan-activity;sid:83933918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070819)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"1090ce78-a573-43df-908b-4bc549764a3a.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070819/; classtype:trojan-activity;sid:83933919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070811)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"stltpweavzg.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070811/; classtype:trojan-activity;sid:83933911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070812)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"5913942c-0d07-4809-a743-1db0a1076c8f.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070812/; classtype:trojan-activity;sid:83933912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070813)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"a012a656-f566-48a1-afad-3dcc46018380.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070813/; classtype:trojan-activity;sid:83933913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070814)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070814/; classtype:trojan-activity;sid:83933914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070815)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070815/; classtype:trojan-activity;sid:83933915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070808)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"92803df9-8cd5-43dd-811b-f2840cdabc14.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070808/; classtype:trojan-activity;sid:83933908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070809)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070809/; classtype:trojan-activity;sid:83933909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070810)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"admin.tsrv1.ws"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070810/; classtype:trojan-activity;sid:83933910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070807)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"smtp.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070807/; classtype:trojan-activity;sid:83933907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070802)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mail.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070802/; classtype:trojan-activity;sid:83933902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070803)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"help.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070803/; classtype:trojan-activity;sid:83933903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070804)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070804/; classtype:trojan-activity;sid:83933904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070805)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"stltpweavzg.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070805/; classtype:trojan-activity;sid:83933905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070806)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070806/; classtype:trojan-activity;sid:83933906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070792)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"blog.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070792/; classtype:trojan-activity;sid:83933892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070793)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"a012a656-f566-48a1-afad-3dcc46018380.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070793/; classtype:trojan-activity;sid:83933893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070794)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"a012a656-f566-48a1-afad-3dcc46018380.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070794/; classtype:trojan-activity;sid:83933894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070795)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"blog.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070795/; classtype:trojan-activity;sid:83933895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070796)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dfmtjmptskr.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070796/; classtype:trojan-activity;sid:83933896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070797)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92803df9-8cd5-43dd-811b-f2840cdabc14.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070797/; classtype:trojan-activity;sid:83933897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070798)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"b6bc745a-7b5c-4d56-ab6c-0dd2982cb122.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070798/; classtype:trojan-activity;sid:83933898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070799)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dfmtjmptskr.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070799/; classtype:trojan-activity;sid:83933899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070800)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"a012a656-f566-48a1-afad-3dcc46018380.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070800/; classtype:trojan-activity;sid:83933900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070801)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"community.tsrv1.ws"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070801/; classtype:trojan-activity;sid:83933901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070782)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ujkujiiempp.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070782/; classtype:trojan-activity;sid:83933882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070783)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070783/; classtype:trojan-activity;sid:83933883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070784)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"help.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070784/; classtype:trojan-activity;sid:83933884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070785)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"dfmtjmptskr.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070785/; classtype:trojan-activity;sid:83933885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070786)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"docs.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070786/; classtype:trojan-activity;sid:83933886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070787)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"help.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070787/; classtype:trojan-activity;sid:83933887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070788)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070788/; classtype:trojan-activity;sid:83933888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070789)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"docs.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070789/; classtype:trojan-activity;sid:83933889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070790)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"admin.tsrv1.ws"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070790/; classtype:trojan-activity;sid:83933890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070791)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"yzcplsibdtq.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070791/; classtype:trojan-activity;sid:83933891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070778)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"225c2cd6-cbd3-4ac2-8464-cc7686273c9c.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070778/; classtype:trojan-activity;sid:83933878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070779)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070779/; classtype:trojan-activity;sid:83933879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070780)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.171.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070780/; classtype:trojan-activity;sid:83933880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070781)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"b6bc745a-7b5c-4d56-ab6c-0dd2982cb122.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070781/; classtype:trojan-activity;sid:83933881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070777)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070777/; classtype:trojan-activity;sid:83933877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070773)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mail.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070773/; classtype:trojan-activity;sid:83933873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070774)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070774/; classtype:trojan-activity;sid:83933874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070775)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"b6bc745a-7b5c-4d56-ab6c-0dd2982cb122.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070775/; classtype:trojan-activity;sid:83933875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070776)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"community.tsrv1.ws"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070776/; classtype:trojan-activity;sid:83933876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070772)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"community.tsrv1.ws"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070772/; classtype:trojan-activity;sid:83933872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070771)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"blog.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070771/; classtype:trojan-activity;sid:83933871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070770)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"b6bc745a-7b5c-4d56-ab6c-0dd2982cb122.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070770/; classtype:trojan-activity;sid:83933870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070768)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070768/; classtype:trojan-activity;sid:83933868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070769)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dfmtjmptskr.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070769/; classtype:trojan-activity;sid:83933869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070765)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070765/; classtype:trojan-activity;sid:83933865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070766)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070766/; classtype:trojan-activity;sid:83933866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070767)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070767/; classtype:trojan-activity;sid:83933867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070762)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"stltpweavzg.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070762/; classtype:trojan-activity;sid:83933862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070763)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"stltpweavzg.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070763/; classtype:trojan-activity;sid:83933863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070764)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070764/; classtype:trojan-activity;sid:83933864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070757)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a012a656-f566-48a1-afad-3dcc46018380.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070757/; classtype:trojan-activity;sid:83933857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070758)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"help.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070758/; classtype:trojan-activity;sid:83933858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070759)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ujkujiiempp.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070759/; classtype:trojan-activity;sid:83933859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070760)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070760/; classtype:trojan-activity;sid:83933860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070761)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1090ce78-a573-43df-908b-4bc549764a3a.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070761/; classtype:trojan-activity;sid:83933861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070746)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92803df9-8cd5-43dd-811b-f2840cdabc14.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070746/; classtype:trojan-activity;sid:83933846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070747)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"smtp.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070747/; classtype:trojan-activity;sid:83933847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070748)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"5913942c-0d07-4809-a743-1db0a1076c8f.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070748/; classtype:trojan-activity;sid:83933848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070749)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5913942c-0d07-4809-a743-1db0a1076c8f.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070749/; classtype:trojan-activity;sid:83933849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070750)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070750/; classtype:trojan-activity;sid:83933850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070751)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070751/; classtype:trojan-activity;sid:83933851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070752)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"nstools.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070752/; classtype:trojan-activity;sid:83933852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070753)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070753/; classtype:trojan-activity;sid:83933853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070754)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070754/; classtype:trojan-activity;sid:83933854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070755)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dfmtjmptskr.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070755/; classtype:trojan-activity;sid:83933855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070756)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070756/; classtype:trojan-activity;sid:83933856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070742)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070742/; classtype:trojan-activity;sid:83933842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070743)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"92803df9-8cd5-43dd-811b-f2840cdabc14.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070743/; classtype:trojan-activity;sid:83933843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070744)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"community.tsrv1.ws"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070744/; classtype:trojan-activity;sid:83933844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070745)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"help.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070745/; classtype:trojan-activity;sid:83933845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070735)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1090ce78-a573-43df-908b-4bc549764a3a.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070735/; classtype:trojan-activity;sid:83933835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070736)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"community.tsrv1.ws"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070736/; classtype:trojan-activity;sid:83933836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070737)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070737/; classtype:trojan-activity;sid:83933837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070738)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070738/; classtype:trojan-activity;sid:83933838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070739)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"docs.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070739/; classtype:trojan-activity;sid:83933839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070740)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mail.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070740/; classtype:trojan-activity;sid:83933840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070741)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"nstools.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070741/; classtype:trojan-activity;sid:83933841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070732)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070732/; classtype:trojan-activity;sid:83933832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070733)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"stltpweavzg.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070733/; classtype:trojan-activity;sid:83933833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070734)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070734/; classtype:trojan-activity;sid:83933834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070731)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"admin.tsrv1.ws"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070731/; classtype:trojan-activity;sid:83933831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070727)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"1090ce78-a573-43df-908b-4bc549764a3a.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070727/; classtype:trojan-activity;sid:83933827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070728)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1090ce78-a573-43df-908b-4bc549764a3a.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070728/; classtype:trojan-activity;sid:83933828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070729)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"stltpweavzg.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070729/; classtype:trojan-activity;sid:83933829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070730)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"community.tsrv1.ws"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070730/; classtype:trojan-activity;sid:83933830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070723)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1090ce78-a573-43df-908b-4bc549764a3a.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070723/; classtype:trojan-activity;sid:83933823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070724)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070724/; classtype:trojan-activity;sid:83933824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070725)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"yzcplsibdtq.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070725/; classtype:trojan-activity;sid:83933825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070726)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070726/; classtype:trojan-activity;sid:83933826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070722)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ujkujiiempp.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070722/; classtype:trojan-activity;sid:83933822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070718)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"3746c740-22d8-4bc2-9f60-c6c8db13ee88.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070718/; classtype:trojan-activity;sid:83933818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070719)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070719/; classtype:trojan-activity;sid:83933819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070720)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070720/; classtype:trojan-activity;sid:83933820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070721)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"yzcplsibdtq.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070721/; classtype:trojan-activity;sid:83933821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070714)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070714/; classtype:trojan-activity;sid:83933814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070715)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ujkujiiempp.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070715/; classtype:trojan-activity;sid:83933815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070716)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"b6bc745a-7b5c-4d56-ab6c-0dd2982cb122.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070716/; classtype:trojan-activity;sid:83933816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070717)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a012a656-f566-48a1-afad-3dcc46018380.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070717/; classtype:trojan-activity;sid:83933817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070708)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"blog.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070708/; classtype:trojan-activity;sid:83933808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070709)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"225c2cd6-cbd3-4ac2-8464-cc7686273c9c.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070709/; classtype:trojan-activity;sid:83933809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070710)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"smtp.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070710/; classtype:trojan-activity;sid:83933810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070711)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"92803df9-8cd5-43dd-811b-f2840cdabc14.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070711/; classtype:trojan-activity;sid:83933811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070712)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"yzcplsibdtq.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070712/; classtype:trojan-activity;sid:83933812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070713)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"blog.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070713/; classtype:trojan-activity;sid:83933813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070702)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"docs.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070702/; classtype:trojan-activity;sid:83933802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070703)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"b6bc745a-7b5c-4d56-ab6c-0dd2982cb122.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070703/; classtype:trojan-activity;sid:83933803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070704)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"smtp.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070704/; classtype:trojan-activity;sid:83933804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070705)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070705/; classtype:trojan-activity;sid:83933805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070706)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070706/; classtype:trojan-activity;sid:83933806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070707)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mail.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070707/; classtype:trojan-activity;sid:83933807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070697)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92803df9-8cd5-43dd-811b-f2840cdabc14.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070697/; classtype:trojan-activity;sid:83933797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070698)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070698/; classtype:trojan-activity;sid:83933798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070699)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5913942c-0d07-4809-a743-1db0a1076c8f.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070699/; classtype:trojan-activity;sid:83933799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070700)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"docs.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070700/; classtype:trojan-activity;sid:83933800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070701)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ujkujiiempp.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070701/; classtype:trojan-activity;sid:83933801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070694)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ujkujiiempp.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070694/; classtype:trojan-activity;sid:83933794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070695)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5913942c-0d07-4809-a743-1db0a1076c8f.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070695/; classtype:trojan-activity;sid:83933795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070696)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070696/; classtype:trojan-activity;sid:83933796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070692)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"yzcplsibdtq.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070692/; classtype:trojan-activity;sid:83933792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070693)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"admin.tsrv1.ws"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070693/; classtype:trojan-activity;sid:83933793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070686)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"blog.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070686/; classtype:trojan-activity;sid:83933786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070687)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"3746c740-22d8-4bc2-9f60-c6c8db13ee88.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070687/; classtype:trojan-activity;sid:83933787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070688)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070688/; classtype:trojan-activity;sid:83933788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070689)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070689/; classtype:trojan-activity;sid:83933789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070690)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070690/; classtype:trojan-activity;sid:83933790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070691)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nstools.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070691/; classtype:trojan-activity;sid:83933791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070677)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070677/; classtype:trojan-activity;sid:83933777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070678)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"smtp.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070678/; classtype:trojan-activity;sid:83933778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070679)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"92803df9-8cd5-43dd-811b-f2840cdabc14.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070679/; classtype:trojan-activity;sid:83933779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070680)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070680/; classtype:trojan-activity;sid:83933780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070681)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"a012a656-f566-48a1-afad-3dcc46018380.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070681/; classtype:trojan-activity;sid:83933781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070682)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"1090ce78-a573-43df-908b-4bc549764a3a.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070682/; classtype:trojan-activity;sid:83933782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070683)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"blog.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070683/; classtype:trojan-activity;sid:83933783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070684)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"yzcplsibdtq.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070684/; classtype:trojan-activity;sid:83933784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070685)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"blog.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070685/; classtype:trojan-activity;sid:83933785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070670)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"stltpweavzg.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070670/; classtype:trojan-activity;sid:83933770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070671)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ujkujiiempp.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070671/; classtype:trojan-activity;sid:83933771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070672)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070672/; classtype:trojan-activity;sid:83933772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070673)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92803df9-8cd5-43dd-811b-f2840cdabc14.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070673/; classtype:trojan-activity;sid:83933773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070674)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"nstools.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070674/; classtype:trojan-activity;sid:83933774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070675)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"community.tsrv1.ws"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070675/; classtype:trojan-activity;sid:83933775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070676)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mail.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070676/; classtype:trojan-activity;sid:83933776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070668)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92803df9-8cd5-43dd-811b-f2840cdabc14.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070668/; classtype:trojan-activity;sid:83933768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070669)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"3746c740-22d8-4bc2-9f60-c6c8db13ee88.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070669/; classtype:trojan-activity;sid:83933769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070667)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070667/; classtype:trojan-activity;sid:83933767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070663)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"dfmtjmptskr.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070663/; classtype:trojan-activity;sid:83933763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070664)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nstools.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070664/; classtype:trojan-activity;sid:83933764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070665)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5913942c-0d07-4809-a743-1db0a1076c8f.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070665/; classtype:trojan-activity;sid:83933765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070666)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"blog.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070666/; classtype:trojan-activity;sid:83933766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070657)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"help.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070657/; classtype:trojan-activity;sid:83933757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070658)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1090ce78-a573-43df-908b-4bc549764a3a.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070658/; classtype:trojan-activity;sid:83933758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070659)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5913942c-0d07-4809-a743-1db0a1076c8f.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070659/; classtype:trojan-activity;sid:83933759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070660)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"1090ce78-a573-43df-908b-4bc549764a3a.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070660/; classtype:trojan-activity;sid:83933760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070661)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"admin.tsrv1.ws"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070661/; classtype:trojan-activity;sid:83933761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070662)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"admin.tsrv1.ws"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070662/; classtype:trojan-activity;sid:83933762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070646)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"225c2cd6-cbd3-4ac2-8464-cc7686273c9c.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070646/; classtype:trojan-activity;sid:83933746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070647)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"yzcplsibdtq.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070647/; classtype:trojan-activity;sid:83933747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070648)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"stltpweavzg.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070648/; classtype:trojan-activity;sid:83933748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070649)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070649/; classtype:trojan-activity;sid:83933749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070650)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"admin.tsrv1.ws"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070650/; classtype:trojan-activity;sid:83933750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070651)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"b6bc745a-7b5c-4d56-ab6c-0dd2982cb122.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070651/; classtype:trojan-activity;sid:83933751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070652)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"yzcplsibdtq.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070652/; classtype:trojan-activity;sid:83933752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070653)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"yzcplsibdtq.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070653/; classtype:trojan-activity;sid:83933753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070654)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070654/; classtype:trojan-activity;sid:83933754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070655)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"smtp.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070655/; classtype:trojan-activity;sid:83933755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070656)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"yzcplsibdtq.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070656/; classtype:trojan-activity;sid:83933756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070645)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"blog.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070645/; classtype:trojan-activity;sid:83933745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070633)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"b6bc745a-7b5c-4d56-ab6c-0dd2982cb122.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070633/; classtype:trojan-activity;sid:83933733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070634)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"b6bc745a-7b5c-4d56-ab6c-0dd2982cb122.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070634/; classtype:trojan-activity;sid:83933734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070635)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070635/; classtype:trojan-activity;sid:83933735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070636)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"b6bc745a-7b5c-4d56-ab6c-0dd2982cb122.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070636/; classtype:trojan-activity;sid:83933736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070637)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a012a656-f566-48a1-afad-3dcc46018380.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070637/; classtype:trojan-activity;sid:83933737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070638)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nstools.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070638/; classtype:trojan-activity;sid:83933738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070639)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"a012a656-f566-48a1-afad-3dcc46018380.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070639/; classtype:trojan-activity;sid:83933739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070640)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ujkujiiempp.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070640/; classtype:trojan-activity;sid:83933740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070641)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"smtp.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070641/; classtype:trojan-activity;sid:83933741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070642)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070642/; classtype:trojan-activity;sid:83933742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070643)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"3746c740-22d8-4bc2-9f60-c6c8db13ee88.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070643/; classtype:trojan-activity;sid:83933743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070644)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a012a656-f566-48a1-afad-3dcc46018380.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070644/; classtype:trojan-activity;sid:83933744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070626)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"b6bc745a-7b5c-4d56-ab6c-0dd2982cb122.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070626/; classtype:trojan-activity;sid:83933726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070627)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"docs.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070627/; classtype:trojan-activity;sid:83933727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070628)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5913942c-0d07-4809-a743-1db0a1076c8f.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070628/; classtype:trojan-activity;sid:83933728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070629)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"blog.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070629/; classtype:trojan-activity;sid:83933729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070630)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5913942c-0d07-4809-a743-1db0a1076c8f.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070630/; classtype:trojan-activity;sid:83933730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070631)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"stltpweavzg.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070631/; classtype:trojan-activity;sid:83933731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070632)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070632/; classtype:trojan-activity;sid:83933732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070623)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"stltpweavzg.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070623/; classtype:trojan-activity;sid:83933723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070624)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070624/; classtype:trojan-activity;sid:83933724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070625)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"stltpweavzg.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070625/; classtype:trojan-activity;sid:83933725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070618)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"225c2cd6-cbd3-4ac2-8464-cc7686273c9c.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070618/; classtype:trojan-activity;sid:83933718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070619)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"b6bc745a-7b5c-4d56-ab6c-0dd2982cb122.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070619/; classtype:trojan-activity;sid:83933719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070620)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mail.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070620/; classtype:trojan-activity;sid:83933720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070621)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"docs.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070621/; classtype:trojan-activity;sid:83933721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070622)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"smtp.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070622/; classtype:trojan-activity;sid:83933722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070611)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"b6bc745a-7b5c-4d56-ab6c-0dd2982cb122.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070611/; classtype:trojan-activity;sid:83933711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070612)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dfmtjmptskr.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070612/; classtype:trojan-activity;sid:83933712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070613)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"help.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070613/; classtype:trojan-activity;sid:83933713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070614)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070614/; classtype:trojan-activity;sid:83933714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070615)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"3746c740-22d8-4bc2-9f60-c6c8db13ee88.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070615/; classtype:trojan-activity;sid:83933715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070616)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070616/; classtype:trojan-activity;sid:83933716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070617)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"nstools.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070617/; classtype:trojan-activity;sid:83933717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070599)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1090ce78-a573-43df-908b-4bc549764a3a.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070599/; classtype:trojan-activity;sid:83933699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070600)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"1090ce78-a573-43df-908b-4bc549764a3a.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070600/; classtype:trojan-activity;sid:83933700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070601)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"a012a656-f566-48a1-afad-3dcc46018380.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070601/; classtype:trojan-activity;sid:83933701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070602)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"smtp.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070602/; classtype:trojan-activity;sid:83933702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070603)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"smtp.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070603/; classtype:trojan-activity;sid:83933703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070604)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"smtp.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070604/; classtype:trojan-activity;sid:83933704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070605)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070605/; classtype:trojan-activity;sid:83933705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070606)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070606/; classtype:trojan-activity;sid:83933706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070607)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"225c2cd6-cbd3-4ac2-8464-cc7686273c9c.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070607/; classtype:trojan-activity;sid:83933707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070608)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"92803df9-8cd5-43dd-811b-f2840cdabc14.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070608/; classtype:trojan-activity;sid:83933708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070609)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"stltpweavzg.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070609/; classtype:trojan-activity;sid:83933709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070610)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"1090ce78-a573-43df-908b-4bc549764a3a.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070610/; classtype:trojan-activity;sid:83933710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070589)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"docs.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070589/; classtype:trojan-activity;sid:83933689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070590)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"225c2cd6-cbd3-4ac2-8464-cc7686273c9c.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070590/; classtype:trojan-activity;sid:83933690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070591)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"225c2cd6-cbd3-4ac2-8464-cc7686273c9c.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070591/; classtype:trojan-activity;sid:83933691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070592)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"225c2cd6-cbd3-4ac2-8464-cc7686273c9c.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070592/; classtype:trojan-activity;sid:83933692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070593)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"225c2cd6-cbd3-4ac2-8464-cc7686273c9c.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070593/; classtype:trojan-activity;sid:83933693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070594)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070594/; classtype:trojan-activity;sid:83933694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070595)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"225c2cd6-cbd3-4ac2-8464-cc7686273c9c.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070595/; classtype:trojan-activity;sid:83933695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070596)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070596/; classtype:trojan-activity;sid:83933696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070597)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"blog.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070597/; classtype:trojan-activity;sid:83933697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070598)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"b6bc745a-7b5c-4d56-ab6c-0dd2982cb122.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070598/; classtype:trojan-activity;sid:83933698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070587)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"admin.tsrv1.ws"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070587/; classtype:trojan-activity;sid:83933687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070588)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"smtp.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070588/; classtype:trojan-activity;sid:83933688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070583)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"92803df9-8cd5-43dd-811b-f2840cdabc14.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070583/; classtype:trojan-activity;sid:83933683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070584)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dfmtjmptskr.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070584/; classtype:trojan-activity;sid:83933684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070585)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070585/; classtype:trojan-activity;sid:83933685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070586)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"1090ce78-a573-43df-908b-4bc549764a3a.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070586/; classtype:trojan-activity;sid:83933686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070581)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"dfmtjmptskr.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070581/; classtype:trojan-activity;sid:83933681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070582)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"92803df9-8cd5-43dd-811b-f2840cdabc14.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070582/; classtype:trojan-activity;sid:83933682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070578)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5913942c-0d07-4809-a743-1db0a1076c8f.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070578/; classtype:trojan-activity;sid:83933678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070579)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"community.tsrv1.ws"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070579/; classtype:trojan-activity;sid:83933679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070580)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1090ce78-a573-43df-908b-4bc549764a3a.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070580/; classtype:trojan-activity;sid:83933680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070572)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ujkujiiempp.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070572/; classtype:trojan-activity;sid:83933672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070573)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"help.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070573/; classtype:trojan-activity;sid:83933673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070574)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"225c2cd6-cbd3-4ac2-8464-cc7686273c9c.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070574/; classtype:trojan-activity;sid:83933674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070575)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"225c2cd6-cbd3-4ac2-8464-cc7686273c9c.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070575/; classtype:trojan-activity;sid:83933675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070576)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"3746c740-22d8-4bc2-9f60-c6c8db13ee88.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070576/; classtype:trojan-activity;sid:83933676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070577)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"help.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070577/; classtype:trojan-activity;sid:83933677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070564)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"3746c740-22d8-4bc2-9f60-c6c8db13ee88.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070564/; classtype:trojan-activity;sid:83933664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070565)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070565/; classtype:trojan-activity;sid:83933665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070566)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"community.tsrv1.ws"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070566/; classtype:trojan-activity;sid:83933666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070567)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"stltpweavzg.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070567/; classtype:trojan-activity;sid:83933667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070568)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dfmtjmptskr.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070568/; classtype:trojan-activity;sid:83933668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070569)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"225c2cd6-cbd3-4ac2-8464-cc7686273c9c.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070569/; classtype:trojan-activity;sid:83933669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070570)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"help.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070570/; classtype:trojan-activity;sid:83933670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070571)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070571/; classtype:trojan-activity;sid:83933671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070559)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070559/; classtype:trojan-activity;sid:83933659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070560)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"3746c740-22d8-4bc2-9f60-c6c8db13ee88.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070560/; classtype:trojan-activity;sid:83933660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070561)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92803df9-8cd5-43dd-811b-f2840cdabc14.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070561/; classtype:trojan-activity;sid:83933661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070562)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070562/; classtype:trojan-activity;sid:83933662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070563)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"stltpweavzg.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070563/; classtype:trojan-activity;sid:83933663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070553)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070553/; classtype:trojan-activity;sid:83933653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070554)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ujkujiiempp.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070554/; classtype:trojan-activity;sid:83933654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070555)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"smtp.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070555/; classtype:trojan-activity;sid:83933655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070556)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070556/; classtype:trojan-activity;sid:83933656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070557)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dfmtjmptskr.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070557/; classtype:trojan-activity;sid:83933657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070558)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070558/; classtype:trojan-activity;sid:83933658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070547)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5913942c-0d07-4809-a743-1db0a1076c8f.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070547/; classtype:trojan-activity;sid:83933647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070548)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"help.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070548/; classtype:trojan-activity;sid:83933648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070549)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070549/; classtype:trojan-activity;sid:83933649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070550)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mail.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070550/; classtype:trojan-activity;sid:83933650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070551)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070551/; classtype:trojan-activity;sid:83933651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070552)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"b6bc745a-7b5c-4d56-ab6c-0dd2982cb122.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070552/; classtype:trojan-activity;sid:83933652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070546)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.2.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070546/; classtype:trojan-activity;sid:83933646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070545)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"5913942c-0d07-4809-a743-1db0a1076c8f.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070545/; classtype:trojan-activity;sid:83933645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070542)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"yzcplsibdtq.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070542/; classtype:trojan-activity;sid:83933642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070543)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dfmtjmptskr.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070543/; classtype:trojan-activity;sid:83933643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070544)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"admin.tsrv1.ws"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070544/; classtype:trojan-activity;sid:83933644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070538)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dfmtjmptskr.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070538/; classtype:trojan-activity;sid:83933638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070539)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"admin.tsrv1.ws"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070539/; classtype:trojan-activity;sid:83933639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070540)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"3746c740-22d8-4bc2-9f60-c6c8db13ee88.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070540/; classtype:trojan-activity;sid:83933640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070541)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070541/; classtype:trojan-activity;sid:83933641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070531)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"docs.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070531/; classtype:trojan-activity;sid:83933631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070532)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070532/; classtype:trojan-activity;sid:83933632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070533)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"community.tsrv1.ws"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070533/; classtype:trojan-activity;sid:83933633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070534)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"stltpweavzg.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070534/; classtype:trojan-activity;sid:83933634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070535)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5913942c-0d07-4809-a743-1db0a1076c8f.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070535/; classtype:trojan-activity;sid:83933635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070536)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"stltpweavzg.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070536/; classtype:trojan-activity;sid:83933636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070537)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"92803df9-8cd5-43dd-811b-f2840cdabc14.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070537/; classtype:trojan-activity;sid:83933637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070516)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070516/; classtype:trojan-activity;sid:83933616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070517)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92803df9-8cd5-43dd-811b-f2840cdabc14.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070517/; classtype:trojan-activity;sid:83933617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070518)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mail.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070518/; classtype:trojan-activity;sid:83933618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070519)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"225c2cd6-cbd3-4ac2-8464-cc7686273c9c.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070519/; classtype:trojan-activity;sid:83933619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070520)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"3746c740-22d8-4bc2-9f60-c6c8db13ee88.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070520/; classtype:trojan-activity;sid:83933620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070521)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070521/; classtype:trojan-activity;sid:83933621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070522)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"5913942c-0d07-4809-a743-1db0a1076c8f.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070522/; classtype:trojan-activity;sid:83933622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070523)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ujkujiiempp.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070523/; classtype:trojan-activity;sid:83933623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070524)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"docs.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070524/; classtype:trojan-activity;sid:83933624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070525)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"docs.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070525/; classtype:trojan-activity;sid:83933625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070526)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"yzcplsibdtq.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070526/; classtype:trojan-activity;sid:83933626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070527)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nstools.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070527/; classtype:trojan-activity;sid:83933627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070528)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070528/; classtype:trojan-activity;sid:83933628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070529)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"admin.tsrv1.ws"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070529/; classtype:trojan-activity;sid:83933629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070530)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"help.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070530/; classtype:trojan-activity;sid:83933630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070514)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"b6bc745a-7b5c-4d56-ab6c-0dd2982cb122.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070514/; classtype:trojan-activity;sid:83933614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070515)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"help.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070515/; classtype:trojan-activity;sid:83933615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070511)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"help.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070511/; classtype:trojan-activity;sid:83933611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070512)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"nstools.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070512/; classtype:trojan-activity;sid:83933612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070513)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"blog.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070513/; classtype:trojan-activity;sid:83933613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070510)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070510/; classtype:trojan-activity;sid:83933610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070504)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070504/; classtype:trojan-activity;sid:83933604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070505)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"community.tsrv1.ws"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070505/; classtype:trojan-activity;sid:83933605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070506)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"a012a656-f566-48a1-afad-3dcc46018380.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070506/; classtype:trojan-activity;sid:83933606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070507)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"b6bc745a-7b5c-4d56-ab6c-0dd2982cb122.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070507/; classtype:trojan-activity;sid:83933607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070508)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"yzcplsibdtq.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070508/; classtype:trojan-activity;sid:83933608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070509)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"community.tsrv1.ws"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070509/; classtype:trojan-activity;sid:83933609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070500)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070500/; classtype:trojan-activity;sid:83933600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070501)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"3746c740-22d8-4bc2-9f60-c6c8db13ee88.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070501/; classtype:trojan-activity;sid:83933601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070502)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mail.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070502/; classtype:trojan-activity;sid:83933602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070503)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"nstools.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070503/; classtype:trojan-activity;sid:83933603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070496)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070496/; classtype:trojan-activity;sid:83933596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070497)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"5913942c-0d07-4809-a743-1db0a1076c8f.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070497/; classtype:trojan-activity;sid:83933597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070498)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070498/; classtype:trojan-activity;sid:83933598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070499)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"yzcplsibdtq.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070499/; classtype:trojan-activity;sid:83933599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070483)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"admin.tsrv1.ws"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070483/; classtype:trojan-activity;sid:83933583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070484)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"b6bc745a-7b5c-4d56-ab6c-0dd2982cb122.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070484/; classtype:trojan-activity;sid:83933584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070485)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"blog.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070485/; classtype:trojan-activity;sid:83933585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070486)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"admin.tsrv1.ws"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070486/; classtype:trojan-activity;sid:83933586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070487)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ujkujiiempp.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070487/; classtype:trojan-activity;sid:83933587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070488)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"225c2cd6-cbd3-4ac2-8464-cc7686273c9c.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070488/; classtype:trojan-activity;sid:83933588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070489)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"a012a656-f566-48a1-afad-3dcc46018380.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070489/; classtype:trojan-activity;sid:83933589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070490)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"3746c740-22d8-4bc2-9f60-c6c8db13ee88.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070490/; classtype:trojan-activity;sid:83933590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070491)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"admin.tsrv1.ws"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070491/; classtype:trojan-activity;sid:83933591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070492)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070492/; classtype:trojan-activity;sid:83933592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070493)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070493/; classtype:trojan-activity;sid:83933593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070494)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070494/; classtype:trojan-activity;sid:83933594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070495)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92803df9-8cd5-43dd-811b-f2840cdabc14.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070495/; classtype:trojan-activity;sid:83933595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070478)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070478/; classtype:trojan-activity;sid:83933578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070479)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070479/; classtype:trojan-activity;sid:83933579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070480)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"docs.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070480/; classtype:trojan-activity;sid:83933580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070481)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"92803df9-8cd5-43dd-811b-f2840cdabc14.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070481/; classtype:trojan-activity;sid:83933581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070482)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070482/; classtype:trojan-activity;sid:83933582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070473)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"docs.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070473/; classtype:trojan-activity;sid:83933573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070474)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"admin.tsrv1.ws"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070474/; classtype:trojan-activity;sid:83933574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070475)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"a012a656-f566-48a1-afad-3dcc46018380.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070475/; classtype:trojan-activity;sid:83933575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070476)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070476/; classtype:trojan-activity;sid:83933576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070477)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"yzcplsibdtq.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070477/; classtype:trojan-activity;sid:83933577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070466)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nstools.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070466/; classtype:trojan-activity;sid:83933566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070467)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"blog.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070467/; classtype:trojan-activity;sid:83933567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070468)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mail.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070468/; classtype:trojan-activity;sid:83933568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070469)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"1090ce78-a573-43df-908b-4bc549764a3a.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070469/; classtype:trojan-activity;sid:83933569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070470)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"docs.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070470/; classtype:trojan-activity;sid:83933570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070471)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"smtp.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070471/; classtype:trojan-activity;sid:83933571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070472)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070472/; classtype:trojan-activity;sid:83933572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070461)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"b6bc745a-7b5c-4d56-ab6c-0dd2982cb122.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070461/; classtype:trojan-activity;sid:83933561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070462)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070462/; classtype:trojan-activity;sid:83933562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070463)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"1090ce78-a573-43df-908b-4bc549764a3a.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070463/; classtype:trojan-activity;sid:83933563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070464)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ujkujiiempp.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070464/; classtype:trojan-activity;sid:83933564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070465)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"dfmtjmptskr.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070465/; classtype:trojan-activity;sid:83933565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070459)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"92803df9-8cd5-43dd-811b-f2840cdabc14.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070459/; classtype:trojan-activity;sid:83933559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070460)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mail.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070460/; classtype:trojan-activity;sid:83933560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070450)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"3746c740-22d8-4bc2-9f60-c6c8db13ee88.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070450/; classtype:trojan-activity;sid:83933550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070451)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"docs.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070451/; classtype:trojan-activity;sid:83933551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070452)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070452/; classtype:trojan-activity;sid:83933552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070453)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"nstools.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070453/; classtype:trojan-activity;sid:83933553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070454)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ujkujiiempp.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070454/; classtype:trojan-activity;sid:83933554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070455)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"yzcplsibdtq.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070455/; classtype:trojan-activity;sid:83933555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070456)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"stltpweavzg.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070456/; classtype:trojan-activity;sid:83933556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070457)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"yzcplsibdtq.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070457/; classtype:trojan-activity;sid:83933557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070458)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070458/; classtype:trojan-activity;sid:83933558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070439)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070439/; classtype:trojan-activity;sid:83933539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070440)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"dfmtjmptskr.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070440/; classtype:trojan-activity;sid:83933540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070441)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"stltpweavzg.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070441/; classtype:trojan-activity;sid:83933541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070442)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070442/; classtype:trojan-activity;sid:83933542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070443)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"yzcplsibdtq.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070443/; classtype:trojan-activity;sid:83933543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070444)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070444/; classtype:trojan-activity;sid:83933544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070445)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"help.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070445/; classtype:trojan-activity;sid:83933545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070446)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"help.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070446/; classtype:trojan-activity;sid:83933546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070447)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070447/; classtype:trojan-activity;sid:83933547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070448)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"3746c740-22d8-4bc2-9f60-c6c8db13ee88.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070448/; classtype:trojan-activity;sid:83933548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070449)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070449/; classtype:trojan-activity;sid:83933549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070436)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"3746c740-22d8-4bc2-9f60-c6c8db13ee88.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070436/; classtype:trojan-activity;sid:83933536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070437)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"docs.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070437/; classtype:trojan-activity;sid:83933537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070438)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92803df9-8cd5-43dd-811b-f2840cdabc14.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070438/; classtype:trojan-activity;sid:83933538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070435)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070435/; classtype:trojan-activity;sid:83933535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070433)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"ujkujiiempp.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070433/; classtype:trojan-activity;sid:83933533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070434)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"1090ce78-a573-43df-908b-4bc549764a3a.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070434/; classtype:trojan-activity;sid:83933534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070415)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"226b8f14-a155-4dbb-88f2-b146941c2fc9.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070415/; classtype:trojan-activity;sid:83933515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070416)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"53e2e72e-92ec-45bd-b5bf-5230e35c1564.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070416/; classtype:trojan-activity;sid:83933516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070417)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070417/; classtype:trojan-activity;sid:83933517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070418)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"blog.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070418/; classtype:trojan-activity;sid:83933518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070419)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"community.tsrv1.ws"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070419/; classtype:trojan-activity;sid:83933519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070420)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"yzcplsibdtq.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070420/; classtype:trojan-activity;sid:83933520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070421)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070421/; classtype:trojan-activity;sid:83933521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070422)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"support.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070422/; classtype:trojan-activity;sid:83933522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070423)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"nstools.tsrv1.ws"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070423/; classtype:trojan-activity;sid:83933523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070424)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070424/; classtype:trojan-activity;sid:83933524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070425)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070425/; classtype:trojan-activity;sid:83933525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070426)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070426/; classtype:trojan-activity;sid:83933526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070427)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070427/; classtype:trojan-activity;sid:83933527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070428)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mail.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070428/; classtype:trojan-activity;sid:83933528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070429)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"450d4a71-458d-4d35-bd01-b075cdb0d900.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070429/; classtype:trojan-activity;sid:83933529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070430)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"a012a656-f566-48a1-afad-3dcc46018380.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070430/; classtype:trojan-activity;sid:83933530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070431)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"b6bc745a-7b5c-4d56-ab6c-0dd2982cb122.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070431/; classtype:trojan-activity;sid:83933531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070432)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"docs.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070432/; classtype:trojan-activity;sid:83933532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070405)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"d166ab3b-91ab-410f-a50d-c702fa55858d.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070405/; classtype:trojan-activity;sid:83933505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070406)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5913942c-0d07-4809-a743-1db0a1076c8f.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070406/; classtype:trojan-activity;sid:83933506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070407)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cpanel.tsrv1.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070407/; classtype:trojan-activity;sid:83933507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070408)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"de91e0c0-23c2-457f-9d5d-21e0ce13ac57.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070408/; classtype:trojan-activity;sid:83933508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070409)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"92803df9-8cd5-43dd-811b-f2840cdabc14.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070409/; classtype:trojan-activity;sid:83933509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070410)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cmp5itpp9h30577inogg.tsrv1.ws"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070410/; classtype:trojan-activity;sid:83933510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070411)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"3746c740-22d8-4bc2-9f60-c6c8db13ee88.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070411/; classtype:trojan-activity;sid:83933511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070412)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dfmtjmptskr.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070412/; classtype:trojan-activity;sid:83933512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070413)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"help.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070413/; classtype:trojan-activity;sid:83933513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070414)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"1855e8b9-5b39-418e-b53e-3259c2f0c3fc.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070414/; classtype:trojan-activity;sid:83933514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070401)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"smtp.tsrv1.ws"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070401/; classtype:trojan-activity;sid:83933501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070402)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"225c2cd6-cbd3-4ac2-8464-cc7686273c9c.random.tsrv1.ws"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070402/; classtype:trojan-activity;sid:83933502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070403)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"stltpweavzg.tsrv1.ws"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070403/; classtype:trojan-activity;sid:83933503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070404)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"admin.tsrv1.ws"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070404/; classtype:trojan-activity;sid:83933504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.179.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070400/; classtype:trojan-activity;sid:83933500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.49.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070398/; classtype:trojan-activity;sid:83933498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.214.229.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070399/; classtype:trojan-activity;sid:83933499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.93.44.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070397/; classtype:trojan-activity;sid:83933497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.136.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070396/; classtype:trojan-activity;sid:83933496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070392)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070392/; classtype:trojan-activity;sid:83933492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070393)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070393/; classtype:trojan-activity;sid:83933493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070394)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070394/; classtype:trojan-activity;sid:83933494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070395)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070395/; classtype:trojan-activity;sid:83933495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070376)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070376/; classtype:trojan-activity;sid:83933476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070377)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070377/; classtype:trojan-activity;sid:83933477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070378)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070378/; classtype:trojan-activity;sid:83933478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070379)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070379/; classtype:trojan-activity;sid:83933479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070380)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070380/; classtype:trojan-activity;sid:83933480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070381)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070381/; classtype:trojan-activity;sid:83933481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070382)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070382/; classtype:trojan-activity;sid:83933482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070383)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070383/; classtype:trojan-activity;sid:83933483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070384)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070384/; classtype:trojan-activity;sid:83933484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070385)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070385/; classtype:trojan-activity;sid:83933485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070386)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070386/; classtype:trojan-activity;sid:83933486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070387)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070387/; classtype:trojan-activity;sid:83933487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070388)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070388/; classtype:trojan-activity;sid:83933488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070389)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070389/; classtype:trojan-activity;sid:83933489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070390)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070390/; classtype:trojan-activity;sid:83933490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070391)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070391/; classtype:trojan-activity;sid:83933491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070368)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070368/; classtype:trojan-activity;sid:83933468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070369)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070369/; classtype:trojan-activity;sid:83933469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070370)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070370/; classtype:trojan-activity;sid:83933470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070371)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070371/; classtype:trojan-activity;sid:83933471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070372)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070372/; classtype:trojan-activity;sid:83933472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070373)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070373/; classtype:trojan-activity;sid:83933473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070374)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070374/; classtype:trojan-activity;sid:83933474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070375)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070375/; classtype:trojan-activity;sid:83933475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070363)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070363/; classtype:trojan-activity;sid:83933463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070364)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070364/; classtype:trojan-activity;sid:83933464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070365)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070365/; classtype:trojan-activity;sid:83933465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070366)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070366/; classtype:trojan-activity;sid:83933466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070367)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070367/; classtype:trojan-activity;sid:83933467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070358)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070358/; classtype:trojan-activity;sid:83933458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070359)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070359/; classtype:trojan-activity;sid:83933459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070360)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070360/; classtype:trojan-activity;sid:83933460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070361)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070361/; classtype:trojan-activity;sid:83933461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070362)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070362/; classtype:trojan-activity;sid:83933462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070353)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070353/; classtype:trojan-activity;sid:83933453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070354)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070354/; classtype:trojan-activity;sid:83933454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070355)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070355/; classtype:trojan-activity;sid:83933455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070356)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070356/; classtype:trojan-activity;sid:83933456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070357)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070357/; classtype:trojan-activity;sid:83933457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070347)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070347/; classtype:trojan-activity;sid:83933447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070348)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070348/; classtype:trojan-activity;sid:83933448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070349)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070349/; classtype:trojan-activity;sid:83933449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070350)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070350/; classtype:trojan-activity;sid:83933450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070351)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070351/; classtype:trojan-activity;sid:83933451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070352)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070352/; classtype:trojan-activity;sid:83933452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070342)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070342/; classtype:trojan-activity;sid:83933442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070343)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070343/; classtype:trojan-activity;sid:83933443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070344)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070344/; classtype:trojan-activity;sid:83933444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070345)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070345/; classtype:trojan-activity;sid:83933445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070346)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070346/; classtype:trojan-activity;sid:83933446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070338)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070338/; classtype:trojan-activity;sid:83933438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070339)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070339/; classtype:trojan-activity;sid:83933439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070340)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070340/; classtype:trojan-activity;sid:83933440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070341)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070341/; classtype:trojan-activity;sid:83933441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070333)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070333/; classtype:trojan-activity;sid:83933433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070334)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070334/; classtype:trojan-activity;sid:83933434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070335)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070335/; classtype:trojan-activity;sid:83933435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070336)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070336/; classtype:trojan-activity;sid:83933436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070337)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070337/; classtype:trojan-activity;sid:83933437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070323)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070323/; classtype:trojan-activity;sid:83933423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070324)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070324/; classtype:trojan-activity;sid:83933424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070325)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070325/; classtype:trojan-activity;sid:83933425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070326)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070326/; classtype:trojan-activity;sid:83933426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070327)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070327/; classtype:trojan-activity;sid:83933427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070328)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070328/; classtype:trojan-activity;sid:83933428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070329)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070329/; classtype:trojan-activity;sid:83933429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070330)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070330/; classtype:trojan-activity;sid:83933430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070331)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070331/; classtype:trojan-activity;sid:83933431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070332)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070332/; classtype:trojan-activity;sid:83933432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070317)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070317/; classtype:trojan-activity;sid:83933417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070318)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070318/; classtype:trojan-activity;sid:83933418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070319)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070319/; classtype:trojan-activity;sid:83933419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070320)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070320/; classtype:trojan-activity;sid:83933420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070321)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070321/; classtype:trojan-activity;sid:83933421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070322)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070322/; classtype:trojan-activity;sid:83933422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070310)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070310/; classtype:trojan-activity;sid:83933410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070311)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070311/; classtype:trojan-activity;sid:83933411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070312)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070312/; classtype:trojan-activity;sid:83933412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070313)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070313/; classtype:trojan-activity;sid:83933413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070314)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070314/; classtype:trojan-activity;sid:83933414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070315)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070315/; classtype:trojan-activity;sid:83933415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070316)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070316/; classtype:trojan-activity;sid:83933416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070307)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070307/; classtype:trojan-activity;sid:83933407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070308)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070308/; classtype:trojan-activity;sid:83933408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070309)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070309/; classtype:trojan-activity;sid:83933409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070303)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070303/; classtype:trojan-activity;sid:83933403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070304)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070304/; classtype:trojan-activity;sid:83933404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070305)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070305/; classtype:trojan-activity;sid:83933405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070306)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070306/; classtype:trojan-activity;sid:83933406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070299)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070299/; classtype:trojan-activity;sid:83933399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070300)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070300/; classtype:trojan-activity;sid:83933400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070301)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070301/; classtype:trojan-activity;sid:83933401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070302)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070302/; classtype:trojan-activity;sid:83933402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070296)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070296/; classtype:trojan-activity;sid:83933396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070297)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070297/; classtype:trojan-activity;sid:83933397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070298)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070298/; classtype:trojan-activity;sid:83933398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070292)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070292/; classtype:trojan-activity;sid:83933392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070293)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070293/; classtype:trojan-activity;sid:83933393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070294)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070294/; classtype:trojan-activity;sid:83933394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070295)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070295/; classtype:trojan-activity;sid:83933395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070288)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070288/; classtype:trojan-activity;sid:83933388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070289)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070289/; classtype:trojan-activity;sid:83933389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070290)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070290/; classtype:trojan-activity;sid:83933390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070291)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070291/; classtype:trojan-activity;sid:83933391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070281)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070281/; classtype:trojan-activity;sid:83933381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070282)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070282/; classtype:trojan-activity;sid:83933382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070283)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070283/; classtype:trojan-activity;sid:83933383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070284)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070284/; classtype:trojan-activity;sid:83933384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070285)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070285/; classtype:trojan-activity;sid:83933385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070286)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070286/; classtype:trojan-activity;sid:83933386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070287)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070287/; classtype:trojan-activity;sid:83933387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070273)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070273/; classtype:trojan-activity;sid:83933373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070274)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070274/; classtype:trojan-activity;sid:83933374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070275)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070275/; classtype:trojan-activity;sid:83933375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070276)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070276/; classtype:trojan-activity;sid:83933376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070277)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070277/; classtype:trojan-activity;sid:83933377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070278)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070278/; classtype:trojan-activity;sid:83933378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070279)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070279/; classtype:trojan-activity;sid:83933379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070280)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070280/; classtype:trojan-activity;sid:83933380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070270)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070270/; classtype:trojan-activity;sid:83933370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070271)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070271/; classtype:trojan-activity;sid:83933371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070272)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070272/; classtype:trojan-activity;sid:83933372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070262)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070262/; classtype:trojan-activity;sid:83933362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070263)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070263/; classtype:trojan-activity;sid:83933363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070264)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070264/; classtype:trojan-activity;sid:83933364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070265)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070265/; classtype:trojan-activity;sid:83933365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070266)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070266/; classtype:trojan-activity;sid:83933366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070267)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070267/; classtype:trojan-activity;sid:83933367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070268)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070268/; classtype:trojan-activity;sid:83933368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070269)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070269/; classtype:trojan-activity;sid:83933369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070253)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070253/; classtype:trojan-activity;sid:83933353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070254)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070254/; classtype:trojan-activity;sid:83933354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070255)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070255/; classtype:trojan-activity;sid:83933355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070256)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070256/; classtype:trojan-activity;sid:83933356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070257)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070257/; classtype:trojan-activity;sid:83933357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070258)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070258/; classtype:trojan-activity;sid:83933358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070259)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070259/; classtype:trojan-activity;sid:83933359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070260)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070260/; classtype:trojan-activity;sid:83933360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070261)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070261/; classtype:trojan-activity;sid:83933361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070246)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070246/; classtype:trojan-activity;sid:83933346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070247)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070247/; classtype:trojan-activity;sid:83933347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070248)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070248/; classtype:trojan-activity;sid:83933348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070249)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070249/; classtype:trojan-activity;sid:83933349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070250)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070250/; classtype:trojan-activity;sid:83933350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070251)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070251/; classtype:trojan-activity;sid:83933351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070252)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070252/; classtype:trojan-activity;sid:83933352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070240)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070240/; classtype:trojan-activity;sid:83933340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070241)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070241/; classtype:trojan-activity;sid:83933341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070242)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070242/; classtype:trojan-activity;sid:83933342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070243)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070243/; classtype:trojan-activity;sid:83933343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070244)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070244/; classtype:trojan-activity;sid:83933344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070245)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070245/; classtype:trojan-activity;sid:83933345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070230)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070230/; classtype:trojan-activity;sid:83933330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070231)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070231/; classtype:trojan-activity;sid:83933331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070232)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070232/; classtype:trojan-activity;sid:83933332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070233)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070233/; classtype:trojan-activity;sid:83933333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070234)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070234/; classtype:trojan-activity;sid:83933334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070235)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070235/; classtype:trojan-activity;sid:83933335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070236)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070236/; classtype:trojan-activity;sid:83933336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070237)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070237/; classtype:trojan-activity;sid:83933337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070238)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070238/; classtype:trojan-activity;sid:83933338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070239)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070239/; classtype:trojan-activity;sid:83933339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070223)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070223/; classtype:trojan-activity;sid:83933323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070224)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070224/; classtype:trojan-activity;sid:83933324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070225)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070225/; classtype:trojan-activity;sid:83933325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070226)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070226/; classtype:trojan-activity;sid:83933326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070227)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070227/; classtype:trojan-activity;sid:83933327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070228)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070228/; classtype:trojan-activity;sid:83933328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070229)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070229/; classtype:trojan-activity;sid:83933329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070217)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070217/; classtype:trojan-activity;sid:83933317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070218)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070218/; classtype:trojan-activity;sid:83933318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070219)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070219/; classtype:trojan-activity;sid:83933319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070220)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070220/; classtype:trojan-activity;sid:83933320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070221)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070221/; classtype:trojan-activity;sid:83933321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070222)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070222/; classtype:trojan-activity;sid:83933322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070214)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070214/; classtype:trojan-activity;sid:83933314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070215)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070215/; classtype:trojan-activity;sid:83933315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070216)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070216/; classtype:trojan-activity;sid:83933316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070203)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070203/; classtype:trojan-activity;sid:83933303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070204)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070204/; classtype:trojan-activity;sid:83933304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070205)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070205/; classtype:trojan-activity;sid:83933305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070206)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070206/; classtype:trojan-activity;sid:83933306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070207)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070207/; classtype:trojan-activity;sid:83933307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070208)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070208/; classtype:trojan-activity;sid:83933308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070209)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070209/; classtype:trojan-activity;sid:83933309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070210)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070210/; classtype:trojan-activity;sid:83933310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070211)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070211/; classtype:trojan-activity;sid:83933311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070212)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070212/; classtype:trojan-activity;sid:83933312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070213)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070213/; classtype:trojan-activity;sid:83933313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070200)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070200/; classtype:trojan-activity;sid:83933300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070201)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070201/; classtype:trojan-activity;sid:83933301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070202)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070202/; classtype:trojan-activity;sid:83933302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070193)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070193/; classtype:trojan-activity;sid:83933293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070194)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070194/; classtype:trojan-activity;sid:83933294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070195)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070195/; classtype:trojan-activity;sid:83933295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070196)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070196/; classtype:trojan-activity;sid:83933296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070197)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070197/; classtype:trojan-activity;sid:83933297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070198)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070198/; classtype:trojan-activity;sid:83933298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070199)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070199/; classtype:trojan-activity;sid:83933299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070182)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070182/; classtype:trojan-activity;sid:83933282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070183)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070183/; classtype:trojan-activity;sid:83933283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070184)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070184/; classtype:trojan-activity;sid:83933284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070185)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070185/; classtype:trojan-activity;sid:83933285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070186)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070186/; classtype:trojan-activity;sid:83933286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070187)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070187/; classtype:trojan-activity;sid:83933287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070188)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070188/; classtype:trojan-activity;sid:83933288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070189)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070189/; classtype:trojan-activity;sid:83933289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070190)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070190/; classtype:trojan-activity;sid:83933290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070191)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070191/; classtype:trojan-activity;sid:83933291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070192)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070192/; classtype:trojan-activity;sid:83933292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070176)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070176/; classtype:trojan-activity;sid:83933276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070177)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070177/; classtype:trojan-activity;sid:83933277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070178)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070178/; classtype:trojan-activity;sid:83933278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070179)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070179/; classtype:trojan-activity;sid:83933279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070180)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070180/; classtype:trojan-activity;sid:83933280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070181)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070181/; classtype:trojan-activity;sid:83933281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070168)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070168/; classtype:trojan-activity;sid:83933268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070169)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070169/; classtype:trojan-activity;sid:83933269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070170)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070170/; classtype:trojan-activity;sid:83933270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070171)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070171/; classtype:trojan-activity;sid:83933271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070172)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070172/; classtype:trojan-activity;sid:83933272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070173)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070173/; classtype:trojan-activity;sid:83933273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070174)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070174/; classtype:trojan-activity;sid:83933274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070175)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070175/; classtype:trojan-activity;sid:83933275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070162)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070162/; classtype:trojan-activity;sid:83933262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070163)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070163/; classtype:trojan-activity;sid:83933263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070164)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070164/; classtype:trojan-activity;sid:83933264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070165)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070165/; classtype:trojan-activity;sid:83933265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070166)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070166/; classtype:trojan-activity;sid:83933266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070167)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070167/; classtype:trojan-activity;sid:83933267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070157)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070157/; classtype:trojan-activity;sid:83933257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070158)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070158/; classtype:trojan-activity;sid:83933258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070159)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070159/; classtype:trojan-activity;sid:83933259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070160)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070160/; classtype:trojan-activity;sid:83933260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070161)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070161/; classtype:trojan-activity;sid:83933261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070152)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070152/; classtype:trojan-activity;sid:83933252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070153)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070153/; classtype:trojan-activity;sid:83933253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070154)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070154/; classtype:trojan-activity;sid:83933254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070155)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070155/; classtype:trojan-activity;sid:83933255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070156)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070156/; classtype:trojan-activity;sid:83933256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070143)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070143/; classtype:trojan-activity;sid:83933243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070144)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070144/; classtype:trojan-activity;sid:83933244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070145)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070145/; classtype:trojan-activity;sid:83933245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070146)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070146/; classtype:trojan-activity;sid:83933246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070147)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070147/; classtype:trojan-activity;sid:83933247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070148)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070148/; classtype:trojan-activity;sid:83933248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070149)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070149/; classtype:trojan-activity;sid:83933249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070150)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070150/; classtype:trojan-activity;sid:83933250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070151)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070151/; classtype:trojan-activity;sid:83933251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070134)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070134/; classtype:trojan-activity;sid:83933234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070135)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070135/; classtype:trojan-activity;sid:83933235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070136)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070136/; classtype:trojan-activity;sid:83933236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070137)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070137/; classtype:trojan-activity;sid:83933237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070138)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070138/; classtype:trojan-activity;sid:83933238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070139)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070139/; classtype:trojan-activity;sid:83933239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070140)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070140/; classtype:trojan-activity;sid:83933240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070141)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070141/; classtype:trojan-activity;sid:83933241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070142)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070142/; classtype:trojan-activity;sid:83933242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070125)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070125/; classtype:trojan-activity;sid:83933225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070126)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070126/; classtype:trojan-activity;sid:83933226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070127)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070127/; classtype:trojan-activity;sid:83933227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070128)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070128/; classtype:trojan-activity;sid:83933228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070129)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070129/; classtype:trojan-activity;sid:83933229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070130)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070130/; classtype:trojan-activity;sid:83933230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070131)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070131/; classtype:trojan-activity;sid:83933231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070132)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070132/; classtype:trojan-activity;sid:83933232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070133)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070133/; classtype:trojan-activity;sid:83933233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070119)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070119/; classtype:trojan-activity;sid:83933219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070120)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070120/; classtype:trojan-activity;sid:83933220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070121)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070121/; classtype:trojan-activity;sid:83933221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070122)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070122/; classtype:trojan-activity;sid:83933222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070123)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070123/; classtype:trojan-activity;sid:83933223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070124)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070124/; classtype:trojan-activity;sid:83933224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070116)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070116/; classtype:trojan-activity;sid:83933216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070117)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070117/; classtype:trojan-activity;sid:83933217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070118)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070118/; classtype:trojan-activity;sid:83933218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070111)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070111/; classtype:trojan-activity;sid:83933211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070112)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070112/; classtype:trojan-activity;sid:83933212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070113)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070113/; classtype:trojan-activity;sid:83933213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070114)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070114/; classtype:trojan-activity;sid:83933214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070115)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070115/; classtype:trojan-activity;sid:83933215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070103)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070103/; classtype:trojan-activity;sid:83933203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070104)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070104/; classtype:trojan-activity;sid:83933204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070105)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070105/; classtype:trojan-activity;sid:83933205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070106)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070106/; classtype:trojan-activity;sid:83933206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070107)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070107/; classtype:trojan-activity;sid:83933207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070108)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070108/; classtype:trojan-activity;sid:83933208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070109)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070109/; classtype:trojan-activity;sid:83933209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070110)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070110/; classtype:trojan-activity;sid:83933210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070093)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070093/; classtype:trojan-activity;sid:83933193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070094)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070094/; classtype:trojan-activity;sid:83933194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070095)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070095/; classtype:trojan-activity;sid:83933195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070096)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070096/; classtype:trojan-activity;sid:83933196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070097)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070097/; classtype:trojan-activity;sid:83933197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070098)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070098/; classtype:trojan-activity;sid:83933198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070099)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070099/; classtype:trojan-activity;sid:83933199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070100)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070100/; classtype:trojan-activity;sid:83933200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070101)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070101/; classtype:trojan-activity;sid:83933201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070102)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070102/; classtype:trojan-activity;sid:83933202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070083)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070083/; classtype:trojan-activity;sid:83933183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070084)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070084/; classtype:trojan-activity;sid:83933184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070085)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070085/; classtype:trojan-activity;sid:83933185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070086)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070086/; classtype:trojan-activity;sid:83933186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070087)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070087/; classtype:trojan-activity;sid:83933187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070088)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070088/; classtype:trojan-activity;sid:83933188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070089)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070089/; classtype:trojan-activity;sid:83933189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070090)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070090/; classtype:trojan-activity;sid:83933190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070091)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070091/; classtype:trojan-activity;sid:83933191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070092)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070092/; classtype:trojan-activity;sid:83933192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070078)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070078/; classtype:trojan-activity;sid:83933178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070079)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070079/; classtype:trojan-activity;sid:83933179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070080)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070080/; classtype:trojan-activity;sid:83933180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070081)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070081/; classtype:trojan-activity;sid:83933181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070082)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070082/; classtype:trojan-activity;sid:83933182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070076)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070076/; classtype:trojan-activity;sid:83933176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070077)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070077/; classtype:trojan-activity;sid:83933177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070066)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070066/; classtype:trojan-activity;sid:83933166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070067)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070067/; classtype:trojan-activity;sid:83933167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070068)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070068/; classtype:trojan-activity;sid:83933168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070069)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070069/; classtype:trojan-activity;sid:83933169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070070)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070070/; classtype:trojan-activity;sid:83933170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070071)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070071/; classtype:trojan-activity;sid:83933171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070072)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070072/; classtype:trojan-activity;sid:83933172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070073)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070073/; classtype:trojan-activity;sid:83933173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070074)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070074/; classtype:trojan-activity;sid:83933174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070075)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070075/; classtype:trojan-activity;sid:83933175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070063)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070063/; classtype:trojan-activity;sid:83933163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070064)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070064/; classtype:trojan-activity;sid:83933164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070065)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070065/; classtype:trojan-activity;sid:83933165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070051)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070051/; classtype:trojan-activity;sid:83933151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070052)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070052/; classtype:trojan-activity;sid:83933152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070053)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070053/; classtype:trojan-activity;sid:83933153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070054)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070054/; classtype:trojan-activity;sid:83933154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070055)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070055/; classtype:trojan-activity;sid:83933155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070056)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070056/; classtype:trojan-activity;sid:83933156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070057)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070057/; classtype:trojan-activity;sid:83933157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070058)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070058/; classtype:trojan-activity;sid:83933158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070059)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070059/; classtype:trojan-activity;sid:83933159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070060)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070060/; classtype:trojan-activity;sid:83933160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070061)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070061/; classtype:trojan-activity;sid:83933161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070062)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070062/; classtype:trojan-activity;sid:83933162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070040)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070040/; classtype:trojan-activity;sid:83933140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070041)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070041/; classtype:trojan-activity;sid:83933141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070042)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070042/; classtype:trojan-activity;sid:83933142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070043)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070043/; classtype:trojan-activity;sid:83933143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070044)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070044/; classtype:trojan-activity;sid:83933144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070045)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070045/; classtype:trojan-activity;sid:83933145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070046)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070046/; classtype:trojan-activity;sid:83933146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070047)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070047/; classtype:trojan-activity;sid:83933147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070048)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070048/; classtype:trojan-activity;sid:83933148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070049)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070049/; classtype:trojan-activity;sid:83933149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070050)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070050/; classtype:trojan-activity;sid:83933150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070036)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070036/; classtype:trojan-activity;sid:83933136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070037)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070037/; classtype:trojan-activity;sid:83933137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070038)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070038/; classtype:trojan-activity;sid:83933138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070039)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070039/; classtype:trojan-activity;sid:83933139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070027)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070027/; classtype:trojan-activity;sid:83933127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070028)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070028/; classtype:trojan-activity;sid:83933128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070029)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070029/; classtype:trojan-activity;sid:83933129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070030)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070030/; classtype:trojan-activity;sid:83933130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070031)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070031/; classtype:trojan-activity;sid:83933131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070032)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070032/; classtype:trojan-activity;sid:83933132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070033)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070033/; classtype:trojan-activity;sid:83933133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070034)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070034/; classtype:trojan-activity;sid:83933134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070035)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070035/; classtype:trojan-activity;sid:83933135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070021)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070021/; classtype:trojan-activity;sid:83933121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070022)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070022/; classtype:trojan-activity;sid:83933122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070023)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070023/; classtype:trojan-activity;sid:83933123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070024)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070024/; classtype:trojan-activity;sid:83933124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070025)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070025/; classtype:trojan-activity;sid:83933125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070026)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070026/; classtype:trojan-activity;sid:83933126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070013)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070013/; classtype:trojan-activity;sid:83933113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070014)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070014/; classtype:trojan-activity;sid:83933114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070015)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070015/; classtype:trojan-activity;sid:83933115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070016)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070016/; classtype:trojan-activity;sid:83933116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070017)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070017/; classtype:trojan-activity;sid:83933117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070018)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070018/; classtype:trojan-activity;sid:83933118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070019)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070019/; classtype:trojan-activity;sid:83933119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070020)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070020/; classtype:trojan-activity;sid:83933120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070007)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070007/; classtype:trojan-activity;sid:83933107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070008)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070008/; classtype:trojan-activity;sid:83933108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070009)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070009/; classtype:trojan-activity;sid:83933109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070010)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070010/; classtype:trojan-activity;sid:83933110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070011)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070011/; classtype:trojan-activity;sid:83933111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070012)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070012/; classtype:trojan-activity;sid:83933112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069995)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069995/; classtype:trojan-activity;sid:83933095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069996)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069996/; classtype:trojan-activity;sid:83933096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069997)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069997/; classtype:trojan-activity;sid:83933097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069998)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069998/; classtype:trojan-activity;sid:83933098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069999)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069999/; classtype:trojan-activity;sid:83933099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070000)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070000/; classtype:trojan-activity;sid:83933100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070001)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070001/; classtype:trojan-activity;sid:83933101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070002)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070002/; classtype:trojan-activity;sid:83933102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070003)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070003/; classtype:trojan-activity;sid:83933103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070004)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070004/; classtype:trojan-activity;sid:83933104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070005)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070005/; classtype:trojan-activity;sid:83933105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3070006)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3070006/; classtype:trojan-activity;sid:83933106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069994)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069994/; classtype:trojan-activity;sid:83933094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069985)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069985/; classtype:trojan-activity;sid:83933085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069986)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069986/; classtype:trojan-activity;sid:83933086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069987)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069987/; classtype:trojan-activity;sid:83933087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069988)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069988/; classtype:trojan-activity;sid:83933088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069989)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069989/; classtype:trojan-activity;sid:83933089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069990)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069990/; classtype:trojan-activity;sid:83933090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069991)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069991/; classtype:trojan-activity;sid:83933091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069992)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069992/; classtype:trojan-activity;sid:83933092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069993)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069993/; classtype:trojan-activity;sid:83933093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069971)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069971/; classtype:trojan-activity;sid:83933071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069972)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069972/; classtype:trojan-activity;sid:83933072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069973)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069973/; classtype:trojan-activity;sid:83933073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069974)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069974/; classtype:trojan-activity;sid:83933074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069975)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069975/; classtype:trojan-activity;sid:83933075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069976)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069976/; classtype:trojan-activity;sid:83933076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069977)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069977/; classtype:trojan-activity;sid:83933077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069978)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069978/; classtype:trojan-activity;sid:83933078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069979)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069979/; classtype:trojan-activity;sid:83933079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069980)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069980/; classtype:trojan-activity;sid:83933080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069981)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069981/; classtype:trojan-activity;sid:83933081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069982)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069982/; classtype:trojan-activity;sid:83933082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069983)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069983/; classtype:trojan-activity;sid:83933083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069984)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069984/; classtype:trojan-activity;sid:83933084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069969)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069969/; classtype:trojan-activity;sid:83933069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069970)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069970/; classtype:trojan-activity;sid:83933070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069962)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069962/; classtype:trojan-activity;sid:83933062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069963)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069963/; classtype:trojan-activity;sid:83933063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069964)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069964/; classtype:trojan-activity;sid:83933064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069965)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069965/; classtype:trojan-activity;sid:83933065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069966)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069966/; classtype:trojan-activity;sid:83933066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069967)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069967/; classtype:trojan-activity;sid:83933067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069968)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069968/; classtype:trojan-activity;sid:83933068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069953)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069953/; classtype:trojan-activity;sid:83933053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069954)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069954/; classtype:trojan-activity;sid:83933054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069955)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069955/; classtype:trojan-activity;sid:83933055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069956)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069956/; classtype:trojan-activity;sid:83933056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069957)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069957/; classtype:trojan-activity;sid:83933057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069958)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069958/; classtype:trojan-activity;sid:83933058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069959)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069959/; classtype:trojan-activity;sid:83933059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069960)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069960/; classtype:trojan-activity;sid:83933060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069961)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069961/; classtype:trojan-activity;sid:83933061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069948)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069948/; classtype:trojan-activity;sid:83933048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069949)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069949/; classtype:trojan-activity;sid:83933049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069950)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069950/; classtype:trojan-activity;sid:83933050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069951)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069951/; classtype:trojan-activity;sid:83933051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069952)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069952/; classtype:trojan-activity;sid:83933052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069938)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069938/; classtype:trojan-activity;sid:83933038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069939)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069939/; classtype:trojan-activity;sid:83933039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069940)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069940/; classtype:trojan-activity;sid:83933040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069941)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069941/; classtype:trojan-activity;sid:83933041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069942)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069942/; classtype:trojan-activity;sid:83933042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069943)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069943/; classtype:trojan-activity;sid:83933043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069944)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069944/; classtype:trojan-activity;sid:83933044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069945)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069945/; classtype:trojan-activity;sid:83933045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069946)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069946/; classtype:trojan-activity;sid:83933046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069947)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069947/; classtype:trojan-activity;sid:83933047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069937)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069937/; classtype:trojan-activity;sid:83933037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069925)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069925/; classtype:trojan-activity;sid:83933025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069926)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069926/; classtype:trojan-activity;sid:83933026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069927)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069927/; classtype:trojan-activity;sid:83933027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069928)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069928/; classtype:trojan-activity;sid:83933028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069929)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069929/; classtype:trojan-activity;sid:83933029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069930)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069930/; classtype:trojan-activity;sid:83933030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069931)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069931/; classtype:trojan-activity;sid:83933031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069932)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069932/; classtype:trojan-activity;sid:83933032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069933)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069933/; classtype:trojan-activity;sid:83933033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069934)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069934/; classtype:trojan-activity;sid:83933034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069935)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069935/; classtype:trojan-activity;sid:83933035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069936)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069936/; classtype:trojan-activity;sid:83933036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069912)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069912/; classtype:trojan-activity;sid:83933012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069913)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069913/; classtype:trojan-activity;sid:83933013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069914)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069914/; classtype:trojan-activity;sid:83933014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069915)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069915/; classtype:trojan-activity;sid:83933015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069916)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069916/; classtype:trojan-activity;sid:83933016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069917)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069917/; classtype:trojan-activity;sid:83933017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069918)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069918/; classtype:trojan-activity;sid:83933018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069919)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069919/; classtype:trojan-activity;sid:83933019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069920)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069920/; classtype:trojan-activity;sid:83933020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069921)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069921/; classtype:trojan-activity;sid:83933021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069922)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069922/; classtype:trojan-activity;sid:83933022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069923)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069923/; classtype:trojan-activity;sid:83933023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069924)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069924/; classtype:trojan-activity;sid:83933024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069911)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069911/; classtype:trojan-activity;sid:83933011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069900)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069900/; classtype:trojan-activity;sid:83933000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069901)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069901/; classtype:trojan-activity;sid:83933001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069902)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069902/; classtype:trojan-activity;sid:83933002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069903)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069903/; classtype:trojan-activity;sid:83933003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069904)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069904/; classtype:trojan-activity;sid:83933004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069905)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069905/; classtype:trojan-activity;sid:83933005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069906)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069906/; classtype:trojan-activity;sid:83933006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069907)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069907/; classtype:trojan-activity;sid:83933007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069908)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069908/; classtype:trojan-activity;sid:83933008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069909)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069909/; classtype:trojan-activity;sid:83933009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069910)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069910/; classtype:trojan-activity;sid:83933010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069891)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069891/; classtype:trojan-activity;sid:83932991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069892)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069892/; classtype:trojan-activity;sid:83932992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069893)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069893/; classtype:trojan-activity;sid:83932993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069894)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069894/; classtype:trojan-activity;sid:83932994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069895)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069895/; classtype:trojan-activity;sid:83932995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069896)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069896/; classtype:trojan-activity;sid:83932996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069897)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069897/; classtype:trojan-activity;sid:83932997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069898)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069898/; classtype:trojan-activity;sid:83932998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069899)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069899/; classtype:trojan-activity;sid:83932999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069882)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069882/; classtype:trojan-activity;sid:83932982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069883)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069883/; classtype:trojan-activity;sid:83932983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069884)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069884/; classtype:trojan-activity;sid:83932984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069885)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069885/; classtype:trojan-activity;sid:83932985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069886)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069886/; classtype:trojan-activity;sid:83932986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069887)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069887/; classtype:trojan-activity;sid:83932987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069888)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069888/; classtype:trojan-activity;sid:83932988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069889)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069889/; classtype:trojan-activity;sid:83932989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069890)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069890/; classtype:trojan-activity;sid:83932990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069872)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069872/; classtype:trojan-activity;sid:83932972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069873)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069873/; classtype:trojan-activity;sid:83932973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069874)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069874/; classtype:trojan-activity;sid:83932974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069875)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069875/; classtype:trojan-activity;sid:83932975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069876)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069876/; classtype:trojan-activity;sid:83932976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069877)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069877/; classtype:trojan-activity;sid:83932977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069878)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069878/; classtype:trojan-activity;sid:83932978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069879)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069879/; classtype:trojan-activity;sid:83932979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069880)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069880/; classtype:trojan-activity;sid:83932980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069881)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069881/; classtype:trojan-activity;sid:83932981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069869)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069869/; classtype:trojan-activity;sid:83932969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069870)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069870/; classtype:trojan-activity;sid:83932970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069871)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069871/; classtype:trojan-activity;sid:83932971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.53.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069868/; classtype:trojan-activity;sid:83932968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.105.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069867/; classtype:trojan-activity;sid:83932967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.29.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069863/; classtype:trojan-activity;sid:83932963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069864)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069864/; classtype:trojan-activity;sid:83932964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.201.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069865/; classtype:trojan-activity;sid:83932965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069866)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069866/; classtype:trojan-activity;sid:83932966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069853)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069853/; classtype:trojan-activity;sid:83932953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069854)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069854/; classtype:trojan-activity;sid:83932954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069855)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069855/; classtype:trojan-activity;sid:83932955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069856)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069856/; classtype:trojan-activity;sid:83932956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069857)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069857/; classtype:trojan-activity;sid:83932957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069858)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069858/; classtype:trojan-activity;sid:83932958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069859)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069859/; classtype:trojan-activity;sid:83932959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069860)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069860/; classtype:trojan-activity;sid:83932960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069861)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069861/; classtype:trojan-activity;sid:83932961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069862)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069862/; classtype:trojan-activity;sid:83932962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069844)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069844/; classtype:trojan-activity;sid:83932944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069845)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069845/; classtype:trojan-activity;sid:83932945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069846)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069846/; classtype:trojan-activity;sid:83932946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069847)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069847/; classtype:trojan-activity;sid:83932947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069848)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069848/; classtype:trojan-activity;sid:83932948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069849)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069849/; classtype:trojan-activity;sid:83932949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069850)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069850/; classtype:trojan-activity;sid:83932950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069851)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069851/; classtype:trojan-activity;sid:83932951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069852)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069852/; classtype:trojan-activity;sid:83932952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069841)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069841/; classtype:trojan-activity;sid:83932941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069842)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069842/; classtype:trojan-activity;sid:83932942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069843)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069843/; classtype:trojan-activity;sid:83932943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069839)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069839/; classtype:trojan-activity;sid:83932939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069840)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069840/; classtype:trojan-activity;sid:83932940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069836)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069836/; classtype:trojan-activity;sid:83932936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069837)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069837/; classtype:trojan-activity;sid:83932937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069838)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069838/; classtype:trojan-activity;sid:83932938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069831)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069831/; classtype:trojan-activity;sid:83932931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069832)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069832/; classtype:trojan-activity;sid:83932932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069833)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069833/; classtype:trojan-activity;sid:83932933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069834)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069834/; classtype:trojan-activity;sid:83932934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069835)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069835/; classtype:trojan-activity;sid:83932935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069823)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069823/; classtype:trojan-activity;sid:83932923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069824)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069824/; classtype:trojan-activity;sid:83932924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069825)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069825/; classtype:trojan-activity;sid:83932925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069826)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069826/; classtype:trojan-activity;sid:83932926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069827)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069827/; classtype:trojan-activity;sid:83932927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069828)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069828/; classtype:trojan-activity;sid:83932928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069829)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069829/; classtype:trojan-activity;sid:83932929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069830)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069830/; classtype:trojan-activity;sid:83932930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069818)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069818/; classtype:trojan-activity;sid:83932918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069819)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069819/; classtype:trojan-activity;sid:83932919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069820)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069820/; classtype:trojan-activity;sid:83932920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069821)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069821/; classtype:trojan-activity;sid:83932921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069822)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069822/; classtype:trojan-activity;sid:83932922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069811)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069811/; classtype:trojan-activity;sid:83932911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069812)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069812/; classtype:trojan-activity;sid:83932912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069813)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069813/; classtype:trojan-activity;sid:83932913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069814)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069814/; classtype:trojan-activity;sid:83932914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069815)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069815/; classtype:trojan-activity;sid:83932915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069816)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069816/; classtype:trojan-activity;sid:83932916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069817)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069817/; classtype:trojan-activity;sid:83932917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069804)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069804/; classtype:trojan-activity;sid:83932904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069805)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069805/; classtype:trojan-activity;sid:83932905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069806)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069806/; classtype:trojan-activity;sid:83932906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069807)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069807/; classtype:trojan-activity;sid:83932907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069808)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069808/; classtype:trojan-activity;sid:83932908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069809)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069809/; classtype:trojan-activity;sid:83932909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069810)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069810/; classtype:trojan-activity;sid:83932910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069801)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069801/; classtype:trojan-activity;sid:83932901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069802)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069802/; classtype:trojan-activity;sid:83932902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069803)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069803/; classtype:trojan-activity;sid:83932903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069799)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069799/; classtype:trojan-activity;sid:83932899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069800)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069800/; classtype:trojan-activity;sid:83932900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069798)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069798/; classtype:trojan-activity;sid:83932898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069797)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069797/; classtype:trojan-activity;sid:83932897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069791)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069791/; classtype:trojan-activity;sid:83932891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069792)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069792/; classtype:trojan-activity;sid:83932892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069793)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069793/; classtype:trojan-activity;sid:83932893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069794)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069794/; classtype:trojan-activity;sid:83932894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069795)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069795/; classtype:trojan-activity;sid:83932895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069796)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069796/; classtype:trojan-activity;sid:83932896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069788)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069788/; classtype:trojan-activity;sid:83932888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069789)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069789/; classtype:trojan-activity;sid:83932889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069790)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069790/; classtype:trojan-activity;sid:83932890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069783)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069783/; classtype:trojan-activity;sid:83932883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069784)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069784/; classtype:trojan-activity;sid:83932884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069785)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069785/; classtype:trojan-activity;sid:83932885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069786)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069786/; classtype:trojan-activity;sid:83932886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069787)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069787/; classtype:trojan-activity;sid:83932887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069779)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069779/; classtype:trojan-activity;sid:83932879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069780)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069780/; classtype:trojan-activity;sid:83932880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069781)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069781/; classtype:trojan-activity;sid:83932881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069782)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069782/; classtype:trojan-activity;sid:83932882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069772)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069772/; classtype:trojan-activity;sid:83932872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069773)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069773/; classtype:trojan-activity;sid:83932873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069774)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069774/; classtype:trojan-activity;sid:83932874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069775)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069775/; classtype:trojan-activity;sid:83932875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069776)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069776/; classtype:trojan-activity;sid:83932876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069777)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069777/; classtype:trojan-activity;sid:83932877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069778)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069778/; classtype:trojan-activity;sid:83932878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069769)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069769/; classtype:trojan-activity;sid:83932869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069770)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069770/; classtype:trojan-activity;sid:83932870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069771)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069771/; classtype:trojan-activity;sid:83932871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069766)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069766/; classtype:trojan-activity;sid:83932866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069767)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069767/; classtype:trojan-activity;sid:83932867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069768)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069768/; classtype:trojan-activity;sid:83932868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069763)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069763/; classtype:trojan-activity;sid:83932863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069764)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069764/; classtype:trojan-activity;sid:83932864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069765)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069765/; classtype:trojan-activity;sid:83932865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069760)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069760/; classtype:trojan-activity;sid:83932860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069761)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069761/; classtype:trojan-activity;sid:83932861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069762)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069762/; classtype:trojan-activity;sid:83932862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069753)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069753/; classtype:trojan-activity;sid:83932853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069754)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069754/; classtype:trojan-activity;sid:83932854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069755)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069755/; classtype:trojan-activity;sid:83932855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069756)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069756/; classtype:trojan-activity;sid:83932856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069757)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069757/; classtype:trojan-activity;sid:83932857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069758)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069758/; classtype:trojan-activity;sid:83932858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069759)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069759/; classtype:trojan-activity;sid:83932859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069752)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069752/; classtype:trojan-activity;sid:83932852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069742)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069742/; classtype:trojan-activity;sid:83932842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069743)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069743/; classtype:trojan-activity;sid:83932843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069744)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069744/; classtype:trojan-activity;sid:83932844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069745)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069745/; classtype:trojan-activity;sid:83932845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069746)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069746/; classtype:trojan-activity;sid:83932846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069747)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069747/; classtype:trojan-activity;sid:83932847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069748)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069748/; classtype:trojan-activity;sid:83932848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069749)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069749/; classtype:trojan-activity;sid:83932849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069750)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069750/; classtype:trojan-activity;sid:83932850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069751)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069751/; classtype:trojan-activity;sid:83932851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069734)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069734/; classtype:trojan-activity;sid:83932834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069735)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069735/; classtype:trojan-activity;sid:83932835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069736)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069736/; classtype:trojan-activity;sid:83932836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069737)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069737/; classtype:trojan-activity;sid:83932837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069738)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069738/; classtype:trojan-activity;sid:83932838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069739)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069739/; classtype:trojan-activity;sid:83932839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069740)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069740/; classtype:trojan-activity;sid:83932840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069741)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069741/; classtype:trojan-activity;sid:83932841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069731)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069731/; classtype:trojan-activity;sid:83932831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069732)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069732/; classtype:trojan-activity;sid:83932832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069733)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069733/; classtype:trojan-activity;sid:83932833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069729)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069729/; classtype:trojan-activity;sid:83932829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069730)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069730/; classtype:trojan-activity;sid:83932830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069726)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069726/; classtype:trojan-activity;sid:83932826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069727)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069727/; classtype:trojan-activity;sid:83932827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069728)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069728/; classtype:trojan-activity;sid:83932828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069717)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069717/; classtype:trojan-activity;sid:83932817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069718)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069718/; classtype:trojan-activity;sid:83932818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069719)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069719/; classtype:trojan-activity;sid:83932819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069720)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069720/; classtype:trojan-activity;sid:83932820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069721)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069721/; classtype:trojan-activity;sid:83932821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069722)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069722/; classtype:trojan-activity;sid:83932822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069723)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069723/; classtype:trojan-activity;sid:83932823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069724)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069724/; classtype:trojan-activity;sid:83932824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069725)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069725/; classtype:trojan-activity;sid:83932825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069709)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069709/; classtype:trojan-activity;sid:83932809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069710)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069710/; classtype:trojan-activity;sid:83932810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069711)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069711/; classtype:trojan-activity;sid:83932811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069712)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069712/; classtype:trojan-activity;sid:83932812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069713)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069713/; classtype:trojan-activity;sid:83932813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069714)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069714/; classtype:trojan-activity;sid:83932814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069715)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069715/; classtype:trojan-activity;sid:83932815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069716)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069716/; classtype:trojan-activity;sid:83932816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069703)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069703/; classtype:trojan-activity;sid:83932803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069704)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069704/; classtype:trojan-activity;sid:83932804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069705)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069705/; classtype:trojan-activity;sid:83932805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069706)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069706/; classtype:trojan-activity;sid:83932806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069707)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069707/; classtype:trojan-activity;sid:83932807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069708)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069708/; classtype:trojan-activity;sid:83932808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069699)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069699/; classtype:trojan-activity;sid:83932799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069700)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069700/; classtype:trojan-activity;sid:83932800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069701)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069701/; classtype:trojan-activity;sid:83932801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069702)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069702/; classtype:trojan-activity;sid:83932802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069695)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069695/; classtype:trojan-activity;sid:83932795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069696)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069696/; classtype:trojan-activity;sid:83932796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069697)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069697/; classtype:trojan-activity;sid:83932797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069698)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069698/; classtype:trojan-activity;sid:83932798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069694)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069694/; classtype:trojan-activity;sid:83932794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069691)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069691/; classtype:trojan-activity;sid:83932791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069692)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069692/; classtype:trojan-activity;sid:83932792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069693)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069693/; classtype:trojan-activity;sid:83932793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069687)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069687/; classtype:trojan-activity;sid:83932787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069688)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069688/; classtype:trojan-activity;sid:83932788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069689)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069689/; classtype:trojan-activity;sid:83932789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069690)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069690/; classtype:trojan-activity;sid:83932790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069681)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069681/; classtype:trojan-activity;sid:83932781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069682)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069682/; classtype:trojan-activity;sid:83932782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069683)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069683/; classtype:trojan-activity;sid:83932783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069684)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069684/; classtype:trojan-activity;sid:83932784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069685)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069685/; classtype:trojan-activity;sid:83932785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069686)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069686/; classtype:trojan-activity;sid:83932786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069676)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069676/; classtype:trojan-activity;sid:83932776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069677)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069677/; classtype:trojan-activity;sid:83932777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069678)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069678/; classtype:trojan-activity;sid:83932778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069679)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069679/; classtype:trojan-activity;sid:83932779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069680)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069680/; classtype:trojan-activity;sid:83932780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069672)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069672/; classtype:trojan-activity;sid:83932772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069673)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069673/; classtype:trojan-activity;sid:83932773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069674)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069674/; classtype:trojan-activity;sid:83932774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069675)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069675/; classtype:trojan-activity;sid:83932775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069661)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069661/; classtype:trojan-activity;sid:83932761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069662)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069662/; classtype:trojan-activity;sid:83932762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069663)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069663/; classtype:trojan-activity;sid:83932763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069664)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069664/; classtype:trojan-activity;sid:83932764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069665)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069665/; classtype:trojan-activity;sid:83932765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069666)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069666/; classtype:trojan-activity;sid:83932766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069667)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069667/; classtype:trojan-activity;sid:83932767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069668)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069668/; classtype:trojan-activity;sid:83932768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069669)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069669/; classtype:trojan-activity;sid:83932769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069670)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069670/; classtype:trojan-activity;sid:83932770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069671)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069671/; classtype:trojan-activity;sid:83932771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069655)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069655/; classtype:trojan-activity;sid:83932755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069656)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069656/; classtype:trojan-activity;sid:83932756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069657)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069657/; classtype:trojan-activity;sid:83932757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069658)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069658/; classtype:trojan-activity;sid:83932758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069659)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069659/; classtype:trojan-activity;sid:83932759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069660)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069660/; classtype:trojan-activity;sid:83932760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069651)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069651/; classtype:trojan-activity;sid:83932751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069652)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069652/; classtype:trojan-activity;sid:83932752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069653)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069653/; classtype:trojan-activity;sid:83932753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069654)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069654/; classtype:trojan-activity;sid:83932754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069648)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069648/; classtype:trojan-activity;sid:83932748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069649)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069649/; classtype:trojan-activity;sid:83932749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069650)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069650/; classtype:trojan-activity;sid:83932750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069641)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069641/; classtype:trojan-activity;sid:83932741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069642)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069642/; classtype:trojan-activity;sid:83932742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069643)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069643/; classtype:trojan-activity;sid:83932743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069644)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069644/; classtype:trojan-activity;sid:83932744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069645)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069645/; classtype:trojan-activity;sid:83932745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069646)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069646/; classtype:trojan-activity;sid:83932746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069647)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069647/; classtype:trojan-activity;sid:83932747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069639)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069639/; classtype:trojan-activity;sid:83932739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069640)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069640/; classtype:trojan-activity;sid:83932740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069633)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069633/; classtype:trojan-activity;sid:83932733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069634)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069634/; classtype:trojan-activity;sid:83932734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069635)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069635/; classtype:trojan-activity;sid:83932735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069636)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069636/; classtype:trojan-activity;sid:83932736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069637)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069637/; classtype:trojan-activity;sid:83932737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069638)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069638/; classtype:trojan-activity;sid:83932738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069626)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069626/; classtype:trojan-activity;sid:83932726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069627)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069627/; classtype:trojan-activity;sid:83932727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069628)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069628/; classtype:trojan-activity;sid:83932728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069629)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069629/; classtype:trojan-activity;sid:83932729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069630)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069630/; classtype:trojan-activity;sid:83932730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069631)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069631/; classtype:trojan-activity;sid:83932731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069632)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069632/; classtype:trojan-activity;sid:83932732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069617)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069617/; classtype:trojan-activity;sid:83932717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069618)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069618/; classtype:trojan-activity;sid:83932718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069619)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069619/; classtype:trojan-activity;sid:83932719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069620)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069620/; classtype:trojan-activity;sid:83932720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069621)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069621/; classtype:trojan-activity;sid:83932721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069622)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069622/; classtype:trojan-activity;sid:83932722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069623)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069623/; classtype:trojan-activity;sid:83932723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069624)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069624/; classtype:trojan-activity;sid:83932724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069625)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069625/; classtype:trojan-activity;sid:83932725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069612)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069612/; classtype:trojan-activity;sid:83932712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069613)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069613/; classtype:trojan-activity;sid:83932713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069614)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069614/; classtype:trojan-activity;sid:83932714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069615)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069615/; classtype:trojan-activity;sid:83932715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069616)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069616/; classtype:trojan-activity;sid:83932716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069609)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069609/; classtype:trojan-activity;sid:83932709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069610)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069610/; classtype:trojan-activity;sid:83932710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069611)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069611/; classtype:trojan-activity;sid:83932711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069605)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069605/; classtype:trojan-activity;sid:83932705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069606)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069606/; classtype:trojan-activity;sid:83932706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069607)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069607/; classtype:trojan-activity;sid:83932707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069608)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069608/; classtype:trojan-activity;sid:83932708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069602)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069602/; classtype:trojan-activity;sid:83932702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069603)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069603/; classtype:trojan-activity;sid:83932703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069604)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069604/; classtype:trojan-activity;sid:83932704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069599)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069599/; classtype:trojan-activity;sid:83932699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069600)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069600/; classtype:trojan-activity;sid:83932700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069601)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069601/; classtype:trojan-activity;sid:83932701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069595)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069595/; classtype:trojan-activity;sid:83932695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069596)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069596/; classtype:trojan-activity;sid:83932696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069597)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069597/; classtype:trojan-activity;sid:83932697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069598)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069598/; classtype:trojan-activity;sid:83932698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069589)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069589/; classtype:trojan-activity;sid:83932689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069590)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069590/; classtype:trojan-activity;sid:83932690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069591)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069591/; classtype:trojan-activity;sid:83932691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069592)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069592/; classtype:trojan-activity;sid:83932692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069593)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069593/; classtype:trojan-activity;sid:83932693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069594)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069594/; classtype:trojan-activity;sid:83932694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069586)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069586/; classtype:trojan-activity;sid:83932686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069587)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069587/; classtype:trojan-activity;sid:83932687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069588)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069588/; classtype:trojan-activity;sid:83932688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069580)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069580/; classtype:trojan-activity;sid:83932680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069581)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069581/; classtype:trojan-activity;sid:83932681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069582)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069582/; classtype:trojan-activity;sid:83932682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069583)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069583/; classtype:trojan-activity;sid:83932683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069584)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069584/; classtype:trojan-activity;sid:83932684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069585)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069585/; classtype:trojan-activity;sid:83932685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069578)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069578/; classtype:trojan-activity;sid:83932678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069579)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069579/; classtype:trojan-activity;sid:83932679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069577)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069577/; classtype:trojan-activity;sid:83932677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069571)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069571/; classtype:trojan-activity;sid:83932671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069572)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069572/; classtype:trojan-activity;sid:83932672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069573)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069573/; classtype:trojan-activity;sid:83932673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069574)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069574/; classtype:trojan-activity;sid:83932674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069575)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069575/; classtype:trojan-activity;sid:83932675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069576)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069576/; classtype:trojan-activity;sid:83932676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069568)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069568/; classtype:trojan-activity;sid:83932668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069569)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069569/; classtype:trojan-activity;sid:83932669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069570)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069570/; classtype:trojan-activity;sid:83932670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069561)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069561/; classtype:trojan-activity;sid:83932661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069562)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069562/; classtype:trojan-activity;sid:83932662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069563)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069563/; classtype:trojan-activity;sid:83932663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069564)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069564/; classtype:trojan-activity;sid:83932664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069565)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069565/; classtype:trojan-activity;sid:83932665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069566)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069566/; classtype:trojan-activity;sid:83932666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069567)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069567/; classtype:trojan-activity;sid:83932667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069558)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069558/; classtype:trojan-activity;sid:83932658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069559)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069559/; classtype:trojan-activity;sid:83932659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069560)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069560/; classtype:trojan-activity;sid:83932660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069551)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069551/; classtype:trojan-activity;sid:83932651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069552)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069552/; classtype:trojan-activity;sid:83932652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069553)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069553/; classtype:trojan-activity;sid:83932653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069554)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069554/; classtype:trojan-activity;sid:83932654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069555)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069555/; classtype:trojan-activity;sid:83932655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069556)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069556/; classtype:trojan-activity;sid:83932656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069557)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069557/; classtype:trojan-activity;sid:83932657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069550)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069550/; classtype:trojan-activity;sid:83932650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069546)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069546/; classtype:trojan-activity;sid:83932646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069547)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069547/; classtype:trojan-activity;sid:83932647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069548)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069548/; classtype:trojan-activity;sid:83932648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069549)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069549/; classtype:trojan-activity;sid:83932649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069541)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069541/; classtype:trojan-activity;sid:83932641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069542)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069542/; classtype:trojan-activity;sid:83932642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069543)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069543/; classtype:trojan-activity;sid:83932643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069544)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069544/; classtype:trojan-activity;sid:83932644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069545)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069545/; classtype:trojan-activity;sid:83932645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069535)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069535/; classtype:trojan-activity;sid:83932635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069536)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069536/; classtype:trojan-activity;sid:83932636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069537)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069537/; classtype:trojan-activity;sid:83932637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069538)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069538/; classtype:trojan-activity;sid:83932638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069539)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069539/; classtype:trojan-activity;sid:83932639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069540)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069540/; classtype:trojan-activity;sid:83932640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069527)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069527/; classtype:trojan-activity;sid:83932627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069528)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069528/; classtype:trojan-activity;sid:83932628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069529)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069529/; classtype:trojan-activity;sid:83932629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069530)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069530/; classtype:trojan-activity;sid:83932630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069531)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069531/; classtype:trojan-activity;sid:83932631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069532)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069532/; classtype:trojan-activity;sid:83932632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069533)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069533/; classtype:trojan-activity;sid:83932633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069534)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069534/; classtype:trojan-activity;sid:83932634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069518)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069518/; classtype:trojan-activity;sid:83932618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069519)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069519/; classtype:trojan-activity;sid:83932619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069520)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069520/; classtype:trojan-activity;sid:83932620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069521)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069521/; classtype:trojan-activity;sid:83932621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069522)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069522/; classtype:trojan-activity;sid:83932622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069523)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069523/; classtype:trojan-activity;sid:83932623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069524)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069524/; classtype:trojan-activity;sid:83932624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069525)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069525/; classtype:trojan-activity;sid:83932625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069526)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069526/; classtype:trojan-activity;sid:83932626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069513)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069513/; classtype:trojan-activity;sid:83932613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069514)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069514/; classtype:trojan-activity;sid:83932614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069515)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069515/; classtype:trojan-activity;sid:83932615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069516)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069516/; classtype:trojan-activity;sid:83932616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069517)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069517/; classtype:trojan-activity;sid:83932617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069512)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069512/; classtype:trojan-activity;sid:83932612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069508)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069508/; classtype:trojan-activity;sid:83932608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069509)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069509/; classtype:trojan-activity;sid:83932609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069510)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069510/; classtype:trojan-activity;sid:83932610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069511)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069511/; classtype:trojan-activity;sid:83932611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069503)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069503/; classtype:trojan-activity;sid:83932603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069504)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069504/; classtype:trojan-activity;sid:83932604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069505)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069505/; classtype:trojan-activity;sid:83932605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069506)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069506/; classtype:trojan-activity;sid:83932606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069507)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069507/; classtype:trojan-activity;sid:83932607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069501)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069501/; classtype:trojan-activity;sid:83932601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069502)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069502/; classtype:trojan-activity;sid:83932602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069497)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069497/; classtype:trojan-activity;sid:83932597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069498)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069498/; classtype:trojan-activity;sid:83932598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069499)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069499/; classtype:trojan-activity;sid:83932599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069500)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069500/; classtype:trojan-activity;sid:83932600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069495)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069495/; classtype:trojan-activity;sid:83932595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069496)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069496/; classtype:trojan-activity;sid:83932596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069487)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069487/; classtype:trojan-activity;sid:83932587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069488)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069488/; classtype:trojan-activity;sid:83932588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069489)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069489/; classtype:trojan-activity;sid:83932589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069490)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069490/; classtype:trojan-activity;sid:83932590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069491)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069491/; classtype:trojan-activity;sid:83932591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069492)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069492/; classtype:trojan-activity;sid:83932592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069493)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069493/; classtype:trojan-activity;sid:83932593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069494)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069494/; classtype:trojan-activity;sid:83932594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069482)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069482/; classtype:trojan-activity;sid:83932582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069483)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069483/; classtype:trojan-activity;sid:83932583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069484)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069484/; classtype:trojan-activity;sid:83932584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069485)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069485/; classtype:trojan-activity;sid:83932585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069486)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069486/; classtype:trojan-activity;sid:83932586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069480)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069480/; classtype:trojan-activity;sid:83932580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069481)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069481/; classtype:trojan-activity;sid:83932581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069473)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069473/; classtype:trojan-activity;sid:83932573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069474)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069474/; classtype:trojan-activity;sid:83932574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069475)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069475/; classtype:trojan-activity;sid:83932575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069476)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069476/; classtype:trojan-activity;sid:83932576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069477)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069477/; classtype:trojan-activity;sid:83932577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069478)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069478/; classtype:trojan-activity;sid:83932578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069479)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069479/; classtype:trojan-activity;sid:83932579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069464)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069464/; classtype:trojan-activity;sid:83932564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069465)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069465/; classtype:trojan-activity;sid:83932565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069466)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069466/; classtype:trojan-activity;sid:83932566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069467)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069467/; classtype:trojan-activity;sid:83932567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069468)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069468/; classtype:trojan-activity;sid:83932568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069469)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069469/; classtype:trojan-activity;sid:83932569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069470)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069470/; classtype:trojan-activity;sid:83932570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069471)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069471/; classtype:trojan-activity;sid:83932571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069472)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069472/; classtype:trojan-activity;sid:83932572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069461)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069461/; classtype:trojan-activity;sid:83932561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069462)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069462/; classtype:trojan-activity;sid:83932562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069463)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069463/; classtype:trojan-activity;sid:83932563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069459)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069459/; classtype:trojan-activity;sid:83932559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069460)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069460/; classtype:trojan-activity;sid:83932560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069455)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069455/; classtype:trojan-activity;sid:83932555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069456)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069456/; classtype:trojan-activity;sid:83932556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069457)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069457/; classtype:trojan-activity;sid:83932557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069458)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069458/; classtype:trojan-activity;sid:83932558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069449)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069449/; classtype:trojan-activity;sid:83932549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069450)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069450/; classtype:trojan-activity;sid:83932550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069451)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069451/; classtype:trojan-activity;sid:83932551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069452)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069452/; classtype:trojan-activity;sid:83932552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069453)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069453/; classtype:trojan-activity;sid:83932553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069454)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069454/; classtype:trojan-activity;sid:83932554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069437)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069437/; classtype:trojan-activity;sid:83932537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069438)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069438/; classtype:trojan-activity;sid:83932538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069439)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069439/; classtype:trojan-activity;sid:83932539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069440)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069440/; classtype:trojan-activity;sid:83932540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069441)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069441/; classtype:trojan-activity;sid:83932541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069442)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069442/; classtype:trojan-activity;sid:83932542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069443)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069443/; classtype:trojan-activity;sid:83932543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069444)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069444/; classtype:trojan-activity;sid:83932544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069445)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069445/; classtype:trojan-activity;sid:83932545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069446)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069446/; classtype:trojan-activity;sid:83932546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069447)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069447/; classtype:trojan-activity;sid:83932547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069448)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069448/; classtype:trojan-activity;sid:83932548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069431)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069431/; classtype:trojan-activity;sid:83932531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069432)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069432/; classtype:trojan-activity;sid:83932532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069433)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069433/; classtype:trojan-activity;sid:83932533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069434)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069434/; classtype:trojan-activity;sid:83932534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069435)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069435/; classtype:trojan-activity;sid:83932535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069436)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069436/; classtype:trojan-activity;sid:83932536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069428)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069428/; classtype:trojan-activity;sid:83932528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069429)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069429/; classtype:trojan-activity;sid:83932529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069430)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069430/; classtype:trojan-activity;sid:83932530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069426)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069426/; classtype:trojan-activity;sid:83932526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069427)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069427/; classtype:trojan-activity;sid:83932527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069422)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069422/; classtype:trojan-activity;sid:83932522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069423)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069423/; classtype:trojan-activity;sid:83932523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069424)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069424/; classtype:trojan-activity;sid:83932524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069425)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069425/; classtype:trojan-activity;sid:83932525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069411)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069411/; classtype:trojan-activity;sid:83932511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069412)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069412/; classtype:trojan-activity;sid:83932512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069413)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069413/; classtype:trojan-activity;sid:83932513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069414)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069414/; classtype:trojan-activity;sid:83932514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069415)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069415/; classtype:trojan-activity;sid:83932515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069416)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069416/; classtype:trojan-activity;sid:83932516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069417)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069417/; classtype:trojan-activity;sid:83932517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069418)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069418/; classtype:trojan-activity;sid:83932518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069419)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069419/; classtype:trojan-activity;sid:83932519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069420)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069420/; classtype:trojan-activity;sid:83932520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069421)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069421/; classtype:trojan-activity;sid:83932521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069401)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069401/; classtype:trojan-activity;sid:83932501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069402)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069402/; classtype:trojan-activity;sid:83932502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069403)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069403/; classtype:trojan-activity;sid:83932503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069404)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069404/; classtype:trojan-activity;sid:83932504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069405)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069405/; classtype:trojan-activity;sid:83932505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069406)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069406/; classtype:trojan-activity;sid:83932506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069407)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069407/; classtype:trojan-activity;sid:83932507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069408)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069408/; classtype:trojan-activity;sid:83932508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069409)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069409/; classtype:trojan-activity;sid:83932509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069410)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069410/; classtype:trojan-activity;sid:83932510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069393)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069393/; classtype:trojan-activity;sid:83932493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069394)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069394/; classtype:trojan-activity;sid:83932494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069395)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069395/; classtype:trojan-activity;sid:83932495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069396)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069396/; classtype:trojan-activity;sid:83932496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069397)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069397/; classtype:trojan-activity;sid:83932497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069398)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069398/; classtype:trojan-activity;sid:83932498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069399)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069399/; classtype:trojan-activity;sid:83932499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069400)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069400/; classtype:trojan-activity;sid:83932500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069391)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069391/; classtype:trojan-activity;sid:83932491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069392)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069392/; classtype:trojan-activity;sid:83932492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069390)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069390/; classtype:trojan-activity;sid:83932490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069389)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069389/; classtype:trojan-activity;sid:83932489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069388)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069388/; classtype:trojan-activity;sid:83932488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069387)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069387/; classtype:trojan-activity;sid:83932487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069386)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069386/; classtype:trojan-activity;sid:83932486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069384)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069384/; classtype:trojan-activity;sid:83932484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069385)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069385/; classtype:trojan-activity;sid:83932485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069377)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069377/; classtype:trojan-activity;sid:83932477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069378)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069378/; classtype:trojan-activity;sid:83932478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069379)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069379/; classtype:trojan-activity;sid:83932479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069380)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069380/; classtype:trojan-activity;sid:83932480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069381)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069381/; classtype:trojan-activity;sid:83932481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069382)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069382/; classtype:trojan-activity;sid:83932482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069383)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069383/; classtype:trojan-activity;sid:83932483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069365)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069365/; classtype:trojan-activity;sid:83932465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069366)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069366/; classtype:trojan-activity;sid:83932466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069367)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069367/; classtype:trojan-activity;sid:83932467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069368)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069368/; classtype:trojan-activity;sid:83932468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069369)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069369/; classtype:trojan-activity;sid:83932469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069370)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069370/; classtype:trojan-activity;sid:83932470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069371)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069371/; classtype:trojan-activity;sid:83932471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069372)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069372/; classtype:trojan-activity;sid:83932472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069373)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069373/; classtype:trojan-activity;sid:83932473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069374)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069374/; classtype:trojan-activity;sid:83932474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069375)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069375/; classtype:trojan-activity;sid:83932475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069376)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069376/; classtype:trojan-activity;sid:83932476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069358)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069358/; classtype:trojan-activity;sid:83932458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069359)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069359/; classtype:trojan-activity;sid:83932459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069360)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069360/; classtype:trojan-activity;sid:83932460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069361)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069361/; classtype:trojan-activity;sid:83932461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069362)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069362/; classtype:trojan-activity;sid:83932462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069363)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069363/; classtype:trojan-activity;sid:83932463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069364)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069364/; classtype:trojan-activity;sid:83932464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069357)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069357/; classtype:trojan-activity;sid:83932457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069353)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069353/; classtype:trojan-activity;sid:83932453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069354)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069354/; classtype:trojan-activity;sid:83932454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069355)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069355/; classtype:trojan-activity;sid:83932455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069356)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069356/; classtype:trojan-activity;sid:83932456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069352)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069352/; classtype:trojan-activity;sid:83932452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069350)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069350/; classtype:trojan-activity;sid:83932450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069351)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069351/; classtype:trojan-activity;sid:83932451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069348)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069348/; classtype:trojan-activity;sid:83932448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069349)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069349/; classtype:trojan-activity;sid:83932449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069345)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069345/; classtype:trojan-activity;sid:83932445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069346)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069346/; classtype:trojan-activity;sid:83932446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069347)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069347/; classtype:trojan-activity;sid:83932447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069344)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069344/; classtype:trojan-activity;sid:83932444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069339)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069339/; classtype:trojan-activity;sid:83932439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069340)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069340/; classtype:trojan-activity;sid:83932440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069341)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069341/; classtype:trojan-activity;sid:83932441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069342)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069342/; classtype:trojan-activity;sid:83932442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069343)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069343/; classtype:trojan-activity;sid:83932443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069331)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069331/; classtype:trojan-activity;sid:83932431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069332)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069332/; classtype:trojan-activity;sid:83932432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069333)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069333/; classtype:trojan-activity;sid:83932433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069334)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069334/; classtype:trojan-activity;sid:83932434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069335)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069335/; classtype:trojan-activity;sid:83932435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069336)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069336/; classtype:trojan-activity;sid:83932436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069337)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069337/; classtype:trojan-activity;sid:83932437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069338)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069338/; classtype:trojan-activity;sid:83932438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069322)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069322/; classtype:trojan-activity;sid:83932422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069323)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069323/; classtype:trojan-activity;sid:83932423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069324)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069324/; classtype:trojan-activity;sid:83932424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069325)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069325/; classtype:trojan-activity;sid:83932425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069326)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069326/; classtype:trojan-activity;sid:83932426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069327)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069327/; classtype:trojan-activity;sid:83932427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069328)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069328/; classtype:trojan-activity;sid:83932428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069329)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069329/; classtype:trojan-activity;sid:83932429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069330)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069330/; classtype:trojan-activity;sid:83932430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069316)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069316/; classtype:trojan-activity;sid:83932416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069317)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069317/; classtype:trojan-activity;sid:83932417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069318)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069318/; classtype:trojan-activity;sid:83932418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069319)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069319/; classtype:trojan-activity;sid:83932419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069320)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069320/; classtype:trojan-activity;sid:83932420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069321)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069321/; classtype:trojan-activity;sid:83932421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069315)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069315/; classtype:trojan-activity;sid:83932415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069313)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069313/; classtype:trojan-activity;sid:83932413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069314)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069314/; classtype:trojan-activity;sid:83932414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069312)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069312/; classtype:trojan-activity;sid:83932412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069311)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069311/; classtype:trojan-activity;sid:83932411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069308)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069308/; classtype:trojan-activity;sid:83932408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069309)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069309/; classtype:trojan-activity;sid:83932409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069310)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069310/; classtype:trojan-activity;sid:83932410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069307)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069307/; classtype:trojan-activity;sid:83932407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069305)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069305/; classtype:trojan-activity;sid:83932405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069306)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069306/; classtype:trojan-activity;sid:83932406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069304)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069304/; classtype:trojan-activity;sid:83932404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069303)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069303/; classtype:trojan-activity;sid:83932403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069301)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069301/; classtype:trojan-activity;sid:83932401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069302)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069302/; classtype:trojan-activity;sid:83932402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069293)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069293/; classtype:trojan-activity;sid:83932393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069294)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069294/; classtype:trojan-activity;sid:83932394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069295)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069295/; classtype:trojan-activity;sid:83932395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069296)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069296/; classtype:trojan-activity;sid:83932396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069297)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069297/; classtype:trojan-activity;sid:83932397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069298)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069298/; classtype:trojan-activity;sid:83932398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069299)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069299/; classtype:trojan-activity;sid:83932399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069300)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069300/; classtype:trojan-activity;sid:83932400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069285)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069285/; classtype:trojan-activity;sid:83932385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069286)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069286/; classtype:trojan-activity;sid:83932386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069287)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069287/; classtype:trojan-activity;sid:83932387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069288)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069288/; classtype:trojan-activity;sid:83932388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069289)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069289/; classtype:trojan-activity;sid:83932389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069290)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069290/; classtype:trojan-activity;sid:83932390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069291)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069291/; classtype:trojan-activity;sid:83932391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069292)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069292/; classtype:trojan-activity;sid:83932392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069282)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069282/; classtype:trojan-activity;sid:83932382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069283)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069283/; classtype:trojan-activity;sid:83932383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069284)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069284/; classtype:trojan-activity;sid:83932384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069277)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069277/; classtype:trojan-activity;sid:83932377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069278)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069278/; classtype:trojan-activity;sid:83932378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069279)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069279/; classtype:trojan-activity;sid:83932379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069280)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069280/; classtype:trojan-activity;sid:83932380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069281)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069281/; classtype:trojan-activity;sid:83932381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069275)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069275/; classtype:trojan-activity;sid:83932375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069276)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069276/; classtype:trojan-activity;sid:83932376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069273)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069273/; classtype:trojan-activity;sid:83932373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069274)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069274/; classtype:trojan-activity;sid:83932374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069269)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069269/; classtype:trojan-activity;sid:83932369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069270)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069270/; classtype:trojan-activity;sid:83932370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069271)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069271/; classtype:trojan-activity;sid:83932371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069272)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069272/; classtype:trojan-activity;sid:83932372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069265)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069265/; classtype:trojan-activity;sid:83932365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069266)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069266/; classtype:trojan-activity;sid:83932366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069267)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069267/; classtype:trojan-activity;sid:83932367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069268)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069268/; classtype:trojan-activity;sid:83932368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069252)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069252/; classtype:trojan-activity;sid:83932352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069253)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069253/; classtype:trojan-activity;sid:83932353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069254)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069254/; classtype:trojan-activity;sid:83932354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069255)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069255/; classtype:trojan-activity;sid:83932355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069256)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069256/; classtype:trojan-activity;sid:83932356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069257)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069257/; classtype:trojan-activity;sid:83932357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069258)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069258/; classtype:trojan-activity;sid:83932358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069259)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069259/; classtype:trojan-activity;sid:83932359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069260)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069260/; classtype:trojan-activity;sid:83932360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069261)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069261/; classtype:trojan-activity;sid:83932361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069262)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069262/; classtype:trojan-activity;sid:83932362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069263)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069263/; classtype:trojan-activity;sid:83932363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069264)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069264/; classtype:trojan-activity;sid:83932364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069250)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069250/; classtype:trojan-activity;sid:83932350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069251)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069251/; classtype:trojan-activity;sid:83932351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069247)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069247/; classtype:trojan-activity;sid:83932347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069248)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069248/; classtype:trojan-activity;sid:83932348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069249)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069249/; classtype:trojan-activity;sid:83932349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069242)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069242/; classtype:trojan-activity;sid:83932342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069243)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069243/; classtype:trojan-activity;sid:83932343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069244)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069244/; classtype:trojan-activity;sid:83932344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069245)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069245/; classtype:trojan-activity;sid:83932345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069246)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069246/; classtype:trojan-activity;sid:83932346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069236)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069236/; classtype:trojan-activity;sid:83932336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069237)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069237/; classtype:trojan-activity;sid:83932337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069238)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069238/; classtype:trojan-activity;sid:83932338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069239)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069239/; classtype:trojan-activity;sid:83932339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069240)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069240/; classtype:trojan-activity;sid:83932340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069241)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069241/; classtype:trojan-activity;sid:83932341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069231)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069231/; classtype:trojan-activity;sid:83932331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069232)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069232/; classtype:trojan-activity;sid:83932332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069233)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069233/; classtype:trojan-activity;sid:83932333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069234)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069234/; classtype:trojan-activity;sid:83932334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069235)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069235/; classtype:trojan-activity;sid:83932335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069227)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069227/; classtype:trojan-activity;sid:83932327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069228)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069228/; classtype:trojan-activity;sid:83932328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069229)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069229/; classtype:trojan-activity;sid:83932329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069230)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069230/; classtype:trojan-activity;sid:83932330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069216)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069216/; classtype:trojan-activity;sid:83932316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069217)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069217/; classtype:trojan-activity;sid:83932317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069218)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069218/; classtype:trojan-activity;sid:83932318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069219)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069219/; classtype:trojan-activity;sid:83932319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069220)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069220/; classtype:trojan-activity;sid:83932320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069221)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069221/; classtype:trojan-activity;sid:83932321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069222)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069222/; classtype:trojan-activity;sid:83932322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069223)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069223/; classtype:trojan-activity;sid:83932323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069224)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069224/; classtype:trojan-activity;sid:83932324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069225)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069225/; classtype:trojan-activity;sid:83932325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069226)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069226/; classtype:trojan-activity;sid:83932326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069214)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069214/; classtype:trojan-activity;sid:83932314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069215)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069215/; classtype:trojan-activity;sid:83932315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069206)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069206/; classtype:trojan-activity;sid:83932306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069207)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069207/; classtype:trojan-activity;sid:83932307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069208)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069208/; classtype:trojan-activity;sid:83932308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069209)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069209/; classtype:trojan-activity;sid:83932309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069210)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069210/; classtype:trojan-activity;sid:83932310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069211)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069211/; classtype:trojan-activity;sid:83932311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069212)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069212/; classtype:trojan-activity;sid:83932312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069213)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069213/; classtype:trojan-activity;sid:83932313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069196)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069196/; classtype:trojan-activity;sid:83932296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069197)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069197/; classtype:trojan-activity;sid:83932297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069198)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069198/; classtype:trojan-activity;sid:83932298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069199)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069199/; classtype:trojan-activity;sid:83932299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069200)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069200/; classtype:trojan-activity;sid:83932300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069201)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069201/; classtype:trojan-activity;sid:83932301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069202)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069202/; classtype:trojan-activity;sid:83932302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069203)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069203/; classtype:trojan-activity;sid:83932303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069204)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069204/; classtype:trojan-activity;sid:83932304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069205)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069205/; classtype:trojan-activity;sid:83932305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069193)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069193/; classtype:trojan-activity;sid:83932293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069194)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069194/; classtype:trojan-activity;sid:83932294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069195)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069195/; classtype:trojan-activity;sid:83932295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069188)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069188/; classtype:trojan-activity;sid:83932288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069189)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069189/; classtype:trojan-activity;sid:83932289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069190)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069190/; classtype:trojan-activity;sid:83932290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069191)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069191/; classtype:trojan-activity;sid:83932291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069192)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069192/; classtype:trojan-activity;sid:83932292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069184)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069184/; classtype:trojan-activity;sid:83932284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069185)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069185/; classtype:trojan-activity;sid:83932285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069186)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069186/; classtype:trojan-activity;sid:83932286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069187)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069187/; classtype:trojan-activity;sid:83932287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069182)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069182/; classtype:trojan-activity;sid:83932282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069183)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069183/; classtype:trojan-activity;sid:83932283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069179)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069179/; classtype:trojan-activity;sid:83932279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069180)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069180/; classtype:trojan-activity;sid:83932280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069181)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069181/; classtype:trojan-activity;sid:83932281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069174)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069174/; classtype:trojan-activity;sid:83932274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069175)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069175/; classtype:trojan-activity;sid:83932275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069176)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069176/; classtype:trojan-activity;sid:83932276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069177)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069177/; classtype:trojan-activity;sid:83932277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069178)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069178/; classtype:trojan-activity;sid:83932278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069168)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069168/; classtype:trojan-activity;sid:83932268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069169)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069169/; classtype:trojan-activity;sid:83932269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069170)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069170/; classtype:trojan-activity;sid:83932270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069171)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069171/; classtype:trojan-activity;sid:83932271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069172)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069172/; classtype:trojan-activity;sid:83932272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069173)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069173/; classtype:trojan-activity;sid:83932273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069161)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069161/; classtype:trojan-activity;sid:83932261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069162)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069162/; classtype:trojan-activity;sid:83932262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069163)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069163/; classtype:trojan-activity;sid:83932263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069164)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069164/; classtype:trojan-activity;sid:83932264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069165)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069165/; classtype:trojan-activity;sid:83932265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069166)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069166/; classtype:trojan-activity;sid:83932266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069167)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069167/; classtype:trojan-activity;sid:83932267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069159)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069159/; classtype:trojan-activity;sid:83932259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069160)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069160/; classtype:trojan-activity;sid:83932260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069156)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069156/; classtype:trojan-activity;sid:83932256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069157)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069157/; classtype:trojan-activity;sid:83932257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069158)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069158/; classtype:trojan-activity;sid:83932258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069150)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069150/; classtype:trojan-activity;sid:83932250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069151)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069151/; classtype:trojan-activity;sid:83932251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069152)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069152/; classtype:trojan-activity;sid:83932252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069153)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069153/; classtype:trojan-activity;sid:83932253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069154)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069154/; classtype:trojan-activity;sid:83932254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069155)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069155/; classtype:trojan-activity;sid:83932255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069145)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069145/; classtype:trojan-activity;sid:83932245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069146)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069146/; classtype:trojan-activity;sid:83932246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069147)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069147/; classtype:trojan-activity;sid:83932247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069148)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069148/; classtype:trojan-activity;sid:83932248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069149)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069149/; classtype:trojan-activity;sid:83932249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069140)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069140/; classtype:trojan-activity;sid:83932240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069141)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069141/; classtype:trojan-activity;sid:83932241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069142)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069142/; classtype:trojan-activity;sid:83932242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069143)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069143/; classtype:trojan-activity;sid:83932243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069144)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069144/; classtype:trojan-activity;sid:83932244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069138)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069138/; classtype:trojan-activity;sid:83932238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069139)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069139/; classtype:trojan-activity;sid:83932239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069128)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069128/; classtype:trojan-activity;sid:83932228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069129)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069129/; classtype:trojan-activity;sid:83932229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069130)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069130/; classtype:trojan-activity;sid:83932230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069131)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069131/; classtype:trojan-activity;sid:83932231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069132)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069132/; classtype:trojan-activity;sid:83932232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069133)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069133/; classtype:trojan-activity;sid:83932233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069134)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069134/; classtype:trojan-activity;sid:83932234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069135)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069135/; classtype:trojan-activity;sid:83932235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069136)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069136/; classtype:trojan-activity;sid:83932236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069137)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069137/; classtype:trojan-activity;sid:83932237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069127)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069127/; classtype:trojan-activity;sid:83932227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069124)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069124/; classtype:trojan-activity;sid:83932224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069125)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069125/; classtype:trojan-activity;sid:83932225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069126)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069126/; classtype:trojan-activity;sid:83932226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069117)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069117/; classtype:trojan-activity;sid:83932217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069118)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069118/; classtype:trojan-activity;sid:83932218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069119)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069119/; classtype:trojan-activity;sid:83932219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069120)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069120/; classtype:trojan-activity;sid:83932220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069121)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069121/; classtype:trojan-activity;sid:83932221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069122)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069122/; classtype:trojan-activity;sid:83932222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069123)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069123/; classtype:trojan-activity;sid:83932223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069112)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069112/; classtype:trojan-activity;sid:83932212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069113)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069113/; classtype:trojan-activity;sid:83932213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069114)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069114/; classtype:trojan-activity;sid:83932214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069115)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069115/; classtype:trojan-activity;sid:83932215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069116)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069116/; classtype:trojan-activity;sid:83932216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069108)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069108/; classtype:trojan-activity;sid:83932208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069109)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069109/; classtype:trojan-activity;sid:83932209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069110)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069110/; classtype:trojan-activity;sid:83932210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069111)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069111/; classtype:trojan-activity;sid:83932211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069104)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069104/; classtype:trojan-activity;sid:83932204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069105)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069105/; classtype:trojan-activity;sid:83932205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069106)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069106/; classtype:trojan-activity;sid:83932206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069107)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069107/; classtype:trojan-activity;sid:83932207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069099)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069099/; classtype:trojan-activity;sid:83932199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069100)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069100/; classtype:trojan-activity;sid:83932200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069101)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069101/; classtype:trojan-activity;sid:83932201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069102)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069102/; classtype:trojan-activity;sid:83932202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069103)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069103/; classtype:trojan-activity;sid:83932203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069088)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069088/; classtype:trojan-activity;sid:83932188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069089)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069089/; classtype:trojan-activity;sid:83932189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069090)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069090/; classtype:trojan-activity;sid:83932190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069091)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069091/; classtype:trojan-activity;sid:83932191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069092)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069092/; classtype:trojan-activity;sid:83932192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069093)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069093/; classtype:trojan-activity;sid:83932193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069094)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069094/; classtype:trojan-activity;sid:83932194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069095)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069095/; classtype:trojan-activity;sid:83932195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069096)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069096/; classtype:trojan-activity;sid:83932196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069097)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069097/; classtype:trojan-activity;sid:83932197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069098)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069098/; classtype:trojan-activity;sid:83932198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069080)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069080/; classtype:trojan-activity;sid:83932180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069081)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069081/; classtype:trojan-activity;sid:83932181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069082)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069082/; classtype:trojan-activity;sid:83932182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069083)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069083/; classtype:trojan-activity;sid:83932183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069084)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069084/; classtype:trojan-activity;sid:83932184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069085)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069085/; classtype:trojan-activity;sid:83932185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069086)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069086/; classtype:trojan-activity;sid:83932186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069087)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069087/; classtype:trojan-activity;sid:83932187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069074)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069074/; classtype:trojan-activity;sid:83932174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069075)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069075/; classtype:trojan-activity;sid:83932175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069076)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069076/; classtype:trojan-activity;sid:83932176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069077)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069077/; classtype:trojan-activity;sid:83932177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069078)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069078/; classtype:trojan-activity;sid:83932178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069079)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069079/; classtype:trojan-activity;sid:83932179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069067)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069067/; classtype:trojan-activity;sid:83932167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069068)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069068/; classtype:trojan-activity;sid:83932168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069069)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069069/; classtype:trojan-activity;sid:83932169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069070)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069070/; classtype:trojan-activity;sid:83932170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069071)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069071/; classtype:trojan-activity;sid:83932171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069072)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069072/; classtype:trojan-activity;sid:83932172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069073)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069073/; classtype:trojan-activity;sid:83932173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069064)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069064/; classtype:trojan-activity;sid:83932164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069065)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069065/; classtype:trojan-activity;sid:83932165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069066)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069066/; classtype:trojan-activity;sid:83932166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069056)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069056/; classtype:trojan-activity;sid:83932156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069057)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069057/; classtype:trojan-activity;sid:83932157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069058)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069058/; classtype:trojan-activity;sid:83932158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069059)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069059/; classtype:trojan-activity;sid:83932159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069060)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069060/; classtype:trojan-activity;sid:83932160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069061)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069061/; classtype:trojan-activity;sid:83932161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069062)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069062/; classtype:trojan-activity;sid:83932162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069063)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069063/; classtype:trojan-activity;sid:83932163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069044)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069044/; classtype:trojan-activity;sid:83932144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069045)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069045/; classtype:trojan-activity;sid:83932145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069046)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069046/; classtype:trojan-activity;sid:83932146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069047)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069047/; classtype:trojan-activity;sid:83932147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069048)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069048/; classtype:trojan-activity;sid:83932148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069049)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069049/; classtype:trojan-activity;sid:83932149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069050)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069050/; classtype:trojan-activity;sid:83932150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069051)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069051/; classtype:trojan-activity;sid:83932151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069052)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069052/; classtype:trojan-activity;sid:83932152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069053)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069053/; classtype:trojan-activity;sid:83932153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069054)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069054/; classtype:trojan-activity;sid:83932154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069055)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069055/; classtype:trojan-activity;sid:83932155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069039)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069039/; classtype:trojan-activity;sid:83932139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069040)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069040/; classtype:trojan-activity;sid:83932140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069041)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069041/; classtype:trojan-activity;sid:83932141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069042)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069042/; classtype:trojan-activity;sid:83932142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069043)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069043/; classtype:trojan-activity;sid:83932143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069034)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069034/; classtype:trojan-activity;sid:83932134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069035)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069035/; classtype:trojan-activity;sid:83932135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069036)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069036/; classtype:trojan-activity;sid:83932136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069037)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069037/; classtype:trojan-activity;sid:83932137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069038)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069038/; classtype:trojan-activity;sid:83932138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069026)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069026/; classtype:trojan-activity;sid:83932126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069027)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069027/; classtype:trojan-activity;sid:83932127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069028)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069028/; classtype:trojan-activity;sid:83932128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069029)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069029/; classtype:trojan-activity;sid:83932129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069030)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069030/; classtype:trojan-activity;sid:83932130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069031)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069031/; classtype:trojan-activity;sid:83932131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069032)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069032/; classtype:trojan-activity;sid:83932132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069033)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069033/; classtype:trojan-activity;sid:83932133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069016)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069016/; classtype:trojan-activity;sid:83932116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069017)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069017/; classtype:trojan-activity;sid:83932117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069018)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069018/; classtype:trojan-activity;sid:83932118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069019)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069019/; classtype:trojan-activity;sid:83932119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069020)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"72ec8d09-fce8-4272-9829-f4a17ae33269.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069020/; classtype:trojan-activity;sid:83932120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069021)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069021/; classtype:trojan-activity;sid:83932121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069022)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069022/; classtype:trojan-activity;sid:83932122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069023)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069023/; classtype:trojan-activity;sid:83932123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069024)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069024/; classtype:trojan-activity;sid:83932124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069025)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069025/; classtype:trojan-activity;sid:83932125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069015)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069015/; classtype:trojan-activity;sid:83932115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069005)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069005/; classtype:trojan-activity;sid:83932105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069006)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069006/; classtype:trojan-activity;sid:83932106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069007)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069007/; classtype:trojan-activity;sid:83932107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069008)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069008/; classtype:trojan-activity;sid:83932108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069009)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069009/; classtype:trojan-activity;sid:83932109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069010)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069010/; classtype:trojan-activity;sid:83932110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069011)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069011/; classtype:trojan-activity;sid:83932111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069012)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069012/; classtype:trojan-activity;sid:83932112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069013)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069013/; classtype:trojan-activity;sid:83932113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069014)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069014/; classtype:trojan-activity;sid:83932114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069001)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069001/; classtype:trojan-activity;sid:83932101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069002)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069002/; classtype:trojan-activity;sid:83932102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069003)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069003/; classtype:trojan-activity;sid:83932103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069004)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069004/; classtype:trojan-activity;sid:83932104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068984)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"yqpbmbpwksl.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068984/; classtype:trojan-activity;sid:83932084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068985)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"bcc3d8ee-9718-4d4d-8494-2b5fc0b685be.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068985/; classtype:trojan-activity;sid:83932085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068986)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"rfddsdaajbs.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068986/; classtype:trojan-activity;sid:83932086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068987)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"4841a27a-aeca-4563-9acf-b84bd2e4a572.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068987/; classtype:trojan-activity;sid:83932087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068988)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"c0349eb0-28fb-48be-b636-b866060fb0a1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068988/; classtype:trojan-activity;sid:83932088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068989)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"bef08220-795f-4c88-a211-13dfc2d20d4c.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068989/; classtype:trojan-activity;sid:83932089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068990)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"demo.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068990/; classtype:trojan-activity;sid:83932090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068991)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"9d4e04ce-a517-4d13-a463-30c7edb00ca5.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068991/; classtype:trojan-activity;sid:83932091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068992)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"faf52996-68c1-46a1-b531-b14d611d20e3.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068992/; classtype:trojan-activity;sid:83932092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068993)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"c7797d6a-28d9-4e99-81f1-98c0567e46ad.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068993/; classtype:trojan-activity;sid:83932093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068994)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"skyjsihnqew.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068994/; classtype:trojan-activity;sid:83932094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068995)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"wmmzcodukxm.aefiabeuodbauobfafoebbf.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068995/; classtype:trojan-activity;sid:83932095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068996)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"32326df1-21cb-49ce-8424-4802f8af9fdd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068996/; classtype:trojan-activity;sid:83932096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068997)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"7db24a1f-1cdd-4190-89ec-b2765dadb2cd.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068997/; classtype:trojan-activity;sid:83932097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068998)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"72d673a1-eb79-49af-9da0-269b13f9ac9f.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068998/; classtype:trojan-activity;sid:83932098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068999)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"fd8a7ef9-faae-4c3c-814a-376eb024783e.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068999/; classtype:trojan-activity;sid:83932099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069000)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"smtp.aefiabeuodbauobfafoebbf.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069000/; classtype:trojan-activity;sid:83932100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068978)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"4b488e51-f1ae-4819-8709-fb213d2875cd.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068978/; classtype:trojan-activity;sid:83932078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068979)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068979/; classtype:trojan-activity;sid:83932079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068980)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"cef331d9-c605-4d06-aa84-b25d5c7662ac.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068980/; classtype:trojan-activity;sid:83932080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068981)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"e9ee228b-57e8-4349-a41e-71a7b6d67aa2.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068981/; classtype:trojan-activity;sid:83932081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068982)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"601a893a-e60f-4252-8810-13698bb2abc1.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068982/; classtype:trojan-activity;sid:83932082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068983)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"privacy.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068983/; classtype:trojan-activity;sid:83932083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068970)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mail.fihsifuiiusuiuduf.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068970/; classtype:trojan-activity;sid:83932070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068971)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"2173c68b-2260-4810-9a81-774ef2ab2048.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068971/; classtype:trojan-activity;sid:83932071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068972)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"aeoghehofu.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068972/; classtype:trojan-activity;sid:83932072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068973)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"app.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068973/; classtype:trojan-activity;sid:83932073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068974)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"c99d2b10-b6a8-474b-a0b8-96d8118e5ffe.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068974/; classtype:trojan-activity;sid:83932074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068975)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"eff6743c-caa4-48bb-ab72-f3a43bf81e0e.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068975/; classtype:trojan-activity;sid:83932075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068976)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"691b7289-27a2-4daf-9e9b-485fe30d2331.random.fihsifuiiusuiuduf.com"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068976/; classtype:trojan-activity;sid:83932076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068977)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"71b002e7-9c3a-45c2-9708-01ddfacca838.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068977/; classtype:trojan-activity;sid:83932077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068964)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dev.aefiabeuodbauobfafoebbf.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068964/; classtype:trojan-activity;sid:83932064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068965)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068965/; classtype:trojan-activity;sid:83932065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068966)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"webmail.aefiabeuodbauobfafoebbf.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068966/; classtype:trojan-activity;sid:83932066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068967)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"aoruuoooshfrohle.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068967/; classtype:trojan-activity;sid:83932067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068968)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"aebbf21e-8b29-43b7-bb9f-7cb1d7c4afe4.random.aefiabeuodbauobfafoebbf.net"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068968/; classtype:trojan-activity;sid:83932068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068969)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gztcpcmynls.fihsifuiiusuiuduf.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068969/; classtype:trojan-activity;sid:83932069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068963)"; flow:established,from_client; content:"GET"; http_method; content:"/orderreview"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ruym.loyalty.hienphucuanhanloai.org"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068963/; classtype:trojan-activity;sid:83932063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068962)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.116.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068962/; classtype:trojan-activity;sid:83932062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068961)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.10.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068961/; classtype:trojan-activity;sid:83932061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068960)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.14.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068960/; classtype:trojan-activity;sid:83932060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068959)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.232.76.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068959/; classtype:trojan-activity;sid:83932059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068958)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.66.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068958/; classtype:trojan-activity;sid:83932058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068957)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.46.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068957/; classtype:trojan-activity;sid:83932057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068954)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.175.161.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068954/; classtype:trojan-activity;sid:83932054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068955)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.60.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068955/; classtype:trojan-activity;sid:83932055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.54.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068956/; classtype:trojan-activity;sid:83932056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068953)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.60.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068953/; classtype:trojan-activity;sid:83932053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.90.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068952/; classtype:trojan-activity;sid:83932052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.236.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068951/; classtype:trojan-activity;sid:83932051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.116.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068950/; classtype:trojan-activity;sid:83932050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.124.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068949/; classtype:trojan-activity;sid:83932049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068948)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.255.20.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068948/; classtype:trojan-activity;sid:83932048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068947)"; flow:established,from_client; content:"GET"; http_method; content:"/blink"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"139.155.1.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068947/; classtype:trojan-activity;sid:83932047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.67.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068946/; classtype:trojan-activity;sid:83932046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.143.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068945/; classtype:trojan-activity;sid:83932045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.213.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068944/; classtype:trojan-activity;sid:83932044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068941)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"fihsifuiiusuiuduf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068941/; classtype:trojan-activity;sid:83932041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068942)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068942/; classtype:trojan-activity;sid:83932042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068943)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068943/; classtype:trojan-activity;sid:83932043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068920)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068920/; classtype:trojan-activity;sid:83932020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068921)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068921/; classtype:trojan-activity;sid:83932021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.118.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068922/; classtype:trojan-activity;sid:83932022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068923)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"thaus.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068923/; classtype:trojan-activity;sid:83932023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068924)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aefiabeuodbauobfafoebbf.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068924/; classtype:trojan-activity;sid:83932024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068925)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068925/; classtype:trojan-activity;sid:83932025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068926)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068926/; classtype:trojan-activity;sid:83932026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068927)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068927/; classtype:trojan-activity;sid:83932027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068928)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"fihsifuiiusuiuduf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068928/; classtype:trojan-activity;sid:83932028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068929)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aefiabeuodbauobfafoebbf.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068929/; classtype:trojan-activity;sid:83932029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068930)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"thaus.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068930/; classtype:trojan-activity;sid:83932030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068931)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068931/; classtype:trojan-activity;sid:83932031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068932)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068932/; classtype:trojan-activity;sid:83932032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068933)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068933/; classtype:trojan-activity;sid:83932033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068934)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"fihsifuiiusuiuduf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068934/; classtype:trojan-activity;sid:83932034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068935)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"thaus.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068935/; classtype:trojan-activity;sid:83932035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068936)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aefiabeuodbauobfafoebbf.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068936/; classtype:trojan-activity;sid:83932036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068937)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068937/; classtype:trojan-activity;sid:83932037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068938)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068938/; classtype:trojan-activity;sid:83932038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068939)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068939/; classtype:trojan-activity;sid:83932039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068940)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068940/; classtype:trojan-activity;sid:83932040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068913)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068913/; classtype:trojan-activity;sid:83932013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068914)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068914/; classtype:trojan-activity;sid:83932014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068915)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068915/; classtype:trojan-activity;sid:83932015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068916)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"fihsifuiiusuiuduf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068916/; classtype:trojan-activity;sid:83932016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068917)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068917/; classtype:trojan-activity;sid:83932017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068918)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068918/; classtype:trojan-activity;sid:83932018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068919)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068919/; classtype:trojan-activity;sid:83932019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068899)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068899/; classtype:trojan-activity;sid:83931999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068900)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068900/; classtype:trojan-activity;sid:83932000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068901)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068901/; classtype:trojan-activity;sid:83932001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068902)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"fihsifuiiusuiuduf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068902/; classtype:trojan-activity;sid:83932002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068903)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068903/; classtype:trojan-activity;sid:83932003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068904)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068904/; classtype:trojan-activity;sid:83932004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068905)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068905/; classtype:trojan-activity;sid:83932005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068906)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068906/; classtype:trojan-activity;sid:83932006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068907)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"aefiabeuodbauobfafoebbf.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068907/; classtype:trojan-activity;sid:83932007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068908)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068908/; classtype:trojan-activity;sid:83932008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068909)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068909/; classtype:trojan-activity;sid:83932009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068910)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068910/; classtype:trojan-activity;sid:83932010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068911)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"thaus.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068911/; classtype:trojan-activity;sid:83932011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068912)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068912/; classtype:trojan-activity;sid:83932012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068896)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"thaus.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068896/; classtype:trojan-activity;sid:83931996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068897)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068897/; classtype:trojan-activity;sid:83931997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068898)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"fihsifuiiusuiuduf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068898/; classtype:trojan-activity;sid:83931998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068882)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"thaus.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068882/; classtype:trojan-activity;sid:83931982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068883)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fihsifuiiusuiuduf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068883/; classtype:trojan-activity;sid:83931983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068884)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068884/; classtype:trojan-activity;sid:83931984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068885)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068885/; classtype:trojan-activity;sid:83931985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068886)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aefiabeuodbauobfafoebbf.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068886/; classtype:trojan-activity;sid:83931986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068887)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068887/; classtype:trojan-activity;sid:83931987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068888)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"thaus.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068888/; classtype:trojan-activity;sid:83931988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068889)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068889/; classtype:trojan-activity;sid:83931989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068890)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068890/; classtype:trojan-activity;sid:83931990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068891)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068891/; classtype:trojan-activity;sid:83931991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068892)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068892/; classtype:trojan-activity;sid:83931992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068893)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068893/; classtype:trojan-activity;sid:83931993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068894)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aefiabeuodbauobfafoebbf.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068894/; classtype:trojan-activity;sid:83931994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068895)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068895/; classtype:trojan-activity;sid:83931995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068873)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aefiabeuodbauobfafoebbf.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068873/; classtype:trojan-activity;sid:83931973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068874)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068874/; classtype:trojan-activity;sid:83931974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068875)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068875/; classtype:trojan-activity;sid:83931975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068876)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068876/; classtype:trojan-activity;sid:83931976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068877)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068877/; classtype:trojan-activity;sid:83931977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068878)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068878/; classtype:trojan-activity;sid:83931978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068879)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068879/; classtype:trojan-activity;sid:83931979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068880)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"thaus.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068880/; classtype:trojan-activity;sid:83931980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068881)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068881/; classtype:trojan-activity;sid:83931981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068870)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068870/; classtype:trojan-activity;sid:83931970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068871)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"aefiabeuodbauobfafoebbf.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068871/; classtype:trojan-activity;sid:83931971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068872)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068872/; classtype:trojan-activity;sid:83931972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068866)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"thaus.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068866/; classtype:trojan-activity;sid:83931966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068867)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068867/; classtype:trojan-activity;sid:83931967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068868)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"thaus.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068868/; classtype:trojan-activity;sid:83931968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068869)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068869/; classtype:trojan-activity;sid:83931969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068855)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068855/; classtype:trojan-activity;sid:83931955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068856)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068856/; classtype:trojan-activity;sid:83931956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068857)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"thaus.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068857/; classtype:trojan-activity;sid:83931957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068858)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"fihsifuiiusuiuduf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068858/; classtype:trojan-activity;sid:83931958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068859)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068859/; classtype:trojan-activity;sid:83931959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068860)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068860/; classtype:trojan-activity;sid:83931960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068861)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"fihsifuiiusuiuduf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068861/; classtype:trojan-activity;sid:83931961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068862)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068862/; classtype:trojan-activity;sid:83931962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068863)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068863/; classtype:trojan-activity;sid:83931963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068864)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068864/; classtype:trojan-activity;sid:83931964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068865)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068865/; classtype:trojan-activity;sid:83931965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068850)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068850/; classtype:trojan-activity;sid:83931950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068851)"; flow:established,from_client; content:"GET"; http_method; content:"/delta_"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fihsifuiiusuiuduf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068851/; classtype:trojan-activity;sid:83931951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068852)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068852/; classtype:trojan-activity;sid:83931952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068853)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068853/; classtype:trojan-activity;sid:83931953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068854)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fihsifuiiusuiuduf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068854/; classtype:trojan-activity;sid:83931954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068826)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068826/; classtype:trojan-activity;sid:83931926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068827)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068827/; classtype:trojan-activity;sid:83931927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068828)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068828/; classtype:trojan-activity;sid:83931928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068829)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068829/; classtype:trojan-activity;sid:83931929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068830)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068830/; classtype:trojan-activity;sid:83931930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068831)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068831/; classtype:trojan-activity;sid:83931931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068832)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068832/; classtype:trojan-activity;sid:83931932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068833)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068833/; classtype:trojan-activity;sid:83931933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068834)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068834/; classtype:trojan-activity;sid:83931934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068835)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068835/; classtype:trojan-activity;sid:83931935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068836)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068836/; classtype:trojan-activity;sid:83931936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068837)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068837/; classtype:trojan-activity;sid:83931937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068838)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068838/; classtype:trojan-activity;sid:83931938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068839)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068839/; classtype:trojan-activity;sid:83931939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068840)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068840/; classtype:trojan-activity;sid:83931940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068841)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068841/; classtype:trojan-activity;sid:83931941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068842)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"aefiabeuodbauobfafoebbf.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068842/; classtype:trojan-activity;sid:83931942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068843)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068843/; classtype:trojan-activity;sid:83931943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068844)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068844/; classtype:trojan-activity;sid:83931944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068845)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aefiabeuodbauobfafoebbf.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068845/; classtype:trojan-activity;sid:83931945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068846)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068846/; classtype:trojan-activity;sid:83931946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068847)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aefiabeuodbauobfafoebbf.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068847/; classtype:trojan-activity;sid:83931947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068848)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068848/; classtype:trojan-activity;sid:83931948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068849)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068849/; classtype:trojan-activity;sid:83931949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068825)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068825/; classtype:trojan-activity;sid:83931925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068821)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068821/; classtype:trojan-activity;sid:83931921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068822)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068822/; classtype:trojan-activity;sid:83931922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.59.107.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068823/; classtype:trojan-activity;sid:83931923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068824)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068824/; classtype:trojan-activity;sid:83931924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068820)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068820/; classtype:trojan-activity;sid:83931920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068803)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068803/; classtype:trojan-activity;sid:83931903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068804)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068804/; classtype:trojan-activity;sid:83931904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068805)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068805/; classtype:trojan-activity;sid:83931905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068806)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068806/; classtype:trojan-activity;sid:83931906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068807)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fihsifuiiusuiuduf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068807/; classtype:trojan-activity;sid:83931907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068808)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aefiabeuodbauobfafoebbf.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068808/; classtype:trojan-activity;sid:83931908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068809)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068809/; classtype:trojan-activity;sid:83931909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068810)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"thaus.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068810/; classtype:trojan-activity;sid:83931910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068811)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068811/; classtype:trojan-activity;sid:83931911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068812)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068812/; classtype:trojan-activity;sid:83931912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068813)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068813/; classtype:trojan-activity;sid:83931913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068814)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068814/; classtype:trojan-activity;sid:83931914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068815)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068815/; classtype:trojan-activity;sid:83931915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068816)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"thaus.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068816/; classtype:trojan-activity;sid:83931916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068817)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aefiabeuodbauobfafoebbf.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068817/; classtype:trojan-activity;sid:83931917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068818)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"thaus.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068818/; classtype:trojan-activity;sid:83931918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068819)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068819/; classtype:trojan-activity;sid:83931919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068797)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aefiabeuodbauobfafoebbf.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068797/; classtype:trojan-activity;sid:83931897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068798)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068798/; classtype:trojan-activity;sid:83931898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068799)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"thaus.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068799/; classtype:trojan-activity;sid:83931899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068800)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068800/; classtype:trojan-activity;sid:83931900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068801)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068801/; classtype:trojan-activity;sid:83931901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068802)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"aefiabeuodbauobfafoebbf.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068802/; classtype:trojan-activity;sid:83931902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068791)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068791/; classtype:trojan-activity;sid:83931891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068792)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068792/; classtype:trojan-activity;sid:83931892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068793)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068793/; classtype:trojan-activity;sid:83931893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068794)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fihsifuiiusuiuduf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068794/; classtype:trojan-activity;sid:83931894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068795)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068795/; classtype:trojan-activity;sid:83931895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068796)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068796/; classtype:trojan-activity;sid:83931896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068783)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068783/; classtype:trojan-activity;sid:83931883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068784)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068784/; classtype:trojan-activity;sid:83931884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068785)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068785/; classtype:trojan-activity;sid:83931885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068786)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068786/; classtype:trojan-activity;sid:83931886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068787)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068787/; classtype:trojan-activity;sid:83931887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068788)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068788/; classtype:trojan-activity;sid:83931888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068789)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068789/; classtype:trojan-activity;sid:83931889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068790)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"thaus.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068790/; classtype:trojan-activity;sid:83931890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068771)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068771/; classtype:trojan-activity;sid:83931871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068772)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068772/; classtype:trojan-activity;sid:83931872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068773)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068773/; classtype:trojan-activity;sid:83931873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068774)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068774/; classtype:trojan-activity;sid:83931874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068775)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068775/; classtype:trojan-activity;sid:83931875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068776)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068776/; classtype:trojan-activity;sid:83931876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068777)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"fihsifuiiusuiuduf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068777/; classtype:trojan-activity;sid:83931877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068778)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068778/; classtype:trojan-activity;sid:83931878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068779)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068779/; classtype:trojan-activity;sid:83931879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068780)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068780/; classtype:trojan-activity;sid:83931880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068781)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068781/; classtype:trojan-activity;sid:83931881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068782)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068782/; classtype:trojan-activity;sid:83931882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068766)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068766/; classtype:trojan-activity;sid:83931866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068767)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"fihsifuiiusuiuduf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068767/; classtype:trojan-activity;sid:83931867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068768)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068768/; classtype:trojan-activity;sid:83931868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068769)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068769/; classtype:trojan-activity;sid:83931869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068770)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068770/; classtype:trojan-activity;sid:83931870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068758)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068758/; classtype:trojan-activity;sid:83931858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068759)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068759/; classtype:trojan-activity;sid:83931859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068760)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fihsifuiiusuiuduf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068760/; classtype:trojan-activity;sid:83931860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068761)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aefiabeuodbauobfafoebbf.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068761/; classtype:trojan-activity;sid:83931861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068762)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068762/; classtype:trojan-activity;sid:83931862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068763)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"fihsifuiiusuiuduf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068763/; classtype:trojan-activity;sid:83931863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068764)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"thaus.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068764/; classtype:trojan-activity;sid:83931864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068765)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068765/; classtype:trojan-activity;sid:83931865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068755)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068755/; classtype:trojan-activity;sid:83931855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068756)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068756/; classtype:trojan-activity;sid:83931856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068757)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068757/; classtype:trojan-activity;sid:83931857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068748)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068748/; classtype:trojan-activity;sid:83931848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068749)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068749/; classtype:trojan-activity;sid:83931849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068750)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068750/; classtype:trojan-activity;sid:83931850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068751)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"thaus.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068751/; classtype:trojan-activity;sid:83931851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068752)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"thaus.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068752/; classtype:trojan-activity;sid:83931852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068753)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068753/; classtype:trojan-activity;sid:83931853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068754)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068754/; classtype:trojan-activity;sid:83931854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068743)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068743/; classtype:trojan-activity;sid:83931843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068744)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"thaus.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068744/; classtype:trojan-activity;sid:83931844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068745)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068745/; classtype:trojan-activity;sid:83931845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068746)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068746/; classtype:trojan-activity;sid:83931846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068747)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068747/; classtype:trojan-activity;sid:83931847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068731)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068731/; classtype:trojan-activity;sid:83931831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068732)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aefiabeuodbauobfafoebbf.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068732/; classtype:trojan-activity;sid:83931832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068733)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068733/; classtype:trojan-activity;sid:83931833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068734)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068734/; classtype:trojan-activity;sid:83931834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068735)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068735/; classtype:trojan-activity;sid:83931835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068736)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068736/; classtype:trojan-activity;sid:83931836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068737)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068737/; classtype:trojan-activity;sid:83931837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068738)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068738/; classtype:trojan-activity;sid:83931838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068739)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068739/; classtype:trojan-activity;sid:83931839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068740)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068740/; classtype:trojan-activity;sid:83931840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068741)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068741/; classtype:trojan-activity;sid:83931841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068742)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aefiabeuodbauobfafoebbf.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068742/; classtype:trojan-activity;sid:83931842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068721)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"thaus.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068721/; classtype:trojan-activity;sid:83931821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068722)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"fihsifuiiusuiuduf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068722/; classtype:trojan-activity;sid:83931822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068723)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068723/; classtype:trojan-activity;sid:83931823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068724)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068724/; classtype:trojan-activity;sid:83931824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068725)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068725/; classtype:trojan-activity;sid:83931825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068726)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068726/; classtype:trojan-activity;sid:83931826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068727)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068727/; classtype:trojan-activity;sid:83931827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068728)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068728/; classtype:trojan-activity;sid:83931828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068729)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068729/; classtype:trojan-activity;sid:83931829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068730)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068730/; classtype:trojan-activity;sid:83931830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068719)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068719/; classtype:trojan-activity;sid:83931819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068720)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aefiabeuodbauobfafoebbf.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068720/; classtype:trojan-activity;sid:83931820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068714)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068714/; classtype:trojan-activity;sid:83931814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068715)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"fihsifuiiusuiuduf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068715/; classtype:trojan-activity;sid:83931815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068716)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aefiabeuodbauobfafoebbf.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068716/; classtype:trojan-activity;sid:83931816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068717)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068717/; classtype:trojan-activity;sid:83931817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068718)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068718/; classtype:trojan-activity;sid:83931818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068704)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068704/; classtype:trojan-activity;sid:83931804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068705)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"thaus.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068705/; classtype:trojan-activity;sid:83931805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068706)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068706/; classtype:trojan-activity;sid:83931806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068707)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068707/; classtype:trojan-activity;sid:83931807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068708)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"fihsifuiiusuiuduf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068708/; classtype:trojan-activity;sid:83931808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068709)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aefiabeuodbauobfafoebbf.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068709/; classtype:trojan-activity;sid:83931809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068710)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068710/; classtype:trojan-activity;sid:83931810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068711)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068711/; classtype:trojan-activity;sid:83931811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068712)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068712/; classtype:trojan-activity;sid:83931812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068713)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068713/; classtype:trojan-activity;sid:83931813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068698)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068698/; classtype:trojan-activity;sid:83931798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068699)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068699/; classtype:trojan-activity;sid:83931799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068700)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068700/; classtype:trojan-activity;sid:83931800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068701)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068701/; classtype:trojan-activity;sid:83931801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068702)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068702/; classtype:trojan-activity;sid:83931802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068703)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068703/; classtype:trojan-activity;sid:83931803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068691)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fihsifuiiusuiuduf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068691/; classtype:trojan-activity;sid:83931791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068692)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068692/; classtype:trojan-activity;sid:83931792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068693)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068693/; classtype:trojan-activity;sid:83931793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068694)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068694/; classtype:trojan-activity;sid:83931794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068695)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068695/; classtype:trojan-activity;sid:83931795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068696)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068696/; classtype:trojan-activity;sid:83931796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068697)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"fihsifuiiusuiuduf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068697/; classtype:trojan-activity;sid:83931797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068683)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068683/; classtype:trojan-activity;sid:83931783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068684)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fihsifuiiusuiuduf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068684/; classtype:trojan-activity;sid:83931784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068685)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068685/; classtype:trojan-activity;sid:83931785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068686)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068686/; classtype:trojan-activity;sid:83931786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068687)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068687/; classtype:trojan-activity;sid:83931787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068688)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068688/; classtype:trojan-activity;sid:83931788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068689)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aefiabeuodbauobfafoebbf.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068689/; classtype:trojan-activity;sid:83931789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068690)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068690/; classtype:trojan-activity;sid:83931790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068678)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"thaus.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068678/; classtype:trojan-activity;sid:83931778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068679)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068679/; classtype:trojan-activity;sid:83931779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068680)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068680/; classtype:trojan-activity;sid:83931780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068681)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068681/; classtype:trojan-activity;sid:83931781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068682)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"thaus.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068682/; classtype:trojan-activity;sid:83931782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068668)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068668/; classtype:trojan-activity;sid:83931768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068669)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068669/; classtype:trojan-activity;sid:83931769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068670)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fihsifuiiusuiuduf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068670/; classtype:trojan-activity;sid:83931770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068671)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"fihsifuiiusuiuduf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068671/; classtype:trojan-activity;sid:83931771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068672)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"thaus.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068672/; classtype:trojan-activity;sid:83931772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068673)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068673/; classtype:trojan-activity;sid:83931773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068674)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068674/; classtype:trojan-activity;sid:83931774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068675)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068675/; classtype:trojan-activity;sid:83931775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068676)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"thaus.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068676/; classtype:trojan-activity;sid:83931776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068677)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068677/; classtype:trojan-activity;sid:83931777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068661)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068661/; classtype:trojan-activity;sid:83931761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068662)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068662/; classtype:trojan-activity;sid:83931762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068663)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068663/; classtype:trojan-activity;sid:83931763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068664)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068664/; classtype:trojan-activity;sid:83931764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068665)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fihsifuiiusuiuduf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068665/; classtype:trojan-activity;sid:83931765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068666)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068666/; classtype:trojan-activity;sid:83931766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068667)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068667/; classtype:trojan-activity;sid:83931767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068656)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068656/; classtype:trojan-activity;sid:83931756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068657)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"fihsifuiiusuiuduf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068657/; classtype:trojan-activity;sid:83931757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068658)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068658/; classtype:trojan-activity;sid:83931758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068659)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068659/; classtype:trojan-activity;sid:83931759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068660)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068660/; classtype:trojan-activity;sid:83931760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068644)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068644/; classtype:trojan-activity;sid:83931744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068645)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068645/; classtype:trojan-activity;sid:83931745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068646)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068646/; classtype:trojan-activity;sid:83931746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068647)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068647/; classtype:trojan-activity;sid:83931747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068648)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aefiabeuodbauobfafoebbf.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068648/; classtype:trojan-activity;sid:83931748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068649)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068649/; classtype:trojan-activity;sid:83931749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068650)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068650/; classtype:trojan-activity;sid:83931750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068651)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aefiabeuodbauobfafoebbf.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068651/; classtype:trojan-activity;sid:83931751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068652)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068652/; classtype:trojan-activity;sid:83931752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068653)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"fihsifuiiusuiuduf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068653/; classtype:trojan-activity;sid:83931753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068654)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"thaus.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068654/; classtype:trojan-activity;sid:83931754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068655)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068655/; classtype:trojan-activity;sid:83931755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068640)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068640/; classtype:trojan-activity;sid:83931740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068641)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"thaus.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068641/; classtype:trojan-activity;sid:83931741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068642)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068642/; classtype:trojan-activity;sid:83931742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068643)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068643/; classtype:trojan-activity;sid:83931743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068639)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068639/; classtype:trojan-activity;sid:83931739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068638)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aefiabeuodbauobfafoebbf.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068638/; classtype:trojan-activity;sid:83931738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068635)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aefiabeuodbauobfafoebbf.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068635/; classtype:trojan-activity;sid:83931735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.151.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068636/; classtype:trojan-activity;sid:83931736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068637)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aefiabeuodbauobfafoebbf.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068637/; classtype:trojan-activity;sid:83931737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068634)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aefiabeuodbauobfafoebbf.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068634/; classtype:trojan-activity;sid:83931734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.251.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068632/; classtype:trojan-activity;sid:83931732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068633)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.80.196.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068633/; classtype:trojan-activity;sid:83931733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068631)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.157.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068631/; classtype:trojan-activity;sid:83931731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068630)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.66.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068630/; classtype:trojan-activity;sid:83931730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068628)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068628/; classtype:trojan-activity;sid:83931728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068629)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.16.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068629/; classtype:trojan-activity;sid:83931729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068625)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.98.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068625/; classtype:trojan-activity;sid:83931725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.11.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068626/; classtype:trojan-activity;sid:83931726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068627)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.12.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068627/; classtype:trojan-activity;sid:83931727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068624)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.163.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068624/; classtype:trojan-activity;sid:83931724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.104.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068623/; classtype:trojan-activity;sid:83931723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068622)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.136.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068622/; classtype:trojan-activity;sid:83931722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.31.247.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068621/; classtype:trojan-activity;sid:83931721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.22.110.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068620/; classtype:trojan-activity;sid:83931720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068619/; classtype:trojan-activity;sid:83931719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.198.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068618/; classtype:trojan-activity;sid:83931718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068608)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068608/; classtype:trojan-activity;sid:83931708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068609)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068609/; classtype:trojan-activity;sid:83931709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068610)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068610/; classtype:trojan-activity;sid:83931710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068611)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068611/; classtype:trojan-activity;sid:83931711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068612)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068612/; classtype:trojan-activity;sid:83931712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068613)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068613/; classtype:trojan-activity;sid:83931713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068614)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068614/; classtype:trojan-activity;sid:83931714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068615)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068615/; classtype:trojan-activity;sid:83931715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068616)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068616/; classtype:trojan-activity;sid:83931716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068617)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068617/; classtype:trojan-activity;sid:83931717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068601)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068601/; classtype:trojan-activity;sid:83931701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068602)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068602/; classtype:trojan-activity;sid:83931702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068603)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068603/; classtype:trojan-activity;sid:83931703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068604)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068604/; classtype:trojan-activity;sid:83931704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068605)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068605/; classtype:trojan-activity;sid:83931705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068606)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068606/; classtype:trojan-activity;sid:83931706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068607)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068607/; classtype:trojan-activity;sid:83931707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068600)"; flow:established,from_client; content:"GET"; http_method; content:"/inf"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068600/; classtype:trojan-activity;sid:83931700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068599)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068599/; classtype:trojan-activity;sid:83931699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068595)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068595/; classtype:trojan-activity;sid:83931695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068598)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068598/; classtype:trojan-activity;sid:83931698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068587)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068587/; classtype:trojan-activity;sid:83931687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068591)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068591/; classtype:trojan-activity;sid:83931691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068592)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068592/; classtype:trojan-activity;sid:83931692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068593)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068593/; classtype:trojan-activity;sid:83931693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068594)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068594/; classtype:trojan-activity;sid:83931694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068579)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068579/; classtype:trojan-activity;sid:83931679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068581)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068581/; classtype:trojan-activity;sid:83931681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068583)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068583/; classtype:trojan-activity;sid:83931683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068584)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068584/; classtype:trojan-activity;sid:83931684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068586)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068586/; classtype:trojan-activity;sid:83931686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068572)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068572/; classtype:trojan-activity;sid:83931672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.131.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068573/; classtype:trojan-activity;sid:83931673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068574)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068574/; classtype:trojan-activity;sid:83931674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068560)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068560/; classtype:trojan-activity;sid:83931660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068561)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068561/; classtype:trojan-activity;sid:83931661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068563)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068563/; classtype:trojan-activity;sid:83931663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068564)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068564/; classtype:trojan-activity;sid:83931664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068566)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068566/; classtype:trojan-activity;sid:83931666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068569)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068569/; classtype:trojan-activity;sid:83931669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068570)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068570/; classtype:trojan-activity;sid:83931670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068558)"; flow:established,from_client; content:"GET"; http_method; content:"/inf"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068558/; classtype:trojan-activity;sid:83931658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068557/; classtype:trojan-activity;sid:83931657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068553)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/decryptjohn.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068553/; classtype:trojan-activity;sid:83931653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068554)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/server.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068554/; classtype:trojan-activity;sid:83931654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068555)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dccrypt.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068555/; classtype:trojan-activity;sid:83931655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.153.109.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068556/; classtype:trojan-activity;sid:83931656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068552)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build_2024-07-25_20-56.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.215.113.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068552/; classtype:trojan-activity;sid:83931652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068548)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068548/; classtype:trojan-activity;sid:83931648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.90.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068549/; classtype:trojan-activity;sid:83931649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068550)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068550/; classtype:trojan-activity;sid:83931650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068551)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068551/; classtype:trojan-activity;sid:83931651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068537)"; flow:established,from_client; content:"GET"; http_method; content:"/pi.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068537/; classtype:trojan-activity;sid:83931637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068538)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068538/; classtype:trojan-activity;sid:83931638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068539)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068539/; classtype:trojan-activity;sid:83931639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068540)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068540/; classtype:trojan-activity;sid:83931640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068541)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068541/; classtype:trojan-activity;sid:83931641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068542)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068542/; classtype:trojan-activity;sid:83931642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068543)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068543/; classtype:trojan-activity;sid:83931643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068544)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068544/; classtype:trojan-activity;sid:83931644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068545)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068545/; classtype:trojan-activity;sid:83931645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068546)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068546/; classtype:trojan-activity;sid:83931646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068547)"; flow:established,from_client; content:"GET"; http_method; content:"/t2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068547/; classtype:trojan-activity;sid:83931647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068534)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068534/; classtype:trojan-activity;sid:83931634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068535)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068535/; classtype:trojan-activity;sid:83931635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068536)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068536/; classtype:trojan-activity;sid:83931636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068533)"; flow:established,from_client; content:"GET"; http_method; content:"/inf"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068533/; classtype:trojan-activity;sid:83931633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068532)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.178.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068532/; classtype:trojan-activity;sid:83931632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068531)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.10.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068531/; classtype:trojan-activity;sid:83931631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.241.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068530/; classtype:trojan-activity;sid:83931630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.151.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068529/; classtype:trojan-activity;sid:83931629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068510)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.67.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068510/; classtype:trojan-activity;sid:83931610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068509)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.212.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068509/; classtype:trojan-activity;sid:83931609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068508)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.213.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068508/; classtype:trojan-activity;sid:83931608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.67.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068507/; classtype:trojan-activity;sid:83931607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.118.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068505/; classtype:trojan-activity;sid:83931605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.242.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068506/; classtype:trojan-activity;sid:83931606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.187.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068504/; classtype:trojan-activity;sid:83931604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.92.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068503/; classtype:trojan-activity;sid:83931603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.251.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068502/; classtype:trojan-activity;sid:83931602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.22.110.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068501/; classtype:trojan-activity;sid:83931601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068499)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.54.98.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068499/; classtype:trojan-activity;sid:83931599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068500)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.237.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068500/; classtype:trojan-activity;sid:83931600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.168.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068498/; classtype:trojan-activity;sid:83931598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.225.106.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068497/; classtype:trojan-activity;sid:83931597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.221.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068496/; classtype:trojan-activity;sid:83931596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.182.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068495/; classtype:trojan-activity;sid:83931595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.8.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068494/; classtype:trojan-activity;sid:83931594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.86.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068493/; classtype:trojan-activity;sid:83931593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068492/; classtype:trojan-activity;sid:83931592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.212.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068491/; classtype:trojan-activity;sid:83931591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068489)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"tsrv1.ws"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068489/; classtype:trojan-activity;sid:83931589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.241.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068490/; classtype:trojan-activity;sid:83931590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.94.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068488/; classtype:trojan-activity;sid:83931588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068486)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.137.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068486/; classtype:trojan-activity;sid:83931586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068487)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068487/; classtype:trojan-activity;sid:83931587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.237.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068485/; classtype:trojan-activity;sid:83931585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.254.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068484/; classtype:trojan-activity;sid:83931584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068483)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.187.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068483/; classtype:trojan-activity;sid:83931583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.182.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068482/; classtype:trojan-activity;sid:83931582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.20.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068481/; classtype:trojan-activity;sid:83931581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.215.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068479/; classtype:trojan-activity;sid:83931579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.92.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068480/; classtype:trojan-activity;sid:83931580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.36.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068478/; classtype:trojan-activity;sid:83931578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068477)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.133.79.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068477/; classtype:trojan-activity;sid:83931577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.237.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068475/; classtype:trojan-activity;sid:83931575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.170.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068476/; classtype:trojan-activity;sid:83931576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068474)"; flow:established,from_client; content:"GET"; http_method; content:"/zti/hot.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"remisat.com.uy"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068474/; classtype:trojan-activity;sid:83931574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068473)"; flow:established,from_client; content:"GET"; http_method; content:"/abincontents/sthdytjdtuoigfyuqurbjzksbfgbshbfabirgtrht/ioihirabgbrdhbgwhkebgrsryftsevrfsyubkhabvyrgbksdtg/display1.exe"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"94.156.67.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068473/; classtype:trojan-activity;sid:83931573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.168.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068472/; classtype:trojan-activity;sid:83931572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.106.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068471/; classtype:trojan-activity;sid:83931571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.199.110.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068470/; classtype:trojan-activity;sid:83931570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.8.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068469/; classtype:trojan-activity;sid:83931569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068466)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/bn/recreatednewthingswithentrienewprocesswhichwedidwithouthavingsuchagereatthigstodoever_______greatthingstohappened.doc"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"104.219.239.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068466/; classtype:trojan-activity;sid:83931566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.175.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068467/; classtype:trojan-activity;sid:83931567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068468)"; flow:established,from_client; content:"GET"; http_method; content:"/80/winiti.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"104.219.239.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068468/; classtype:trojan-activity;sid:83931568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.185.140.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068465/; classtype:trojan-activity;sid:83931565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.50.57.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068464/; classtype:trojan-activity;sid:83931564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068463)"; flow:established,from_client; content:"GET"; http_method; content:"/mine/enter.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068463/; classtype:trojan-activity;sid:83931563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.131.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068462/; classtype:trojan-activity;sid:83931562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.225.106.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068461/; classtype:trojan-activity;sid:83931561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"38.137.248.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068460/; classtype:trojan-activity;sid:83931560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.16.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068459/; classtype:trojan-activity;sid:83931559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.12.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068457/; classtype:trojan-activity;sid:83931557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.86.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068458/; classtype:trojan-activity;sid:83931558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.214.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068456/; classtype:trojan-activity;sid:83931556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.180.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068455/; classtype:trojan-activity;sid:83931555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.237.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068454/; classtype:trojan-activity;sid:83931554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.137.248.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068453/; classtype:trojan-activity;sid:83931553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068452)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.3.133"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068452/; classtype:trojan-activity;sid:83931552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068451)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.110.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068451/; classtype:trojan-activity;sid:83931551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068450)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.157.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068450/; classtype:trojan-activity;sid:83931550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068449)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068449/; classtype:trojan-activity;sid:83931549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.246.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068448/; classtype:trojan-activity;sid:83931548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.253.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068446/; classtype:trojan-activity;sid:83931546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068447/; classtype:trojan-activity;sid:83931547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.181.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068445/; classtype:trojan-activity;sid:83931545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.20.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068444/; classtype:trojan-activity;sid:83931544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.43.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068443/; classtype:trojan-activity;sid:83931543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.64.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068441/; classtype:trojan-activity;sid:83931541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.215.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068442/; classtype:trojan-activity;sid:83931542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.16.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068440/; classtype:trojan-activity;sid:83931540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.170.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068439/; classtype:trojan-activity;sid:83931539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.63.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068437/; classtype:trojan-activity;sid:83931537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.117.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068438/; classtype:trojan-activity;sid:83931538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.112.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068436/; classtype:trojan-activity;sid:83931536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.176.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068435/; classtype:trojan-activity;sid:83931535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.202.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068434/; classtype:trojan-activity;sid:83931534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.161.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068433/; classtype:trojan-activity;sid:83931533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068432)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.68.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068432/; classtype:trojan-activity;sid:83931532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068431)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068431/; classtype:trojan-activity;sid:83931531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.243.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068430/; classtype:trojan-activity;sid:83931530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.244.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068429/; classtype:trojan-activity;sid:83931529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.240.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068427/; classtype:trojan-activity;sid:83931527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"160.176.213.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068428/; classtype:trojan-activity;sid:83931528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.12.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068426/; classtype:trojan-activity;sid:83931526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.193.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068425/; classtype:trojan-activity;sid:83931525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.175.161.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068424/; classtype:trojan-activity;sid:83931524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.167.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068423/; classtype:trojan-activity;sid:83931523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.24.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068422/; classtype:trojan-activity;sid:83931522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.246.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068421/; classtype:trojan-activity;sid:83931521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.121.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068420/; classtype:trojan-activity;sid:83931520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.136.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068419/; classtype:trojan-activity;sid:83931519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.176.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068418/; classtype:trojan-activity;sid:83931518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068417)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.170.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068417/; classtype:trojan-activity;sid:83931517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.63.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068415/; classtype:trojan-activity;sid:83931515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068416)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.54.123.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068416/; classtype:trojan-activity;sid:83931516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.243.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068414/; classtype:trojan-activity;sid:83931514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068413)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.31.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068413/; classtype:trojan-activity;sid:83931513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068412)"; flow:established,from_client; content:"GET"; http_method; content:"/soka/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068412/; classtype:trojan-activity;sid:83931512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068410)"; flow:established,from_client; content:"GET"; http_method; content:"/stealc/random.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068410/; classtype:trojan-activity;sid:83931510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068411)"; flow:established,from_client; content:"GET"; http_method; content:"/mine/enter.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068411/; classtype:trojan-activity;sid:83931511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.12.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068409/; classtype:trojan-activity;sid:83931509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.106.65.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068408/; classtype:trojan-activity;sid:83931508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.234.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068407/; classtype:trojan-activity;sid:83931507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.106.65.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068406/; classtype:trojan-activity;sid:83931506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.175.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068404/; classtype:trojan-activity;sid:83931504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.172.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068405/; classtype:trojan-activity;sid:83931505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.50.57.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068400/; classtype:trojan-activity;sid:83931500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.119.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068401/; classtype:trojan-activity;sid:83931501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.253.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068402/; classtype:trojan-activity;sid:83931502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068403)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.190.230.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068403/; classtype:trojan-activity;sid:83931503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.153.208.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068399/; classtype:trojan-activity;sid:83931499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.137.248.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068398/; classtype:trojan-activity;sid:83931498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.117.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068397/; classtype:trojan-activity;sid:83931497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.112.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068396/; classtype:trojan-activity;sid:83931496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.70.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068395/; classtype:trojan-activity;sid:83931495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.50.187.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068394/; classtype:trojan-activity;sid:83931494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.83.90.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068393/; classtype:trojan-activity;sid:83931493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.70.25.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068392/; classtype:trojan-activity;sid:83931492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.2.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068391/; classtype:trojan-activity;sid:83931491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.176.213.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068390/; classtype:trojan-activity;sid:83931490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.207.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068389/; classtype:trojan-activity;sid:83931489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068388)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.39.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068388/; classtype:trojan-activity;sid:83931488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068387)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.13.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068387/; classtype:trojan-activity;sid:83931487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068386/; classtype:trojan-activity;sid:83931486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.159.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068385/; classtype:trojan-activity;sid:83931485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.176.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068384/; classtype:trojan-activity;sid:83931484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.136.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068383/; classtype:trojan-activity;sid:83931483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.122.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068382/; classtype:trojan-activity;sid:83931482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.175.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068381/; classtype:trojan-activity;sid:83931481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.50.187.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068380/; classtype:trojan-activity;sid:83931480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.10.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068379/; classtype:trojan-activity;sid:83931479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.29.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068378/; classtype:trojan-activity;sid:83931478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.34.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068377/; classtype:trojan-activity;sid:83931477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.119.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068376/; classtype:trojan-activity;sid:83931476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.13.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068375/; classtype:trojan-activity;sid:83931475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.187.83.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068374/; classtype:trojan-activity;sid:83931474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.83.90.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068373/; classtype:trojan-activity;sid:83931473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.192.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068372/; classtype:trojan-activity;sid:83931472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.125.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068371/; classtype:trojan-activity;sid:83931471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.22.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068370/; classtype:trojan-activity;sid:83931470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.247.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068369/; classtype:trojan-activity;sid:83931469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.16.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068368/; classtype:trojan-activity;sid:83931468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.232.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068367/; classtype:trojan-activity;sid:83931467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.71.32.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068366/; classtype:trojan-activity;sid:83931466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.207.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068365/; classtype:trojan-activity;sid:83931465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.46.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068364/; classtype:trojan-activity;sid:83931464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068363)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.169.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068363/; classtype:trojan-activity;sid:83931463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068362)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.211.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068362/; classtype:trojan-activity;sid:83931462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068361)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.144.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068361/; classtype:trojan-activity;sid:83931461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.244.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068359/; classtype:trojan-activity;sid:83931459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.10.146.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068360/; classtype:trojan-activity;sid:83931460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.198.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068358/; classtype:trojan-activity;sid:83931458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.51.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068357/; classtype:trojan-activity;sid:83931457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.240.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068356/; classtype:trojan-activity;sid:83931456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.184.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068355/; classtype:trojan-activity;sid:83931455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.68.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068354/; classtype:trojan-activity;sid:83931454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068351)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dccrypt.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068351/; classtype:trojan-activity;sid:83931451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068352)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/decryptjohn.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068352/; classtype:trojan-activity;sid:83931452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068353)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/server.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068353/; classtype:trojan-activity;sid:83931453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.152.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068349/; classtype:trojan-activity;sid:83931449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068350)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build_2024-07-25_20-56.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068350/; classtype:trojan-activity;sid:83931450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.99.18.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068348/; classtype:trojan-activity;sid:83931448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068347)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.107.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068347/; classtype:trojan-activity;sid:83931447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.117.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068346/; classtype:trojan-activity;sid:83931446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.237.109.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068345/; classtype:trojan-activity;sid:83931445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068342)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.35.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068342/; classtype:trojan-activity;sid:83931442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068343)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.122.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068343/; classtype:trojan-activity;sid:83931443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068344)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.186.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068344/; classtype:trojan-activity;sid:83931444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068341)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.123.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068341/; classtype:trojan-activity;sid:83931441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068340)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.222.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068340/; classtype:trojan-activity;sid:83931440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.34.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068339/; classtype:trojan-activity;sid:83931439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068338)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.46.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068338/; classtype:trojan-activity;sid:83931438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.80.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068337/; classtype:trojan-activity;sid:83931437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.13.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068336/; classtype:trojan-activity;sid:83931436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.164.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068335/; classtype:trojan-activity;sid:83931435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.192.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068334/; classtype:trojan-activity;sid:83931434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.247.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068333/; classtype:trojan-activity;sid:83931433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.125.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068332/; classtype:trojan-activity;sid:83931432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.240.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068331/; classtype:trojan-activity;sid:83931431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.246.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068330/; classtype:trojan-activity;sid:83931430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.187.83.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068329/; classtype:trojan-activity;sid:83931429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.233.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068328/; classtype:trojan-activity;sid:83931428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.203.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068327/; classtype:trojan-activity;sid:83931427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.232.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068325/; classtype:trojan-activity;sid:83931425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.214.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068326/; classtype:trojan-activity;sid:83931426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.122.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068323/; classtype:trojan-activity;sid:83931423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.32.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068324/; classtype:trojan-activity;sid:83931424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.174.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068322/; classtype:trojan-activity;sid:83931422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068321)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.80.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068321/; classtype:trojan-activity;sid:83931421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068320)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.212.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068320/; classtype:trojan-activity;sid:83931420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068319)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.38.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068319/; classtype:trojan-activity;sid:83931419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.184.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068318/; classtype:trojan-activity;sid:83931418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.84.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068316/; classtype:trojan-activity;sid:83931416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068317)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.148.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068317/; classtype:trojan-activity;sid:83931417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.22.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068314/; classtype:trojan-activity;sid:83931414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.211.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068315/; classtype:trojan-activity;sid:83931415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.240.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068313/; classtype:trojan-activity;sid:83931413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.152.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068312/; classtype:trojan-activity;sid:83931412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068311)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.102.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068311/; classtype:trojan-activity;sid:83931411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.83.168.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068310/; classtype:trojan-activity;sid:83931410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.99.18.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068309/; classtype:trojan-activity;sid:83931409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.113.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068308/; classtype:trojan-activity;sid:83931408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068307)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.224.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068307/; classtype:trojan-activity;sid:83931407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068306)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.66.68.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068306/; classtype:trojan-activity;sid:83931406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068305)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.62.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068305/; classtype:trojan-activity;sid:83931405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.75.255.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068304/; classtype:trojan-activity;sid:83931404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068303)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.72.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068303/; classtype:trojan-activity;sid:83931403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068302)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.150.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068302/; classtype:trojan-activity;sid:83931402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.140.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068301/; classtype:trojan-activity;sid:83931401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.83.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068299/; classtype:trojan-activity;sid:83931399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068300)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.172.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068300/; classtype:trojan-activity;sid:83931400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.80.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068298/; classtype:trojan-activity;sid:83931398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.255.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068297/; classtype:trojan-activity;sid:83931397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.49.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068296/; classtype:trojan-activity;sid:83931396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.10.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068294/; classtype:trojan-activity;sid:83931394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.241.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068295/; classtype:trojan-activity;sid:83931395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.163.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068293/; classtype:trojan-activity;sid:83931393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.214.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068292/; classtype:trojan-activity;sid:83931392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.233.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068291/; classtype:trojan-activity;sid:83931391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.122.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068290/; classtype:trojan-activity;sid:83931390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.120.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068289/; classtype:trojan-activity;sid:83931389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.32.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068288/; classtype:trojan-activity;sid:83931388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068287)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.242.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068287/; classtype:trojan-activity;sid:83931387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068286)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.153.208.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068286/; classtype:trojan-activity;sid:83931386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068285)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.210.221.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068285/; classtype:trojan-activity;sid:83931385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.84.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068284/; classtype:trojan-activity;sid:83931384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.117.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068283/; classtype:trojan-activity;sid:83931383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.8.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068281/; classtype:trojan-activity;sid:83931381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.231.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068282/; classtype:trojan-activity;sid:83931382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.223.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068280/; classtype:trojan-activity;sid:83931380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.243.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068279/; classtype:trojan-activity;sid:83931379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.39.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068278/; classtype:trojan-activity;sid:83931378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.200.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068277/; classtype:trojan-activity;sid:83931377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.191.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068276/; classtype:trojan-activity;sid:83931376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.231.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068275/; classtype:trojan-activity;sid:83931375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.117.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068274/; classtype:trojan-activity;sid:83931374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.248.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068273/; classtype:trojan-activity;sid:83931373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.83.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068272/; classtype:trojan-activity;sid:83931372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.249.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068271/; classtype:trojan-activity;sid:83931371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.75.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068270/; classtype:trojan-activity;sid:83931370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068269)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.14.57.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068269/; classtype:trojan-activity;sid:83931369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.241.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068266/; classtype:trojan-activity;sid:83931366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.242.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068267/; classtype:trojan-activity;sid:83931367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.183.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068268/; classtype:trojan-activity;sid:83931368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.23.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068265/; classtype:trojan-activity;sid:83931365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.5.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068263/; classtype:trojan-activity;sid:83931363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.125.117.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068264/; classtype:trojan-activity;sid:83931364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.168.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068262/; classtype:trojan-activity;sid:83931362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.66.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068261/; classtype:trojan-activity;sid:83931361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.39.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068260/; classtype:trojan-activity;sid:83931360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068259/; classtype:trojan-activity;sid:83931359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.8.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068258/; classtype:trojan-activity;sid:83931358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.138.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068257/; classtype:trojan-activity;sid:83931357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.243.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068256/; classtype:trojan-activity;sid:83931356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.223.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068255/; classtype:trojan-activity;sid:83931355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068254)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.201.139.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068254/; classtype:trojan-activity;sid:83931354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068253)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.201.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068253/; classtype:trojan-activity;sid:83931353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.39.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068252/; classtype:trojan-activity;sid:83931352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.212.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068251/; classtype:trojan-activity;sid:83931351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.164.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068250/; classtype:trojan-activity;sid:83931350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.47.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068249/; classtype:trojan-activity;sid:83931349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.185.140.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068247/; classtype:trojan-activity;sid:83931347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.91.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068248/; classtype:trojan-activity;sid:83931348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068246)"; flow:established,from_client; content:"GET"; http_method; content:"/dxjs.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ceeaapaint.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068246/; classtype:trojan-activity;sid:83931346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068245)"; flow:established,from_client; content:"GET"; http_method; content:"/ftsp.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ceeaapaint.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068245/; classtype:trojan-activity;sid:83931345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068243)"; flow:established,from_client; content:"GET"; http_method; content:"/jiopdssa.lnk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"ceeaapaint.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068243/; classtype:trojan-activity;sid:83931343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068244)"; flow:established,from_client; content:"GET"; http_method; content:"/kyvbsa.pdf"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ceeaapaint.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068244/; classtype:trojan-activity;sid:83931344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068242)"; flow:established,from_client; content:"GET"; http_method; content:"/e_sales_doc/e_sales_doc43032234647380921_pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"ceeaapaint.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068242/; classtype:trojan-activity;sid:83931342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068240)"; flow:established,from_client; content:"GET"; http_method; content:"/new.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ceeaapaint.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068240/; classtype:trojan-activity;sid:83931340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068241)"; flow:established,from_client; content:"GET"; http_method; content:"/startuppp.bat"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"ceeaapaint.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068241/; classtype:trojan-activity;sid:83931341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.64.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068239/; classtype:trojan-activity;sid:83931339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.75.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068238/; classtype:trojan-activity;sid:83931338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.160.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068237/; classtype:trojan-activity;sid:83931337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068236)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.19.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068236/; classtype:trojan-activity;sid:83931336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068235)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.81.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068235/; classtype:trojan-activity;sid:83931335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.41.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068233/; classtype:trojan-activity;sid:83931333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.23.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068234/; classtype:trojan-activity;sid:83931334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.222.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068232/; classtype:trojan-activity;sid:83931332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068231)"; flow:established,from_client; content:"GET"; http_method; content:"/t2507f/csrss.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"107.173.143.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068231/; classtype:trojan-activity;sid:83931331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068230)"; flow:established,from_client; content:"GET"; http_method; content:"/milli.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"darpexllc.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068230/; classtype:trojan-activity;sid:83931330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068227)"; flow:established,from_client; content:"GET"; http_method; content:"/milli.doc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"darpexllc.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068227/; classtype:trojan-activity;sid:83931327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.53.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068228/; classtype:trojan-activity;sid:83931328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068229)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/ebcd/eb/gdfvr.hta"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.92.245.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068229/; classtype:trojan-activity;sid:83931329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068226)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.176.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068226/; classtype:trojan-activity;sid:83931326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068225/; classtype:trojan-activity;sid:83931325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.239.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068224/; classtype:trojan-activity;sid:83931324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.36.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068223/; classtype:trojan-activity;sid:83931323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.249.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068222/; classtype:trojan-activity;sid:83931322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.245.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068221/; classtype:trojan-activity;sid:83931321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.43.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068220/; classtype:trojan-activity;sid:83931320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068219)"; flow:established,from_client; content:"GET"; http_method; content:"/36/simplebeautygirlfrndhaveforme.gif"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"192.227.225.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068219/; classtype:trojan-activity;sid:83931319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068218)"; flow:established,from_client; content:"GET"; http_method; content:"/36/hb/createdsimplethingstogetbackteachingentirethingsaroundtheworldtogetmebackwiththefreatgreatthings_____________sesheismygirlalwayssheismy.doc"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"192.227.225.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068218/; classtype:trojan-activity;sid:83931318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068217)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.142.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068217/; classtype:trojan-activity;sid:83931317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068216)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.133.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068216/; classtype:trojan-activity;sid:83931316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068214)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.218.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068214/; classtype:trojan-activity;sid:83931314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068215)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.250.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068215/; classtype:trojan-activity;sid:83931315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.255.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068213/; classtype:trojan-activity;sid:83931313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.178.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068212/; classtype:trojan-activity;sid:83931312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068211)"; flow:established,from_client; content:"GET"; http_method; content:"/pages/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"51.77.140.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068211/; classtype:trojan-activity;sid:83931311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068210)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.232.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068210/; classtype:trojan-activity;sid:83931310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068209/; classtype:trojan-activity;sid:83931309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.185.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068208/; classtype:trojan-activity;sid:83931308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.120.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068207/; classtype:trojan-activity;sid:83931307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.91.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068206/; classtype:trojan-activity;sid:83931306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.115.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068205/; classtype:trojan-activity;sid:83931305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.195.130.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068204/; classtype:trojan-activity;sid:83931304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.203.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068203/; classtype:trojan-activity;sid:83931303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.232.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068202/; classtype:trojan-activity;sid:83931302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.41.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068201/; classtype:trojan-activity;sid:83931301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.10.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068200/; classtype:trojan-activity;sid:83931300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.9.159"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068199/; classtype:trojan-activity;sid:83931299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.177.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068198/; classtype:trojan-activity;sid:83931298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068197)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.202.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068197/; classtype:trojan-activity;sid:83931297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068196)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.237.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068196/; classtype:trojan-activity;sid:83931296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.202.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068195/; classtype:trojan-activity;sid:83931295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.53.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068194/; classtype:trojan-activity;sid:83931294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.57.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068193/; classtype:trojan-activity;sid:83931293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.166.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068192/; classtype:trojan-activity;sid:83931292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.222.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068191/; classtype:trojan-activity;sid:83931291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.43.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068190/; classtype:trojan-activity;sid:83931290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.33.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068189/; classtype:trojan-activity;sid:83931289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.11.58"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068188/; classtype:trojan-activity;sid:83931288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.136.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068186/; classtype:trojan-activity;sid:83931286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.239.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068187/; classtype:trojan-activity;sid:83931287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.87.255.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068185/; classtype:trojan-activity;sid:83931285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.57.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068184/; classtype:trojan-activity;sid:83931284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.73.143.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068183/; classtype:trojan-activity;sid:83931283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068182)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.117.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068182/; classtype:trojan-activity;sid:83931282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068181)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.83.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068181/; classtype:trojan-activity;sid:83931281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.178.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068180/; classtype:trojan-activity;sid:83931280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.167.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068179/; classtype:trojan-activity;sid:83931279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068178)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.171.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068178/; classtype:trojan-activity;sid:83931278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.241.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068177/; classtype:trojan-activity;sid:83931277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068176)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.168.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068176/; classtype:trojan-activity;sid:83931276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.247.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068175/; classtype:trojan-activity;sid:83931275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068174)"; flow:established,from_client; content:"GET"; http_method; content:"/5346347634735.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ratokalokm1.homelinux.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068174/; classtype:trojan-activity;sid:83931274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.148.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068173/; classtype:trojan-activity;sid:83931273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.115.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068172/; classtype:trojan-activity;sid:83931272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.76.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068171/; classtype:trojan-activity;sid:83931271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068170)"; flow:established,from_client; content:"GET"; http_method; content:"/mine/enter.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068170/; classtype:trojan-activity;sid:83931270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.10.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068169/; classtype:trojan-activity;sid:83931269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.72.181.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068168/; classtype:trojan-activity;sid:83931268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.71.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068167/; classtype:trojan-activity;sid:83931267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.209.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068166/; classtype:trojan-activity;sid:83931266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.195.130.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068165/; classtype:trojan-activity;sid:83931265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068162)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.222.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068162/; classtype:trojan-activity;sid:83931262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068163)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.118.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068163/; classtype:trojan-activity;sid:83931263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068164)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.215.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068164/; classtype:trojan-activity;sid:83931264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068161)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.190.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068161/; classtype:trojan-activity;sid:83931261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.10.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068158/; classtype:trojan-activity;sid:83931258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068159)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.60.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068159/; classtype:trojan-activity;sid:83931259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068160)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.41.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068160/; classtype:trojan-activity;sid:83931260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.101.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068157/; classtype:trojan-activity;sid:83931257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.87.255.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068156/; classtype:trojan-activity;sid:83931256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.85.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068155/; classtype:trojan-activity;sid:83931255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068154)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.205.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068154/; classtype:trojan-activity;sid:83931254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.112.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068152/; classtype:trojan-activity;sid:83931252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.168.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068153/; classtype:trojan-activity;sid:83931253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.202.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068151/; classtype:trojan-activity;sid:83931251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.73.143.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068150/; classtype:trojan-activity;sid:83931250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.11.58"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068149/; classtype:trojan-activity;sid:83931249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068148)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.15.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068148/; classtype:trojan-activity;sid:83931248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.101.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068147/; classtype:trojan-activity;sid:83931247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.5.21.61"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068146/; classtype:trojan-activity;sid:83931246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.106.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068145/; classtype:trojan-activity;sid:83931245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.79.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068144/; classtype:trojan-activity;sid:83931244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.239.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068143/; classtype:trojan-activity;sid:83931243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.71.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068142/; classtype:trojan-activity;sid:83931242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.157.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068141/; classtype:trojan-activity;sid:83931241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.175.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068140/; classtype:trojan-activity;sid:83931240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.122.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068139/; classtype:trojan-activity;sid:83931239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.255.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068138/; classtype:trojan-activity;sid:83931238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.227.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068137/; classtype:trojan-activity;sid:83931237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.169.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068136/; classtype:trojan-activity;sid:83931236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068134)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.132.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068134/; classtype:trojan-activity;sid:83931234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.10.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068135/; classtype:trojan-activity;sid:83931235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.172.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068132/; classtype:trojan-activity;sid:83931232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.79.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068133/; classtype:trojan-activity;sid:83931233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.214.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068131/; classtype:trojan-activity;sid:83931231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068128)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.80.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068128/; classtype:trojan-activity;sid:83931228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068129)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.164.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068129/; classtype:trojan-activity;sid:83931229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068130)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068130/; classtype:trojan-activity;sid:83931230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.97.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068127/; classtype:trojan-activity;sid:83931227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.222.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068126/; classtype:trojan-activity;sid:83931226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.178.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068125/; classtype:trojan-activity;sid:83931225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.31.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068124/; classtype:trojan-activity;sid:83931224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.253.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068123/; classtype:trojan-activity;sid:83931223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.166.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068121/; classtype:trojan-activity;sid:83931221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.14.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068122/; classtype:trojan-activity;sid:83931222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.208.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068120/; classtype:trojan-activity;sid:83931220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.112.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068119/; classtype:trojan-activity;sid:83931219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068117)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.248.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068117/; classtype:trojan-activity;sid:83931217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.18.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068118/; classtype:trojan-activity;sid:83931218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068116)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.39.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068116/; classtype:trojan-activity;sid:83931216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068115)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.85.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068115/; classtype:trojan-activity;sid:83931215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068114)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.111.75.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068114/; classtype:trojan-activity;sid:83931214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068113)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.87.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068113/; classtype:trojan-activity;sid:83931213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068112)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.185.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068112/; classtype:trojan-activity;sid:83931212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.174.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068111/; classtype:trojan-activity;sid:83931211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.5.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068110/; classtype:trojan-activity;sid:83931210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.175.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068109/; classtype:trojan-activity;sid:83931209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.8.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068108/; classtype:trojan-activity;sid:83931208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068106)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.79.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068106/; classtype:trojan-activity;sid:83931206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.71.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068107/; classtype:trojan-activity;sid:83931207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.120.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068105/; classtype:trojan-activity;sid:83931205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068103)"; flow:established,from_client; content:"GET"; http_method; content:"/tpdcxibqzqwm11.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"212.162.149.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068103/; classtype:trojan-activity;sid:83931203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068104)"; flow:established,from_client; content:"GET"; http_method; content:"/vcuxkjmaaitgqoawywbi205.bin"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"212.162.149.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068104/; classtype:trojan-activity;sid:83931204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.118.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068102/; classtype:trojan-activity;sid:83931202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.161.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068101/; classtype:trojan-activity;sid:83931201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.122.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068100/; classtype:trojan-activity;sid:83931200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.15.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068099/; classtype:trojan-activity;sid:83931199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.172.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068098/; classtype:trojan-activity;sid:83931198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.224.137.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068097/; classtype:trojan-activity;sid:83931197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.239.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068096/; classtype:trojan-activity;sid:83931196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.47.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068095/; classtype:trojan-activity;sid:83931195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068094)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.199.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068094/; classtype:trojan-activity;sid:83931194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068092/; classtype:trojan-activity;sid:83931192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.94.154.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068093/; classtype:trojan-activity;sid:83931193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068091/; classtype:trojan-activity;sid:83931191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.253.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068090/; classtype:trojan-activity;sid:83931190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.178.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068089/; classtype:trojan-activity;sid:83931189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.1.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068088/; classtype:trojan-activity;sid:83931188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.161.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068087/; classtype:trojan-activity;sid:83931187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.53.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068086/; classtype:trojan-activity;sid:83931186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.124.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068085/; classtype:trojan-activity;sid:83931185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.4.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068084/; classtype:trojan-activity;sid:83931184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.24.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068083/; classtype:trojan-activity;sid:83931183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.18.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068082/; classtype:trojan-activity;sid:83931182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068081)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068081/; classtype:trojan-activity;sid:83931181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068080)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.83.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068080/; classtype:trojan-activity;sid:83931180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.8.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068079/; classtype:trojan-activity;sid:83931179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.15.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068078/; classtype:trojan-activity;sid:83931178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068077)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.248.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068077/; classtype:trojan-activity;sid:83931177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068076)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.215.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068076/; classtype:trojan-activity;sid:83931176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.13.48.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068074/; classtype:trojan-activity;sid:83931174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.0.79.117"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068075/; classtype:trojan-activity;sid:83931175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.112.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068073/; classtype:trojan-activity;sid:83931173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068072)"; flow:established,from_client; content:"GET"; http_method; content:"/flappybird.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.195.26.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068072/; classtype:trojan-activity;sid:83931172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068071)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.121.3.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068071/; classtype:trojan-activity;sid:83931171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068069)"; flow:established,from_client; content:"GET"; http_method; content:"/idk.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.195.26.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068069/; classtype:trojan-activity;sid:83931169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068070)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.py"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.195.26.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068070/; classtype:trojan-activity;sid:83931170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068067)"; flow:established,from_client; content:"GET"; http_method; content:"/test2.jpg.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.195.26.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068067/; classtype:trojan-activity;sid:83931167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068068)"; flow:established,from_client; content:"GET"; http_method; content:"/r00t.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.195.26.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068068/; classtype:trojan-activity;sid:83931168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.173.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068066/; classtype:trojan-activity;sid:83931166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.19.251.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068065/; classtype:trojan-activity;sid:83931165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068064)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.0.79.117"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068064/; classtype:trojan-activity;sid:83931164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068063)"; flow:established,from_client; content:"GET"; http_method; content:"/proxy.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.158.121.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068063/; classtype:trojan-activity;sid:83931163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.250.50.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068061/; classtype:trojan-activity;sid:83931161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.250.50.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068062/; classtype:trojan-activity;sid:83931162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068059)"; flow:established,from_client; content:"GET"; http_method; content:"/d/c.cmd"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"20.201.125.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068059/; classtype:trojan-activity;sid:83931159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068060)"; flow:established,from_client; content:"GET"; http_method; content:"/mtv/mono.m3u8"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"187.95.95.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068060/; classtype:trojan-activity;sid:83931160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.45.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068058/; classtype:trojan-activity;sid:83931158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.188.135.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068057/; classtype:trojan-activity;sid:83931157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068056)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.214.27.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068056/; classtype:trojan-activity;sid:83931156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068055/; classtype:trojan-activity;sid:83931155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.174.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068054/; classtype:trojan-activity;sid:83931154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.100.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068053/; classtype:trojan-activity;sid:83931153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.78.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068052/; classtype:trojan-activity;sid:83931152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.211.222.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068051/; classtype:trojan-activity;sid:83931151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068049)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.247.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068049/; classtype:trojan-activity;sid:83931149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.156.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068050/; classtype:trojan-activity;sid:83931150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068048/; classtype:trojan-activity;sid:83931148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068047)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.39.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068047/; classtype:trojan-activity;sid:83931147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068045)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.180.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068045/; classtype:trojan-activity;sid:83931145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.181.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068046/; classtype:trojan-activity;sid:83931146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.241.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068044/; classtype:trojan-activity;sid:83931144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.124.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068043/; classtype:trojan-activity;sid:83931143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.248.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068042/; classtype:trojan-activity;sid:83931142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.196.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068041/; classtype:trojan-activity;sid:83931141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.1.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068040/; classtype:trojan-activity;sid:83931140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.87.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068039/; classtype:trojan-activity;sid:83931139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.4.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068038/; classtype:trojan-activity;sid:83931138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.170.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068037/; classtype:trojan-activity;sid:83931137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068036/; classtype:trojan-activity;sid:83931136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.45.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068035/; classtype:trojan-activity;sid:83931135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.239.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068033/; classtype:trojan-activity;sid:83931133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068034)"; flow:established,from_client; content:"GET"; http_method; content:"/71/winiti.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"198.46.174.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068034/; classtype:trojan-activity;sid:83931134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.87.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068032/; classtype:trojan-activity;sid:83931132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068031)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.236.31.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068031/; classtype:trojan-activity;sid:83931131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.24.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068029/; classtype:trojan-activity;sid:83931129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068030)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.161.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068030/; classtype:trojan-activity;sid:83931130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.41.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068028/; classtype:trojan-activity;sid:83931128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.37.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068027/; classtype:trojan-activity;sid:83931127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.192.225.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068026/; classtype:trojan-activity;sid:83931126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068025)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.39.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068025/; classtype:trojan-activity;sid:83931125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.99.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068024/; classtype:trojan-activity;sid:83931124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.196.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068023/; classtype:trojan-activity;sid:83931123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.78.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068022/; classtype:trojan-activity;sid:83931122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.188.135.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068020/; classtype:trojan-activity;sid:83931120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.74.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068021/; classtype:trojan-activity;sid:83931121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.72.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068019/; classtype:trojan-activity;sid:83931119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068018/; classtype:trojan-activity;sid:83931118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068017)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.183.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068017/; classtype:trojan-activity;sid:83931117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068016)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.206.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068016/; classtype:trojan-activity;sid:83931116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.231.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068015/; classtype:trojan-activity;sid:83931115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.222.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068014/; classtype:trojan-activity;sid:83931114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.248.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068013/; classtype:trojan-activity;sid:83931113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.239.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068012/; classtype:trojan-activity;sid:83931112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.151.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068011/; classtype:trojan-activity;sid:83931111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.121.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068010/; classtype:trojan-activity;sid:83931110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.135.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068009/; classtype:trojan-activity;sid:83931109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068008)"; flow:established,from_client; content:"GET"; http_method; content:"/wpi-admin/alocation/download/cliente.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"mtmadvogados.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068008/; classtype:trojan-activity;sid:83931108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068007)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/ezm/ez/somethinggreatwithmeentiretimegetmebackthingsgreatgoinggreatthignseverwewhichamazingthings___________reallygreatthingseverhappened.doc"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"198.46.174.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068007/; classtype:trojan-activity;sid:83931107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.231.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068006/; classtype:trojan-activity;sid:83931106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068005)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.90.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068005/; classtype:trojan-activity;sid:83931105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.74.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068004/; classtype:trojan-activity;sid:83931104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068003)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.106.192.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068003/; classtype:trojan-activity;sid:83931103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068002)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.111.102.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068002/; classtype:trojan-activity;sid:83931102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.63.114.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068001/; classtype:trojan-activity;sid:83931101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.192.225.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068000/; classtype:trojan-activity;sid:83931100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.37.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067999/; classtype:trojan-activity;sid:83931099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.170.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067998/; classtype:trojan-activity;sid:83931098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.1.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067997/; classtype:trojan-activity;sid:83931097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.104.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067996/; classtype:trojan-activity;sid:83931096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.60.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067995/; classtype:trojan-activity;sid:83931095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.21.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067994/; classtype:trojan-activity;sid:83931094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.68.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067992/; classtype:trojan-activity;sid:83931092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.191.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067993/; classtype:trojan-activity;sid:83931093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.182.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067991/; classtype:trojan-activity;sid:83931091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.245.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067990/; classtype:trojan-activity;sid:83931090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067989)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.234.85.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067989/; classtype:trojan-activity;sid:83931089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.40.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067988/; classtype:trojan-activity;sid:83931088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.231.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067987/; classtype:trojan-activity;sid:83931087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067985)"; flow:established,from_client; content:"GET"; http_method; content:"/orderreview"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"gzw.loyalty.hienphucuanhanloai.org"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067985/; classtype:trojan-activity;sid:83931085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067986)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.180.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067986/; classtype:trojan-activity;sid:83931086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.161.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067984/; classtype:trojan-activity;sid:83931084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.114.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067983/; classtype:trojan-activity;sid:83931083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.240.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067982/; classtype:trojan-activity;sid:83931082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067981)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.38.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067981/; classtype:trojan-activity;sid:83931081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.74.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067978/; classtype:trojan-activity;sid:83931078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.222.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067979/; classtype:trojan-activity;sid:83931079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.182.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067980/; classtype:trojan-activity;sid:83931080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067977/; classtype:trojan-activity;sid:83931077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.186.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067976/; classtype:trojan-activity;sid:83931076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.135.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067975/; classtype:trojan-activity;sid:83931075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.71.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067974/; classtype:trojan-activity;sid:83931074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.21.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067973/; classtype:trojan-activity;sid:83931073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.180.47.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067972/; classtype:trojan-activity;sid:83931072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.111.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067971/; classtype:trojan-activity;sid:83931071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.231.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067970/; classtype:trojan-activity;sid:83931070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067969)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.46.151.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067969/; classtype:trojan-activity;sid:83931069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067968)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.240.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067968/; classtype:trojan-activity;sid:83931068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.186.10.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067967/; classtype:trojan-activity;sid:83931067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.21.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067966/; classtype:trojan-activity;sid:83931066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.60.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067964/; classtype:trojan-activity;sid:83931064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.182.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067965/; classtype:trojan-activity;sid:83931065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.85.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067963/; classtype:trojan-activity;sid:83931063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.173.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067962/; classtype:trojan-activity;sid:83931062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.7.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067961/; classtype:trojan-activity;sid:83931061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.68.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067960/; classtype:trojan-activity;sid:83931060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067959)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.184.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067959/; classtype:trojan-activity;sid:83931059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.148.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067958/; classtype:trojan-activity;sid:83931058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.232.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067957/; classtype:trojan-activity;sid:83931057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067956)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.177.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067956/; classtype:trojan-activity;sid:83931056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.207.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067955/; classtype:trojan-activity;sid:83931055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.137.248.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067954/; classtype:trojan-activity;sid:83931054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.191.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067952/; classtype:trojan-activity;sid:83931052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.42.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067953/; classtype:trojan-activity;sid:83931053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.74.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067951/; classtype:trojan-activity;sid:83931051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.111.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067950/; classtype:trojan-activity;sid:83931050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.40.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067949/; classtype:trojan-activity;sid:83931049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.186.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067948/; classtype:trojan-activity;sid:83931048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.118.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067947/; classtype:trojan-activity;sid:83931047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.1.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067946/; classtype:trojan-activity;sid:83931046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.240.47.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067945/; classtype:trojan-activity;sid:83931045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067944)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.245.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067944/; classtype:trojan-activity;sid:83931044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067943)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.183.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067943/; classtype:trojan-activity;sid:83931043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067940)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.180.47.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067940/; classtype:trojan-activity;sid:83931040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067941)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.158.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067941/; classtype:trojan-activity;sid:83931041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067942)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.163.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067942/; classtype:trojan-activity;sid:83931042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.133.113.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067939/; classtype:trojan-activity;sid:83931039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067938)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.21.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067938/; classtype:trojan-activity;sid:83931038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.178.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067937/; classtype:trojan-activity;sid:83931037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.180.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067936/; classtype:trojan-activity;sid:83931036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.1.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067935/; classtype:trojan-activity;sid:83931035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.100.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067933/; classtype:trojan-activity;sid:83931033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.28.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067934/; classtype:trojan-activity;sid:83931034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.206.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067932/; classtype:trojan-activity;sid:83931032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.186.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067931/; classtype:trojan-activity;sid:83931031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.40.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067930/; classtype:trojan-activity;sid:83931030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.173.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067929/; classtype:trojan-activity;sid:83931029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.61.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067928/; classtype:trojan-activity;sid:83931028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.102.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067927/; classtype:trojan-activity;sid:83931027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067926)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.22.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067926/; classtype:trojan-activity;sid:83931026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067925)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.175.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067925/; classtype:trojan-activity;sid:83931025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.65.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067923/; classtype:trojan-activity;sid:83931023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067924)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.64.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067924/; classtype:trojan-activity;sid:83931024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.40.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067922/; classtype:trojan-activity;sid:83931022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.85.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067921/; classtype:trojan-activity;sid:83931021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.200.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067920/; classtype:trojan-activity;sid:83931020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.207.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067919/; classtype:trojan-activity;sid:83931019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.0.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067918/; classtype:trojan-activity;sid:83931018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.42.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067917/; classtype:trojan-activity;sid:83931017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.208.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067916/; classtype:trojan-activity;sid:83931016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.172.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067915/; classtype:trojan-activity;sid:83931015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.186.84.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067914/; classtype:trojan-activity;sid:83931014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.1.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067913/; classtype:trojan-activity;sid:83931013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.215.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067912/; classtype:trojan-activity;sid:83931012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.13.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067911/; classtype:trojan-activity;sid:83931011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.42.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067910/; classtype:trojan-activity;sid:83931010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067909)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.121.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067909/; classtype:trojan-activity;sid:83931009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067908)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.78.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067908/; classtype:trojan-activity;sid:83931008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067907)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.221.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067907/; classtype:trojan-activity;sid:83931007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.232.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067906/; classtype:trojan-activity;sid:83931006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067905)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.108.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067905/; classtype:trojan-activity;sid:83931005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.133.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067904/; classtype:trojan-activity;sid:83931004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.4.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067903/; classtype:trojan-activity;sid:83931003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.100.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067902/; classtype:trojan-activity;sid:83931002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.180.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067901/; classtype:trojan-activity;sid:83931001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.210.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067900/; classtype:trojan-activity;sid:83931000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.237.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067899/; classtype:trojan-activity;sid:83930999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.28.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067898/; classtype:trojan-activity;sid:83930998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.206.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067897/; classtype:trojan-activity;sid:83930997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.86.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067895/; classtype:trojan-activity;sid:83930995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.168.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067896/; classtype:trojan-activity;sid:83930996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.128.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067894/; classtype:trojan-activity;sid:83930994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.242.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067893/; classtype:trojan-activity;sid:83930993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.102.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067892/; classtype:trojan-activity;sid:83930992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067891/; classtype:trojan-activity;sid:83930991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067890)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.109.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067890/; classtype:trojan-activity;sid:83930990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.134.242.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067889/; classtype:trojan-activity;sid:83930989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067888)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.255.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067888/; classtype:trojan-activity;sid:83930988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067887)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.224.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067887/; classtype:trojan-activity;sid:83930987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067885)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.232.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067885/; classtype:trojan-activity;sid:83930985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067886)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.209.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067886/; classtype:trojan-activity;sid:83930986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.217.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067884/; classtype:trojan-activity;sid:83930984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.216.179.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067883/; classtype:trojan-activity;sid:83930983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.56.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067882/; classtype:trojan-activity;sid:83930982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.251.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067881/; classtype:trojan-activity;sid:83930981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.208.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067879/; classtype:trojan-activity;sid:83930979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.200.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067880/; classtype:trojan-activity;sid:83930980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.22.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067878/; classtype:trojan-activity;sid:83930978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.186.84.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067877/; classtype:trojan-activity;sid:83930977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.175.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067876/; classtype:trojan-activity;sid:83930976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.70.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067875/; classtype:trojan-activity;sid:83930975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.240.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067874/; classtype:trojan-activity;sid:83930974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.78.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067872/; classtype:trojan-activity;sid:83930972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.173.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067873/; classtype:trojan-activity;sid:83930973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.180.72.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067870/; classtype:trojan-activity;sid:83930970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.38.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067871/; classtype:trojan-activity;sid:83930971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067869)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.26.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067869/; classtype:trojan-activity;sid:83930969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.82.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067868/; classtype:trojan-activity;sid:83930968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.189.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067867/; classtype:trojan-activity;sid:83930967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.133.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067866/; classtype:trojan-activity;sid:83930966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067864)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.166.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067864/; classtype:trojan-activity;sid:83930964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.239.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067865/; classtype:trojan-activity;sid:83930965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.171.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067863/; classtype:trojan-activity;sid:83930963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.74.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067862/; classtype:trojan-activity;sid:83930962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.254.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067861/; classtype:trojan-activity;sid:83930961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.248.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067860/; classtype:trojan-activity;sid:83930960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.39.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067859/; classtype:trojan-activity;sid:83930959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.86.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067858/; classtype:trojan-activity;sid:83930958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.210.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067857/; classtype:trojan-activity;sid:83930957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.56.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067856/; classtype:trojan-activity;sid:83930956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.4.163.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067855/; classtype:trojan-activity;sid:83930955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.215.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067854/; classtype:trojan-activity;sid:83930954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067853)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.230.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067853/; classtype:trojan-activity;sid:83930953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.234.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067852/; classtype:trojan-activity;sid:83930952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.134.242.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067851/; classtype:trojan-activity;sid:83930951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.119.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067850/; classtype:trojan-activity;sid:83930950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067849)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.100.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067849/; classtype:trojan-activity;sid:83930949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067848)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.114.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067848/; classtype:trojan-activity;sid:83930948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067847)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.141.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067847/; classtype:trojan-activity;sid:83930947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067846)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.112.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067846/; classtype:trojan-activity;sid:83930946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067845)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.217.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067845/; classtype:trojan-activity;sid:83930945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.22.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067844/; classtype:trojan-activity;sid:83930944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.148.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067843/; classtype:trojan-activity;sid:83930943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.247.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067842/; classtype:trojan-activity;sid:83930942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.157.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067841/; classtype:trojan-activity;sid:83930941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.112.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067840/; classtype:trojan-activity;sid:83930940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.251.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067839/; classtype:trojan-activity;sid:83930939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067838/; classtype:trojan-activity;sid:83930938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.56.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067837/; classtype:trojan-activity;sid:83930937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.240.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067836/; classtype:trojan-activity;sid:83930936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.82.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067835/; classtype:trojan-activity;sid:83930935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.180.72.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067834/; classtype:trojan-activity;sid:83930934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067833)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.56.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067833/; classtype:trojan-activity;sid:83930933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.87.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067832/; classtype:trojan-activity;sid:83930932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067831)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.136.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067831/; classtype:trojan-activity;sid:83930931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067830)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.132.76.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067830/; classtype:trojan-activity;sid:83930930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.167.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067829/; classtype:trojan-activity;sid:83930929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067828)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.88.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067828/; classtype:trojan-activity;sid:83930928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.90.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067827/; classtype:trojan-activity;sid:83930927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.19.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067826/; classtype:trojan-activity;sid:83930926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.214.229.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067825/; classtype:trojan-activity;sid:83930925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.0.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067824/; classtype:trojan-activity;sid:83930924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.74.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067822/; classtype:trojan-activity;sid:83930922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067823)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.110.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067823/; classtype:trojan-activity;sid:83930923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.163.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067821/; classtype:trojan-activity;sid:83930921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.221.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067819/; classtype:trojan-activity;sid:83930919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.38.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067820/; classtype:trojan-activity;sid:83930920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.163.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067818/; classtype:trojan-activity;sid:83930918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.180.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067817/; classtype:trojan-activity;sid:83930917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.105.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067816/; classtype:trojan-activity;sid:83930916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.36.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067815/; classtype:trojan-activity;sid:83930915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.73.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067813/; classtype:trojan-activity;sid:83930913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.4.163.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067814/; classtype:trojan-activity;sid:83930914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.147.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067812/; classtype:trojan-activity;sid:83930912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.152.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067811/; classtype:trojan-activity;sid:83930911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.9.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067810/; classtype:trojan-activity;sid:83930910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.86.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067809/; classtype:trojan-activity;sid:83930909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.234.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067808/; classtype:trojan-activity;sid:83930908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.187.252.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067807/; classtype:trojan-activity;sid:83930907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.150.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067806/; classtype:trojan-activity;sid:83930906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.59.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067805/; classtype:trojan-activity;sid:83930905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.119.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067804/; classtype:trojan-activity;sid:83930904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.98.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067803/; classtype:trojan-activity;sid:83930903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067802)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.220.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067802/; classtype:trojan-activity;sid:83930902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.0.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067801/; classtype:trojan-activity;sid:83930901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067800)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.77.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067800/; classtype:trojan-activity;sid:83930900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.28.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067799/; classtype:trojan-activity;sid:83930899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067798)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.130.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067798/; classtype:trojan-activity;sid:83930898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067797)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.97.142.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067797/; classtype:trojan-activity;sid:83930897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.157.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067796/; classtype:trojan-activity;sid:83930896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067795)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.10.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067795/; classtype:trojan-activity;sid:83930895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.113.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067793/; classtype:trojan-activity;sid:83930893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.122.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067794/; classtype:trojan-activity;sid:83930894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.7.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067792/; classtype:trojan-activity;sid:83930892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.240.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067790/; classtype:trojan-activity;sid:83930890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.17.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067791/; classtype:trojan-activity;sid:83930891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.169.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067789/; classtype:trojan-activity;sid:83930889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.112.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067788/; classtype:trojan-activity;sid:83930888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.68.57.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067787/; classtype:trojan-activity;sid:83930887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.163.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067786/; classtype:trojan-activity;sid:83930886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.213.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067785/; classtype:trojan-activity;sid:83930885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.180.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067784/; classtype:trojan-activity;sid:83930884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.173.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067783/; classtype:trojan-activity;sid:83930883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.215.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067782/; classtype:trojan-activity;sid:83930882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.132.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067781/; classtype:trojan-activity;sid:83930881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.251.5.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067780/; classtype:trojan-activity;sid:83930880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.221.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067779/; classtype:trojan-activity;sid:83930879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.95.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067778/; classtype:trojan-activity;sid:83930878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.22.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067777/; classtype:trojan-activity;sid:83930877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.90.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067776/; classtype:trojan-activity;sid:83930876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.43.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067774/; classtype:trojan-activity;sid:83930874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.117.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067775/; classtype:trojan-activity;sid:83930875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.251.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067773/; classtype:trojan-activity;sid:83930873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.91.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067772/; classtype:trojan-activity;sid:83930872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067771)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.180.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067771/; classtype:trojan-activity;sid:83930871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.39.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067770/; classtype:trojan-activity;sid:83930870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.98.124.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067769/; classtype:trojan-activity;sid:83930869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.161.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067768/; classtype:trojan-activity;sid:83930868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.98.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067767/; classtype:trojan-activity;sid:83930867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.148.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067765/; classtype:trojan-activity;sid:83930865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.122.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067766/; classtype:trojan-activity;sid:83930866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.152.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067763/; classtype:trojan-activity;sid:83930863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.47.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067764/; classtype:trojan-activity;sid:83930864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.248.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067762/; classtype:trojan-activity;sid:83930862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067761/; classtype:trojan-activity;sid:83930861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.77.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067760/; classtype:trojan-activity;sid:83930860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067759)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067759/; classtype:trojan-activity;sid:83930859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067758)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.253.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067758/; classtype:trojan-activity;sid:83930858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067757)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.139.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067757/; classtype:trojan-activity;sid:83930857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067756)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.23.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067756/; classtype:trojan-activity;sid:83930856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067755)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.131.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067755/; classtype:trojan-activity;sid:83930855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.13.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067754/; classtype:trojan-activity;sid:83930854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.68.57.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067753/; classtype:trojan-activity;sid:83930853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.20.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067752/; classtype:trojan-activity;sid:83930852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.83.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067751/; classtype:trojan-activity;sid:83930851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.215.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067750/; classtype:trojan-activity;sid:83930850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067749)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.10.61.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067749/; classtype:trojan-activity;sid:83930849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.188.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067747/; classtype:trojan-activity;sid:83930847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.43.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067748/; classtype:trojan-activity;sid:83930848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.158.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067746/; classtype:trojan-activity;sid:83930846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.47.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067745/; classtype:trojan-activity;sid:83930845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.113.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067744/; classtype:trojan-activity;sid:83930844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.22.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067743/; classtype:trojan-activity;sid:83930843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067742)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.174.238.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067742/; classtype:trojan-activity;sid:83930842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067741)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.221.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067741/; classtype:trojan-activity;sid:83930841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.117.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067740/; classtype:trojan-activity;sid:83930840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.98.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067738/; classtype:trojan-activity;sid:83930838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.194.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067739/; classtype:trojan-activity;sid:83930839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.229.88.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067737/; classtype:trojan-activity;sid:83930837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.39.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067736/; classtype:trojan-activity;sid:83930836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.50.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067734/; classtype:trojan-activity;sid:83930834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.110.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067735/; classtype:trojan-activity;sid:83930835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.136.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067733/; classtype:trojan-activity;sid:83930833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.37.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067732/; classtype:trojan-activity;sid:83930832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.173.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067731/; classtype:trojan-activity;sid:83930831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.110.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067730/; classtype:trojan-activity;sid:83930830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.112.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067729/; classtype:trojan-activity;sid:83930829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.207.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067728/; classtype:trojan-activity;sid:83930828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.8.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067727/; classtype:trojan-activity;sid:83930827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.100.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067726/; classtype:trojan-activity;sid:83930826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.48.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067725/; classtype:trojan-activity;sid:83930825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.98.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067724/; classtype:trojan-activity;sid:83930824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.127.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067723/; classtype:trojan-activity;sid:83930823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.226.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067722/; classtype:trojan-activity;sid:83930822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.180.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067721/; classtype:trojan-activity;sid:83930821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.171.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067720/; classtype:trojan-activity;sid:83930820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.188.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067719/; classtype:trojan-activity;sid:83930819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.47.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067718/; classtype:trojan-activity;sid:83930818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.159.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067717/; classtype:trojan-activity;sid:83930817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.158.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067716/; classtype:trojan-activity;sid:83930816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.113.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067715/; classtype:trojan-activity;sid:83930815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.23.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067714/; classtype:trojan-activity;sid:83930814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067713/; classtype:trojan-activity;sid:83930813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.132.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067712/; classtype:trojan-activity;sid:83930812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.208.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067711/; classtype:trojan-activity;sid:83930811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.50.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067710/; classtype:trojan-activity;sid:83930810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.125.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067709/; classtype:trojan-activity;sid:83930809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.187.233.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067708/; classtype:trojan-activity;sid:83930808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.22.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067707/; classtype:trojan-activity;sid:83930807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067705)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.106.65.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067705/; classtype:trojan-activity;sid:83930805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067706)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.234.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067706/; classtype:trojan-activity;sid:83930806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067703)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.119.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067703/; classtype:trojan-activity;sid:83930803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067704)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.83.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067704/; classtype:trojan-activity;sid:83930804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067702)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.246.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067702/; classtype:trojan-activity;sid:83930802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.112.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067701/; classtype:trojan-activity;sid:83930801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.196.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067700/; classtype:trojan-activity;sid:83930800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.174.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067698/; classtype:trojan-activity;sid:83930798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067699)"; flow:established,from_client; content:"GET"; http_method; content:"/doc869877400_679054576|3f|hash=jhnug28kd4w2cq3d633basbuzchqowijklymonds73g|7c|26|7c|dl=njqyum4u6mhafqf2rqakicdjp7pnj3flpjxuezj8rzt|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067699/; classtype:trojan-activity;sid:83930799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067696)"; flow:established,from_client; content:"GET"; http_method; content:"/bingo/joom.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"85.28.47.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067696/; classtype:trojan-activity;sid:83930796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.173.69.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067697/; classtype:trojan-activity;sid:83930797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.17.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067695/; classtype:trojan-activity;sid:83930795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.214.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067694/; classtype:trojan-activity;sid:83930794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.100.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067693/; classtype:trojan-activity;sid:83930793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.173.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067692/; classtype:trojan-activity;sid:83930792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.90.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067691/; classtype:trojan-activity;sid:83930791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.180.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067690/; classtype:trojan-activity;sid:83930790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.159.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067689/; classtype:trojan-activity;sid:83930789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.10.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067688/; classtype:trojan-activity;sid:83930788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.113.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067687/; classtype:trojan-activity;sid:83930787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067686)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.25.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067686/; classtype:trojan-activity;sid:83930786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.245.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067685/; classtype:trojan-activity;sid:83930785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067684)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.42.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067684/; classtype:trojan-activity;sid:83930784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067683)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.61.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067683/; classtype:trojan-activity;sid:83930783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.197.72.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067682/; classtype:trojan-activity;sid:83930782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.99.220.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067681/; classtype:trojan-activity;sid:83930781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.180.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067680/; classtype:trojan-activity;sid:83930780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.81.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067679/; classtype:trojan-activity;sid:83930779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067677)"; flow:established,from_client; content:"GET"; http_method; content:"/privs/chisel.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"166.88.141.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067677/; classtype:trojan-activity;sid:83930777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067678)"; flow:established,from_client; content:"GET"; http_method; content:"/privs/chisel32.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"166.88.141.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067678/; classtype:trojan-activity;sid:83930778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067675)"; flow:established,from_client; content:"GET"; http_method; content:"/privs/chisel.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"166.88.141.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067675/; classtype:trojan-activity;sid:83930775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067676)"; flow:established,from_client; content:"GET"; http_method; content:"/privs/chisel32.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"166.88.141.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067676/; classtype:trojan-activity;sid:83930776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067664)"; flow:established,from_client; content:"GET"; http_method; content:"/privs/fullpowers.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"166.88.141.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067664/; classtype:trojan-activity;sid:83930764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067666)"; flow:established,from_client; content:"GET"; http_method; content:"/privs/2023.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"166.88.141.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067666/; classtype:trojan-activity;sid:83930766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067667)"; flow:established,from_client; content:"GET"; http_method; content:"/privs/fullpowers.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"166.88.141.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067667/; classtype:trojan-activity;sid:83930767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067668)"; flow:established,from_client; content:"GET"; http_method; content:"/privs/roguepotato.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"166.88.141.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067668/; classtype:trojan-activity;sid:83930768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067669)"; flow:established,from_client; content:"GET"; http_method; content:"/privs/nc.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"166.88.141.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067669/; classtype:trojan-activity;sid:83930769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067670)"; flow:established,from_client; content:"GET"; http_method; content:"/privs/roguepotato.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"166.88.141.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067670/; classtype:trojan-activity;sid:83930770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067671)"; flow:established,from_client; content:"GET"; http_method; content:"/privs/pf64.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"166.88.141.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067671/; classtype:trojan-activity;sid:83930771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067672)"; flow:established,from_client; content:"GET"; http_method; content:"/privs/jp.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"166.88.141.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067672/; classtype:trojan-activity;sid:83930772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067673)"; flow:established,from_client; content:"GET"; http_method; content:"/privs/nc.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"166.88.141.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067673/; classtype:trojan-activity;sid:83930773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067674)"; flow:established,from_client; content:"GET"; http_method; content:"/privs/roguepotato.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"166.88.141.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067674/; classtype:trojan-activity;sid:83930774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067658)"; flow:established,from_client; content:"GET"; http_method; content:"/privs/sp.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"166.88.141.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067658/; classtype:trojan-activity;sid:83930758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067659)"; flow:established,from_client; content:"GET"; http_method; content:"/privs/pf32.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"166.88.141.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067659/; classtype:trojan-activity;sid:83930759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067660)"; flow:established,from_client; content:"GET"; http_method; content:"/privs/2023.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"166.88.141.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067660/; classtype:trojan-activity;sid:83930760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067661)"; flow:established,from_client; content:"GET"; http_method; content:"/privs/rp.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"166.88.141.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067661/; classtype:trojan-activity;sid:83930761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067662)"; flow:established,from_client; content:"GET"; http_method; content:"/privs/jp.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"166.88.141.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067662/; classtype:trojan-activity;sid:83930762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067663)"; flow:established,from_client; content:"GET"; http_method; content:"/privs/rogueoxidresolver.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"166.88.141.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067663/; classtype:trojan-activity;sid:83930763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067654)"; flow:established,from_client; content:"GET"; http_method; content:"/privs/pf32.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"166.88.141.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067654/; classtype:trojan-activity;sid:83930754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067650)"; flow:established,from_client; content:"GET"; http_method; content:"/privs/rogueoxidresolver.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"166.88.141.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067650/; classtype:trojan-activity;sid:83930750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067651)"; flow:established,from_client; content:"GET"; http_method; content:"/privs/sp.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"166.88.141.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067651/; classtype:trojan-activity;sid:83930751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067647)"; flow:established,from_client; content:"GET"; http_method; content:"/privs/pf64.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"166.88.141.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067647/; classtype:trojan-activity;sid:83930747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067648)"; flow:established,from_client; content:"GET"; http_method; content:"/privs/rp.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"166.88.141.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067648/; classtype:trojan-activity;sid:83930748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067649)"; flow:established,from_client; content:"GET"; http_method; content:"/privs/roguepotato.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"166.88.141.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067649/; classtype:trojan-activity;sid:83930749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.9.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067646/; classtype:trojan-activity;sid:83930746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067645)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"171.240.4.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067645/; classtype:trojan-activity;sid:83930745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.187.233.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067644/; classtype:trojan-activity;sid:83930744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.23.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067642/; classtype:trojan-activity;sid:83930742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.125.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067643/; classtype:trojan-activity;sid:83930743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.133.113.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067641/; classtype:trojan-activity;sid:83930741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067640)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.2.221"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067640/; classtype:trojan-activity;sid:83930740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067639)"; flow:established,from_client; content:"GET"; http_method; content:"/industries.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sunorox.cloud"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067639/; classtype:trojan-activity;sid:83930739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067638)"; flow:established,from_client; content:"GET"; http_method; content:"/industries.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sunorox.cloud"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067638/; classtype:trojan-activity;sid:83930738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.29.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067637/; classtype:trojan-activity;sid:83930737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067636)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.102.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067636/; classtype:trojan-activity;sid:83930736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067635)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.194.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067635/; classtype:trojan-activity;sid:83930735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067634)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.119.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067634/; classtype:trojan-activity;sid:83930734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067633)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.167.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067633/; classtype:trojan-activity;sid:83930733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.229.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067631/; classtype:trojan-activity;sid:83930731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.175.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067632/; classtype:trojan-activity;sid:83930732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.202.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067630/; classtype:trojan-activity;sid:83930730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.42.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067629/; classtype:trojan-activity;sid:83930729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.34.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067628/; classtype:trojan-activity;sid:83930728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.17.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067627/; classtype:trojan-activity;sid:83930727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.214.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067626/; classtype:trojan-activity;sid:83930726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.180.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067624/; classtype:trojan-activity;sid:83930724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.9.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067625/; classtype:trojan-activity;sid:83930725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.166.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067623/; classtype:trojan-activity;sid:83930723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067622)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.214.90.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067622/; classtype:trojan-activity;sid:83930722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.19.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067621/; classtype:trojan-activity;sid:83930721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.118.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067618/; classtype:trojan-activity;sid:83930718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.90.1.239"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067619/; classtype:trojan-activity;sid:83930719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.171.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067620/; classtype:trojan-activity;sid:83930720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.131.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067617/; classtype:trojan-activity;sid:83930717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.88.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067616/; classtype:trojan-activity;sid:83930716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.194.254.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067615/; classtype:trojan-activity;sid:83930715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.137.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067614/; classtype:trojan-activity;sid:83930714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.87.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067613/; classtype:trojan-activity;sid:83930713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067612)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.46.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067612/; classtype:trojan-activity;sid:83930712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067611)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.45.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067611/; classtype:trojan-activity;sid:83930711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067610)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067610/; classtype:trojan-activity;sid:83930710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067609)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.147.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067609/; classtype:trojan-activity;sid:83930709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.167.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067608/; classtype:trojan-activity;sid:83930708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.171.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067607/; classtype:trojan-activity;sid:83930707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.182.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3067606/; classtype:trojan-activity;sid:83930706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.45.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067605/; classtype:trojan-activity;sid:83930705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067604)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.124.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067604/; classtype:trojan-activity;sid:83930704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.10.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067603/; classtype:trojan-activity;sid:83930703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.103.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067602/; classtype:trojan-activity;sid:83930702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.82.191.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067601/; classtype:trojan-activity;sid:83930701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.162.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067600/; classtype:trojan-activity;sid:83930700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.8.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067599/; classtype:trojan-activity;sid:83930699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067597)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.88.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067597/; classtype:trojan-activity;sid:83930697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067598/; classtype:trojan-activity;sid:83930698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.93.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067596/; classtype:trojan-activity;sid:83930696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.202.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067595/; classtype:trojan-activity;sid:83930695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067592)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.24.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067592/; classtype:trojan-activity;sid:83930692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067593)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.169.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067593/; classtype:trojan-activity;sid:83930693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067594)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.227.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067594/; classtype:trojan-activity;sid:83930694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.229.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067591/; classtype:trojan-activity;sid:83930691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.185.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067589/; classtype:trojan-activity;sid:83930689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.90.1.239"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067590/; classtype:trojan-activity;sid:83930690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.175.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067588/; classtype:trojan-activity;sid:83930688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.87.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067586/; classtype:trojan-activity;sid:83930686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.247.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067587/; classtype:trojan-activity;sid:83930687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067584)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067584/; classtype:trojan-activity;sid:83930684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067585)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067585/; classtype:trojan-activity;sid:83930685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067578)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067578/; classtype:trojan-activity;sid:83930678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067579)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067579/; classtype:trojan-activity;sid:83930679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067580)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067580/; classtype:trojan-activity;sid:83930680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067581)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067581/; classtype:trojan-activity;sid:83930681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.104.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067582/; classtype:trojan-activity;sid:83930682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067583)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067583/; classtype:trojan-activity;sid:83930683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067573)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067573/; classtype:trojan-activity;sid:83930673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067574)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067574/; classtype:trojan-activity;sid:83930674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067575)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067575/; classtype:trojan-activity;sid:83930675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067576)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067576/; classtype:trojan-activity;sid:83930676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067577)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067577/; classtype:trojan-activity;sid:83930677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067566)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067566/; classtype:trojan-activity;sid:83930666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067567)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067567/; classtype:trojan-activity;sid:83930667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067568)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067568/; classtype:trojan-activity;sid:83930668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067569)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067569/; classtype:trojan-activity;sid:83930669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067570)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067570/; classtype:trojan-activity;sid:83930670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067571)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067571/; classtype:trojan-activity;sid:83930671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067572)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.215.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067572/; classtype:trojan-activity;sid:83930672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.180.163.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067565/; classtype:trojan-activity;sid:83930665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.118.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067564/; classtype:trojan-activity;sid:83930664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.16.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067563/; classtype:trojan-activity;sid:83930663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.68.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067561/; classtype:trojan-activity;sid:83930661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.131.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067562/; classtype:trojan-activity;sid:83930662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.6.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067560/; classtype:trojan-activity;sid:83930660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.5.162"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067557/; classtype:trojan-activity;sid:83930657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.20.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067558/; classtype:trojan-activity;sid:83930658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.137.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067559/; classtype:trojan-activity;sid:83930659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.45.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067556/; classtype:trojan-activity;sid:83930656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.171.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067555/; classtype:trojan-activity;sid:83930655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.182.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067554/; classtype:trojan-activity;sid:83930654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.164.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067553/; classtype:trojan-activity;sid:83930653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067551)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.61.153.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067551/; classtype:trojan-activity;sid:83930651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.113.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067552/; classtype:trojan-activity;sid:83930652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.118.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067550/; classtype:trojan-activity;sid:83930650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.14.57.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067548/; classtype:trojan-activity;sid:83930648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.119.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067549/; classtype:trojan-activity;sid:83930649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067544)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pered.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.financetodayusa.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067544/; classtype:trojan-activity;sid:83930644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067545)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"globalfinmasters.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067545/; classtype:trojan-activity;sid:83930645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067546)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pered.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.globalfinmasters.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067546/; classtype:trojan-activity;sid:83930646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067547)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"financetodayusa.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067547/; classtype:trojan-activity;sid:83930647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067542)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.financetodayusa.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067542/; classtype:trojan-activity;sid:83930642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067543)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2020.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.globalfinmasters.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067543/; classtype:trojan-activity;sid:83930643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067541)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"globalbankpay.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067541/; classtype:trojan-activity;sid:83930641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067540)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pered.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"globalfinmasters.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067540/; classtype:trojan-activity;sid:83930640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067539)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pered.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"globalbankpay.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067539/; classtype:trojan-activity;sid:83930639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067537)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.globalbankpay.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067537/; classtype:trojan-activity;sid:83930637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067538)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pered.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.globalbankpay.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067538/; classtype:trojan-activity;sid:83930638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067536)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2020.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"financetodayusa.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067536/; classtype:trojan-activity;sid:83930636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067535)"; flow:established,from_client; content:"GET"; http_method; content:"/soka/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"globalfinmasters.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067535/; classtype:trojan-activity;sid:83930635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067533)"; flow:established,from_client; content:"GET"; http_method; content:"/well/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.globalfinmasters.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067533/; classtype:trojan-activity;sid:83930633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067534)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2020.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.financetodayusa.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067534/; classtype:trojan-activity;sid:83930634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067532)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2020.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"globalbankpay.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067532/; classtype:trojan-activity;sid:83930632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067531)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/4ck3rr.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"financetodayusa.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067531/; classtype:trojan-activity;sid:83930631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067530)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5447jsx.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.globalfinmasters.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067530/; classtype:trojan-activity;sid:83930630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067529)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svhosts.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.globalbankpay.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067529/; classtype:trojan-activity;sid:83930629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.103.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067528/; classtype:trojan-activity;sid:83930628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067527)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svhosts.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"financetodayusa.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067527/; classtype:trojan-activity;sid:83930627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067526)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypteda.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.globalbankpay.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067526/; classtype:trojan-activity;sid:83930626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067525)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2020.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.globalbankpay.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067525/; classtype:trojan-activity;sid:83930625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067522)"; flow:established,from_client; content:"GET"; http_method; content:"/cost/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"globalfinmasters.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067522/; classtype:trojan-activity;sid:83930622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067523)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2020.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"globalfinmasters.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067523/; classtype:trojan-activity;sid:83930623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067524)"; flow:established,from_client; content:"GET"; http_method; content:"/soka/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.globalfinmasters.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067524/; classtype:trojan-activity;sid:83930624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067517)"; flow:established,from_client; content:"GET"; http_method; content:"/stealc/random.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"globalbankpay.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067517/; classtype:trojan-activity;sid:83930617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067518)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/4ck3rr.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.globalfinmasters.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067518/; classtype:trojan-activity;sid:83930618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067519)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypteda.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"globalfinmasters.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067519/; classtype:trojan-activity;sid:83930619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067520)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypted.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.globalfinmasters.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067520/; classtype:trojan-activity;sid:83930620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067521)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypteda.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.globalfinmasters.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067521/; classtype:trojan-activity;sid:83930621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067514)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5447jsx.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.financetodayusa.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067514/; classtype:trojan-activity;sid:83930614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067515)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pered.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"financetodayusa.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067515/; classtype:trojan-activity;sid:83930615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067516)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypteda.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"globalbankpay.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067516/; classtype:trojan-activity;sid:83930616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067513)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypted.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.globalbankpay.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067513/; classtype:trojan-activity;sid:83930613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067512)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypted.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.financetodayusa.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067512/; classtype:trojan-activity;sid:83930612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067510)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5447jsx.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"globalbankpay.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067510/; classtype:trojan-activity;sid:83930610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067511)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/25072023.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"globalbankpay.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067511/; classtype:trojan-activity;sid:83930611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067506)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.globalfinmasters.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067506/; classtype:trojan-activity;sid:83930606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067507)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svhosts.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.financetodayusa.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067507/; classtype:trojan-activity;sid:83930607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067508)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/25072023.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.globalbankpay.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067508/; classtype:trojan-activity;sid:83930608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067509)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5447jsx.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.globalbankpay.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067509/; classtype:trojan-activity;sid:83930609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067505)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svhosts.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"globalbankpay.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067505/; classtype:trojan-activity;sid:83930605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067502)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/4ck3rr.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"globalfinmasters.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067502/; classtype:trojan-activity;sid:83930602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067503)"; flow:established,from_client; content:"GET"; http_method; content:"/soka/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.globalbankpay.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067503/; classtype:trojan-activity;sid:83930603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067504)"; flow:established,from_client; content:"GET"; http_method; content:"/cost/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"globalbankpay.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067504/; classtype:trojan-activity;sid:83930604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067500)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5447jsx.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"globalfinmasters.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067500/; classtype:trojan-activity;sid:83930600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067501)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/4ck3rr.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"globalbankpay.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067501/; classtype:trojan-activity;sid:83930601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067499)"; flow:established,from_client; content:"GET"; http_method; content:"/stealc/random.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"financetodayusa.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067499/; classtype:trojan-activity;sid:83930599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067498)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gawdth.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.financetodayusa.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067498/; classtype:trojan-activity;sid:83930598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067497)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/4ck3rr.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.financetodayusa.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067497/; classtype:trojan-activity;sid:83930597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067496)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/4ck3rr.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.globalbankpay.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067496/; classtype:trojan-activity;sid:83930596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067495)"; flow:established,from_client; content:"GET"; http_method; content:"/well/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.globalbankpay.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067495/; classtype:trojan-activity;sid:83930595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067482)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/25072023.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.financetodayusa.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067482/; classtype:trojan-activity;sid:83930582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067483)"; flow:established,from_client; content:"GET"; http_method; content:"/well/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"financetodayusa.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067483/; classtype:trojan-activity;sid:83930583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067484)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gawdth.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.globalbankpay.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067484/; classtype:trojan-activity;sid:83930584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067485)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gawdth.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"globalfinmasters.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067485/; classtype:trojan-activity;sid:83930585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067486)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypted.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"financetodayusa.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067486/; classtype:trojan-activity;sid:83930586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067487)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gawdth.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.globalfinmasters.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067487/; classtype:trojan-activity;sid:83930587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067488)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypteda.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"financetodayusa.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067488/; classtype:trojan-activity;sid:83930588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067489)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svhosts.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"globalfinmasters.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067489/; classtype:trojan-activity;sid:83930589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067490)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypted.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"globalbankpay.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067490/; classtype:trojan-activity;sid:83930590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067491)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypted.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"globalfinmasters.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067491/; classtype:trojan-activity;sid:83930591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067492)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gawdth.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"financetodayusa.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067492/; classtype:trojan-activity;sid:83930592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067493)"; flow:established,from_client; content:"GET"; http_method; content:"/soka/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.financetodayusa.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067493/; classtype:trojan-activity;sid:83930593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067494)"; flow:established,from_client; content:"GET"; http_method; content:"/soka/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"globalbankpay.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067494/; classtype:trojan-activity;sid:83930594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067472)"; flow:established,from_client; content:"GET"; http_method; content:"/soka/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"financetodayusa.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067472/; classtype:trojan-activity;sid:83930572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067473)"; flow:established,from_client; content:"GET"; http_method; content:"/stealc/random.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.globalbankpay.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067473/; classtype:trojan-activity;sid:83930573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067474)"; flow:established,from_client; content:"GET"; http_method; content:"/stealc/random.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.financetodayusa.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067474/; classtype:trojan-activity;sid:83930574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067475)"; flow:established,from_client; content:"GET"; http_method; content:"/well/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.financetodayusa.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067475/; classtype:trojan-activity;sid:83930575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067476)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/25072023.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"financetodayusa.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067476/; classtype:trojan-activity;sid:83930576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067477)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypteda.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.financetodayusa.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067477/; classtype:trojan-activity;sid:83930577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067478)"; flow:established,from_client; content:"GET"; http_method; content:"/well/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"globalbankpay.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067478/; classtype:trojan-activity;sid:83930578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067479)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5447jsx.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"financetodayusa.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067479/; classtype:trojan-activity;sid:83930579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067480)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svhosts.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.globalfinmasters.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067480/; classtype:trojan-activity;sid:83930580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067481)"; flow:established,from_client; content:"GET"; http_method; content:"/well/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"globalfinmasters.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067481/; classtype:trojan-activity;sid:83930581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067470)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gawdth.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"globalbankpay.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067470/; classtype:trojan-activity;sid:83930570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067471)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/25072023.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"globalfinmasters.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067471/; classtype:trojan-activity;sid:83930571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067468)"; flow:established,from_client; content:"GET"; http_method; content:"/cost/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"financetodayusa.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067468/; classtype:trojan-activity;sid:83930568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067469)"; flow:established,from_client; content:"GET"; http_method; content:"/cost/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.financetodayusa.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067469/; classtype:trojan-activity;sid:83930569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067467)"; flow:established,from_client; content:"GET"; http_method; content:"/stealc/random.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.globalfinmasters.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067467/; classtype:trojan-activity;sid:83930567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067466)"; flow:established,from_client; content:"GET"; http_method; content:"/stealc/random.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"globalfinmasters.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067466/; classtype:trojan-activity;sid:83930566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067463)"; flow:established,from_client; content:"GET"; http_method; content:"/cost/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.globalfinmasters.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067463/; classtype:trojan-activity;sid:83930563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067464)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/25072023.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.globalfinmasters.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067464/; classtype:trojan-activity;sid:83930564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067465)"; flow:established,from_client; content:"GET"; http_method; content:"/cost/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.globalbankpay.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067465/; classtype:trojan-activity;sid:83930565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.209.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067462/; classtype:trojan-activity;sid:83930562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.135.182.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067461/; classtype:trojan-activity;sid:83930561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.118.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067460/; classtype:trojan-activity;sid:83930560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.93.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067459/; classtype:trojan-activity;sid:83930559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.92.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067458/; classtype:trojan-activity;sid:83930558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.223.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067457/; classtype:trojan-activity;sid:83930557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067456)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.122.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067456/; classtype:trojan-activity;sid:83930556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067455)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.123.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067455/; classtype:trojan-activity;sid:83930555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067454)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.22.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067454/; classtype:trojan-activity;sid:83930554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.87.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067453/; classtype:trojan-activity;sid:83930553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.185.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067452/; classtype:trojan-activity;sid:83930552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.166.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067451/; classtype:trojan-activity;sid:83930551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.153.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067450/; classtype:trojan-activity;sid:83930550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.16.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067449/; classtype:trojan-activity;sid:83930549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.164.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067448/; classtype:trojan-activity;sid:83930548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.118.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067447/; classtype:trojan-activity;sid:83930547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.254.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067446/; classtype:trojan-activity;sid:83930546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067445)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2020.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067445/; classtype:trojan-activity;sid:83930545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067443)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067443/; classtype:trojan-activity;sid:83930543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067444)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pered.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067444/; classtype:trojan-activity;sid:83930544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067442)"; flow:established,from_client; content:"GET"; http_method; content:"/soka/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067442/; classtype:trojan-activity;sid:83930542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067433)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypted.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067433/; classtype:trojan-activity;sid:83930533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067434)"; flow:established,from_client; content:"GET"; http_method; content:"/well/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067434/; classtype:trojan-activity;sid:83930534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067435)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5447jsx.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067435/; classtype:trojan-activity;sid:83930535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067436)"; flow:established,from_client; content:"GET"; http_method; content:"/cost/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067436/; classtype:trojan-activity;sid:83930536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067437)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypteda.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067437/; classtype:trojan-activity;sid:83930537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067438)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svhosts.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067438/; classtype:trojan-activity;sid:83930538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067439)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gawdth.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067439/; classtype:trojan-activity;sid:83930539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067440)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/4ck3rr.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067440/; classtype:trojan-activity;sid:83930540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067441)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/25072023.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067441/; classtype:trojan-activity;sid:83930541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067432)"; flow:established,from_client; content:"GET"; http_method; content:"/stealc/random.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067432/; classtype:trojan-activity;sid:83930532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.110.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067431/; classtype:trojan-activity;sid:83930531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.6.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067430/; classtype:trojan-activity;sid:83930530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.162.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067428/; classtype:trojan-activity;sid:83930528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.5.162"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067429/; classtype:trojan-activity;sid:83930529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067426)"; flow:established,from_client; content:"GET"; http_method; content:"/well/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067426/; classtype:trojan-activity;sid:83930526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067427)"; flow:established,from_client; content:"GET"; http_method; content:"/soka/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067427/; classtype:trojan-activity;sid:83930527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.180.163.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067425/; classtype:trojan-activity;sid:83930525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.68.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067424/; classtype:trojan-activity;sid:83930524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.248.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067423/; classtype:trojan-activity;sid:83930523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.30.153"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067422/; classtype:trojan-activity;sid:83930522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.236.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067421/; classtype:trojan-activity;sid:83930521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.59.0.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067420/; classtype:trojan-activity;sid:83930520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067419)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.78.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067419/; classtype:trojan-activity;sid:83930519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067417)"; flow:established,from_client; content:"GET"; http_method; content:"/stealc/random.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067417/; classtype:trojan-activity;sid:83930517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067418)"; flow:established,from_client; content:"GET"; http_method; content:"/cost/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067418/; classtype:trojan-activity;sid:83930518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067416)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.166.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067416/; classtype:trojan-activity;sid:83930516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067415)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.140.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067415/; classtype:trojan-activity;sid:83930515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067414)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.228.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067414/; classtype:trojan-activity;sid:83930514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067413)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.83.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067413/; classtype:trojan-activity;sid:83930513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.119.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067412/; classtype:trojan-activity;sid:83930512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.40.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067411/; classtype:trojan-activity;sid:83930511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.223.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067410/; classtype:trojan-activity;sid:83930510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.86.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067409/; classtype:trojan-activity;sid:83930509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.209.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067408/; classtype:trojan-activity;sid:83930508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.59.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067407/; classtype:trojan-activity;sid:83930507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.168.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067406/; classtype:trojan-activity;sid:83930506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.60.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067405/; classtype:trojan-activity;sid:83930505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.141.114.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067404/; classtype:trojan-activity;sid:83930504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067403)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.134.242.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067403/; classtype:trojan-activity;sid:83930503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.117.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067402/; classtype:trojan-activity;sid:83930502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.242.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067400/; classtype:trojan-activity;sid:83930500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.16.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067401/; classtype:trojan-activity;sid:83930501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.35.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067399/; classtype:trojan-activity;sid:83930499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.30.153"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067397/; classtype:trojan-activity;sid:83930497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.44.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067398/; classtype:trojan-activity;sid:83930498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.44.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067396/; classtype:trojan-activity;sid:83930496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.174.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067395/; classtype:trojan-activity;sid:83930495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.59.107.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067394/; classtype:trojan-activity;sid:83930494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.42.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067393/; classtype:trojan-activity;sid:83930493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067392)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.19.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067392/; classtype:trojan-activity;sid:83930492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.244.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067391/; classtype:trojan-activity;sid:83930491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.14.57.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067390/; classtype:trojan-activity;sid:83930490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067389)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%af%ab%e7%9c%9f1.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"168.76.20.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067389/; classtype:trojan-activity;sid:83930489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067387)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%af%ab%e7%9c%9f1.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"168.76.20.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067387/; classtype:trojan-activity;sid:83930487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067388)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%af%ab%e7%9c%9f1.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"168.76.20.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067388/; classtype:trojan-activity;sid:83930488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067385)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%af%ab%e7%9c%9f1.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"168.76.20.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067385/; classtype:trojan-activity;sid:83930485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067386)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%af%ab%e7%9c%9f1.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"168.76.20.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067386/; classtype:trojan-activity;sid:83930486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067384)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%af%ab%e7%9c%9f1.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"168.76.20.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067384/; classtype:trojan-activity;sid:83930484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067383)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%af%ab%e7%9c%9f1.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"168.76.20.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067383/; classtype:trojan-activity;sid:83930483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067382)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%af%ab%e7%9c%9f1.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"168.76.20.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067382/; classtype:trojan-activity;sid:83930482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067381)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%af%ab%e7%9c%9f1.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"168.76.20.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067381/; classtype:trojan-activity;sid:83930481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067380)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%af%ab%e7%9c%9f1.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"168.76.20.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067380/; classtype:trojan-activity;sid:83930480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067379)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.102.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067379/; classtype:trojan-activity;sid:83930479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.9.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067378/; classtype:trojan-activity;sid:83930478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.44.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067377/; classtype:trojan-activity;sid:83930477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.59.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067376/; classtype:trojan-activity;sid:83930476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.41.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067374/; classtype:trojan-activity;sid:83930474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.43.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067375/; classtype:trojan-activity;sid:83930475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067373)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.145.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067373/; classtype:trojan-activity;sid:83930473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.40.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067372/; classtype:trojan-activity;sid:83930472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.117.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067371/; classtype:trojan-activity;sid:83930471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067370)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.126.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067370/; classtype:trojan-activity;sid:83930470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067368)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.26.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067368/; classtype:trojan-activity;sid:83930468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067369)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.221.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067369/; classtype:trojan-activity;sid:83930469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067367)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.183.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067367/; classtype:trojan-activity;sid:83930467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.168.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067366/; classtype:trojan-activity;sid:83930466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067365/; classtype:trojan-activity;sid:83930465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067364)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.137.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067364/; classtype:trojan-activity;sid:83930464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.150.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067363/; classtype:trojan-activity;sid:83930463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067362/; classtype:trojan-activity;sid:83930462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.123.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067361/; classtype:trojan-activity;sid:83930461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.244.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067360/; classtype:trojan-activity;sid:83930460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.35.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067359/; classtype:trojan-activity;sid:83930459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.247.69.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067358/; classtype:trojan-activity;sid:83930458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.240.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067357/; classtype:trojan-activity;sid:83930457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.10.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067356/; classtype:trojan-activity;sid:83930456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.9.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067355/; classtype:trojan-activity;sid:83930455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067354)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.143.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067354/; classtype:trojan-activity;sid:83930454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067353)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.186.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067353/; classtype:trojan-activity;sid:83930453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.100.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067352/; classtype:trojan-activity;sid:83930452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.152.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067351/; classtype:trojan-activity;sid:83930451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.62.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067350/; classtype:trojan-activity;sid:83930450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067349)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.41.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067349/; classtype:trojan-activity;sid:83930449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.57.215.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067348/; classtype:trojan-activity;sid:83930448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.226.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067347/; classtype:trojan-activity;sid:83930447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.154.92.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067345/; classtype:trojan-activity;sid:83930445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.48.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067346/; classtype:trojan-activity;sid:83930446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067343)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.198.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067343/; classtype:trojan-activity;sid:83930443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.220.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067344/; classtype:trojan-activity;sid:83930444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.37.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067342/; classtype:trojan-activity;sid:83930442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067339)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.73.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067339/; classtype:trojan-activity;sid:83930439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067340)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067340/; classtype:trojan-activity;sid:83930440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.245.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067341/; classtype:trojan-activity;sid:83930441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067338)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.10.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067338/; classtype:trojan-activity;sid:83930438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.22.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067337/; classtype:trojan-activity;sid:83930437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067336/; classtype:trojan-activity;sid:83930436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067335)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.4.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067335/; classtype:trojan-activity;sid:83930435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067334)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.132.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067334/; classtype:trojan-activity;sid:83930434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067333)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.113.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067333/; classtype:trojan-activity;sid:83930433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.173.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067332/; classtype:trojan-activity;sid:83930432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.240.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067331/; classtype:trojan-activity;sid:83930431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.56.68.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067330/; classtype:trojan-activity;sid:83930430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.161.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067329/; classtype:trojan-activity;sid:83930429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.20.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067328/; classtype:trojan-activity;sid:83930428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.227.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067325/; classtype:trojan-activity;sid:83930425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067326)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.88.224.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067326/; classtype:trojan-activity;sid:83930426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067327)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.156.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067327/; classtype:trojan-activity;sid:83930427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067324)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.56.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067324/; classtype:trojan-activity;sid:83930424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067323)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.10.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067323/; classtype:trojan-activity;sid:83930423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.59.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067322/; classtype:trojan-activity;sid:83930422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.22.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067321/; classtype:trojan-activity;sid:83930421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.62.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067320/; classtype:trojan-activity;sid:83930420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.25.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067319/; classtype:trojan-activity;sid:83930419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067318)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2020.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067318/; classtype:trojan-activity;sid:83930418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067317)"; flow:established,from_client; content:"GET"; http_method; content:"/ldx111.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mkstat595.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067317/; classtype:trojan-activity;sid:83930417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067316)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gawdth.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067316/; classtype:trojan-activity;sid:83930416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067315)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/4ck3rr.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067315/; classtype:trojan-activity;sid:83930415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067314)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pered.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067314/; classtype:trojan-activity;sid:83930414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067313)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/25072023.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067313/; classtype:trojan-activity;sid:83930413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.254.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067311/; classtype:trojan-activity;sid:83930411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067312)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svhosts.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067312/; classtype:trojan-activity;sid:83930412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067310)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5447jsx.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067310/; classtype:trojan-activity;sid:83930410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067309)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067309/; classtype:trojan-activity;sid:83930409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.10.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067306/; classtype:trojan-activity;sid:83930406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067307)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypteda.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067307/; classtype:trojan-activity;sid:83930407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067308)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypted.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067308/; classtype:trojan-activity;sid:83930408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.88.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067305/; classtype:trojan-activity;sid:83930405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.220.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067304/; classtype:trojan-activity;sid:83930404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.238.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067303/; classtype:trojan-activity;sid:83930403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.48.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067302/; classtype:trojan-activity;sid:83930402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.73.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067301/; classtype:trojan-activity;sid:83930401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.215.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067300/; classtype:trojan-activity;sid:83930400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.106.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067299/; classtype:trojan-activity;sid:83930399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.0.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067298/; classtype:trojan-activity;sid:83930398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.154.92.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067297/; classtype:trojan-activity;sid:83930397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067296)"; flow:established,from_client; content:"GET"; http_method; content:"/orderreview"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"qxup.loyalty.hienphucuanhanloai.org"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067296/; classtype:trojan-activity;sid:83930396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.57.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067295/; classtype:trojan-activity;sid:83930395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067294)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.123.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067294/; classtype:trojan-activity;sid:83930394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067293)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.17.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067293/; classtype:trojan-activity;sid:83930393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.52.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067292/; classtype:trojan-activity;sid:83930392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067291)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.125.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067291/; classtype:trojan-activity;sid:83930391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.56.68.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067290/; classtype:trojan-activity;sid:83930390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.161.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067289/; classtype:trojan-activity;sid:83930389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.174.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067288/; classtype:trojan-activity;sid:83930388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.20.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067287/; classtype:trojan-activity;sid:83930387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067286)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.198.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067286/; classtype:trojan-activity;sid:83930386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.113.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067285/; classtype:trojan-activity;sid:83930385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.106.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067284/; classtype:trojan-activity;sid:83930384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067283)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.42.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067283/; classtype:trojan-activity;sid:83930383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067281)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.194.75.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067281/; classtype:trojan-activity;sid:83930381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067282)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.115.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067282/; classtype:trojan-activity;sid:83930382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067280)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.172.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067280/; classtype:trojan-activity;sid:83930380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067278)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.40.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067278/; classtype:trojan-activity;sid:83930378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.52.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067279/; classtype:trojan-activity;sid:83930379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067277)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.210.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067277/; classtype:trojan-activity;sid:83930377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067275)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.118.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067275/; classtype:trojan-activity;sid:83930375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067276)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.200.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067276/; classtype:trojan-activity;sid:83930376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067274)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.14.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067274/; classtype:trojan-activity;sid:83930374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067270)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.113.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067270/; classtype:trojan-activity;sid:83930370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067271)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.45.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067271/; classtype:trojan-activity;sid:83930371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067272)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.191.82.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067272/; classtype:trojan-activity;sid:83930372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067273)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.169.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067273/; classtype:trojan-activity;sid:83930373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.161.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067268/; classtype:trojan-activity;sid:83930368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067269)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.251.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067269/; classtype:trojan-activity;sid:83930369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.227.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067267/; classtype:trojan-activity;sid:83930367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.25.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067265/; classtype:trojan-activity;sid:83930365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.186.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067266/; classtype:trojan-activity;sid:83930366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.95.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067264/; classtype:trojan-activity;sid:83930364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.236.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067263/; classtype:trojan-activity;sid:83930363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.97.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067262/; classtype:trojan-activity;sid:83930362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.254.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067261/; classtype:trojan-activity;sid:83930361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.41.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067260/; classtype:trojan-activity;sid:83930360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.238.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067259/; classtype:trojan-activity;sid:83930359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.59.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067258/; classtype:trojan-activity;sid:83930358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.9.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067257/; classtype:trojan-activity;sid:83930357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.29.119"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067256/; classtype:trojan-activity;sid:83930356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.170.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067255/; classtype:trojan-activity;sid:83930355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.14.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067254/; classtype:trojan-activity;sid:83930354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.71.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067253/; classtype:trojan-activity;sid:83930353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.160.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067252/; classtype:trojan-activity;sid:83930352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.30.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067251/; classtype:trojan-activity;sid:83930351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067249)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.238.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067249/; classtype:trojan-activity;sid:83930349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067250)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.61.153.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067250/; classtype:trojan-activity;sid:83930350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067247)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.236.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067247/; classtype:trojan-activity;sid:83930347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067248)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.40.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067248/; classtype:trojan-activity;sid:83930348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.174.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067246/; classtype:trojan-activity;sid:83930346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.52.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067245/; classtype:trojan-activity;sid:83930345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.10.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067244/; classtype:trojan-activity;sid:83930344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.147.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067243/; classtype:trojan-activity;sid:83930343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.223.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067242/; classtype:trojan-activity;sid:83930342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.171.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067241/; classtype:trojan-activity;sid:83930341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.8.41"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067240/; classtype:trojan-activity;sid:83930340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.69.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067239/; classtype:trojan-activity;sid:83930339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067238)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.154.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067238/; classtype:trojan-activity;sid:83930338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067237)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.105.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067237/; classtype:trojan-activity;sid:83930337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067236)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.171.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067236/; classtype:trojan-activity;sid:83930336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067234)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.167.60.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067234/; classtype:trojan-activity;sid:83930334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067235)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.175.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067235/; classtype:trojan-activity;sid:83930335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.95.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067233/; classtype:trojan-activity;sid:83930333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.109.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067232/; classtype:trojan-activity;sid:83930332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.236.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067230/; classtype:trojan-activity;sid:83930330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.104.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067231/; classtype:trojan-activity;sid:83930331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067229/; classtype:trojan-activity;sid:83930329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.39.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067228/; classtype:trojan-activity;sid:83930328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.11.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067225/; classtype:trojan-activity;sid:83930325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.123.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067226/; classtype:trojan-activity;sid:83930326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.14.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067227/; classtype:trojan-activity;sid:83930327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.71.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067224/; classtype:trojan-activity;sid:83930324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.170.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067223/; classtype:trojan-activity;sid:83930323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.11.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067222/; classtype:trojan-activity;sid:83930322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.188.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067221/; classtype:trojan-activity;sid:83930321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067220)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.61.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067220/; classtype:trojan-activity;sid:83930320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067219)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.255.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067219/; classtype:trojan-activity;sid:83930319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067218)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.186.200.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067218/; classtype:trojan-activity;sid:83930318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067217)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.25.237.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067217/; classtype:trojan-activity;sid:83930317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.200.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067216/; classtype:trojan-activity;sid:83930316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.249.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067215/; classtype:trojan-activity;sid:83930315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.127.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067214/; classtype:trojan-activity;sid:83930314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.123.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067213/; classtype:trojan-activity;sid:83930313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.8.41"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067212/; classtype:trojan-activity;sid:83930312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.10.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067211/; classtype:trojan-activity;sid:83930311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.171.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067210/; classtype:trojan-activity;sid:83930310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.151.157.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067209/; classtype:trojan-activity;sid:83930309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.69.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067208/; classtype:trojan-activity;sid:83930308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.16.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067207/; classtype:trojan-activity;sid:83930307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.169.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067206/; classtype:trojan-activity;sid:83930306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067205)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.130.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067205/; classtype:trojan-activity;sid:83930305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067204)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.23.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067204/; classtype:trojan-activity;sid:83930304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067203)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.38.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067203/; classtype:trojan-activity;sid:83930303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.118.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067202/; classtype:trojan-activity;sid:83930302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.123.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067201/; classtype:trojan-activity;sid:83930301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.123.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067200/; classtype:trojan-activity;sid:83930300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.103.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067199/; classtype:trojan-activity;sid:83930299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.246.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067198/; classtype:trojan-activity;sid:83930298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.118.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067197/; classtype:trojan-activity;sid:83930297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.44.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067196/; classtype:trojan-activity;sid:83930296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.229.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067195/; classtype:trojan-activity;sid:83930295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.209.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067194/; classtype:trojan-activity;sid:83930294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.234.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067193/; classtype:trojan-activity;sid:83930293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.199.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067192/; classtype:trojan-activity;sid:83930292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.57.222.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067190/; classtype:trojan-activity;sid:83930290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.119.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067191/; classtype:trojan-activity;sid:83930291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.44.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067189/; classtype:trojan-activity;sid:83930289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.188.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067188/; classtype:trojan-activity;sid:83930288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.163.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067187/; classtype:trojan-activity;sid:83930287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067186)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.229.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067186/; classtype:trojan-activity;sid:83930286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067185)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.249.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067185/; classtype:trojan-activity;sid:83930285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.82.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067184/; classtype:trojan-activity;sid:83930284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.197.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067183/; classtype:trojan-activity;sid:83930283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.249.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067182/; classtype:trojan-activity;sid:83930282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.81.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067180/; classtype:trojan-activity;sid:83930280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067181)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.82.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067181/; classtype:trojan-activity;sid:83930281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.243.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067179/; classtype:trojan-activity;sid:83930279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.103.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067178/; classtype:trojan-activity;sid:83930278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.236.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067177/; classtype:trojan-activity;sid:83930277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067176)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.141.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067176/; classtype:trojan-activity;sid:83930276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067175/; classtype:trojan-activity;sid:83930275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.67.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067174/; classtype:trojan-activity;sid:83930274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.151.157.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067173/; classtype:trojan-activity;sid:83930273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.248.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067171/; classtype:trojan-activity;sid:83930271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.133.221.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067172/; classtype:trojan-activity;sid:83930272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067170/; classtype:trojan-activity;sid:83930270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.135.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067169/; classtype:trojan-activity;sid:83930269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067168)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.11.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067168/; classtype:trojan-activity;sid:83930268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.48.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067167/; classtype:trojan-activity;sid:83930267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.214.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067164/; classtype:trojan-activity;sid:83930264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067165)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.246.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067165/; classtype:trojan-activity;sid:83930265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067166)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.173.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067166/; classtype:trojan-activity;sid:83930266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.197.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067163/; classtype:trojan-activity;sid:83930263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.69.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067162/; classtype:trojan-activity;sid:83930262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.238.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067161/; classtype:trojan-activity;sid:83930261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.234.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067160/; classtype:trojan-activity;sid:83930260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.16.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067159/; classtype:trojan-activity;sid:83930259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.209.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067158/; classtype:trojan-activity;sid:83930258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.233.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067157/; classtype:trojan-activity;sid:83930257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.222.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067156/; classtype:trojan-activity;sid:83930256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.163.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067155/; classtype:trojan-activity;sid:83930255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.246.98.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067154/; classtype:trojan-activity;sid:83930254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.16.85"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067153/; classtype:trojan-activity;sid:83930253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067152)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.2.45"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067152/; classtype:trojan-activity;sid:83930252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067151)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.215.249.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067151/; classtype:trojan-activity;sid:83930251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067150)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.7.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067150/; classtype:trojan-activity;sid:83930250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.82.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067149/; classtype:trojan-activity;sid:83930249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.16.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067148/; classtype:trojan-activity;sid:83930248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.90.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067147/; classtype:trojan-activity;sid:83930247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.214.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067146/; classtype:trojan-activity;sid:83930246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.151.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067145/; classtype:trojan-activity;sid:83930245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.220.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067143/; classtype:trojan-activity;sid:83930243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.101.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067144/; classtype:trojan-activity;sid:83930244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.214.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067142/; classtype:trojan-activity;sid:83930242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.133.221.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067141/; classtype:trojan-activity;sid:83930241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.248.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067140/; classtype:trojan-activity;sid:83930240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.97.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067139/; classtype:trojan-activity;sid:83930239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.184.16.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067138/; classtype:trojan-activity;sid:83930238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.177.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067137/; classtype:trojan-activity;sid:83930237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.22.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067136/; classtype:trojan-activity;sid:83930236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.26.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067135/; classtype:trojan-activity;sid:83930235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.169.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067134/; classtype:trojan-activity;sid:83930234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.69.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067132/; classtype:trojan-activity;sid:83930232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067133)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.209.178.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067133/; classtype:trojan-activity;sid:83930233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.166.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067131/; classtype:trojan-activity;sid:83930231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.205.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067130/; classtype:trojan-activity;sid:83930230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.192.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067128/; classtype:trojan-activity;sid:83930228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.189.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067129/; classtype:trojan-activity;sid:83930229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067127)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"subtitlez0.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067127/; classtype:trojan-activity;sid:83930227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067124)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.76.20.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067124/; classtype:trojan-activity;sid:83930224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067125)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.76.20.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067125/; classtype:trojan-activity;sid:83930225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067126)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"subtitlez0.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067126/; classtype:trojan-activity;sid:83930226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067122)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ec2-18-221-24-26.us-east-2.compute.amazonaws.com"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067122/; classtype:trojan-activity;sid:83930222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067123)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"18.221.24.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067123/; classtype:trojan-activity;sid:83930223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067121)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.76.20.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067121/; classtype:trojan-activity;sid:83930221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067120)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.76.20.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067120/; classtype:trojan-activity;sid:83930220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067118)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.76.20.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067118/; classtype:trojan-activity;sid:83930218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067119)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.76.20.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067119/; classtype:trojan-activity;sid:83930219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067117)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.76.20.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067117/; classtype:trojan-activity;sid:83930217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067115)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.76.20.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067115/; classtype:trojan-activity;sid:83930215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067116)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.76.20.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067116/; classtype:trojan-activity;sid:83930216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067114)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.76.20.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067114/; classtype:trojan-activity;sid:83930214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067113)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.76.20.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067113/; classtype:trojan-activity;sid:83930213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067112)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"18.221.24.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067112/; classtype:trojan-activity;sid:83930212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067111)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ec2-18-221-24-26.us-east-2.compute.amazonaws.com"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067111/; classtype:trojan-activity;sid:83930211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067109)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.76.20.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067109/; classtype:trojan-activity;sid:83930209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067110)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.76.20.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067110/; classtype:trojan-activity;sid:83930210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067108)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.76.20.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067108/; classtype:trojan-activity;sid:83930208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067107)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.76.20.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067107/; classtype:trojan-activity;sid:83930207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067106)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.76.20.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067106/; classtype:trojan-activity;sid:83930206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067105)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.76.20.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067105/; classtype:trojan-activity;sid:83930205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067103)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.76.20.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067103/; classtype:trojan-activity;sid:83930203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067104)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.76.20.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067104/; classtype:trojan-activity;sid:83930204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067102)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.76.20.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067102/; classtype:trojan-activity;sid:83930202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067101)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.248.77.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067101/; classtype:trojan-activity;sid:83930201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067100)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.248.77.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067100/; classtype:trojan-activity;sid:83930200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067099)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"158.69.110.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067099/; classtype:trojan-activity;sid:83930199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067098)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vps76729.cloudpublic.com.br"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067098/; classtype:trojan-activity;sid:83930198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067096)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"158.69.110.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067096/; classtype:trojan-activity;sid:83930196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067097)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vps76729.cloudpublic.com.br"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067097/; classtype:trojan-activity;sid:83930197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.100.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067095/; classtype:trojan-activity;sid:83930195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.63.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067094/; classtype:trojan-activity;sid:83930194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.152.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067093/; classtype:trojan-activity;sid:83930193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.246.98.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067092/; classtype:trojan-activity;sid:83930192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.192.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067091/; classtype:trojan-activity;sid:83930191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.44.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067090/; classtype:trojan-activity;sid:83930190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.180.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067089/; classtype:trojan-activity;sid:83930189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.236.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067088/; classtype:trojan-activity;sid:83930188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.101.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067087/; classtype:trojan-activity;sid:83930187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.167.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067086/; classtype:trojan-activity;sid:83930186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.40.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067085/; classtype:trojan-activity;sid:83930185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.49.194"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067084/; classtype:trojan-activity;sid:83930184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.80.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067083/; classtype:trojan-activity;sid:83930183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.220.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067082/; classtype:trojan-activity;sid:83930182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.66.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067081/; classtype:trojan-activity;sid:83930181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067080)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.141.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067080/; classtype:trojan-activity;sid:83930180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.151.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067079/; classtype:trojan-activity;sid:83930179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.98.242.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067078/; classtype:trojan-activity;sid:83930178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.146.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067077/; classtype:trojan-activity;sid:83930177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067076/; classtype:trojan-activity;sid:83930176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067075)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.47.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067075/; classtype:trojan-activity;sid:83930175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067074)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.79.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067074/; classtype:trojan-activity;sid:83930174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.26.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067073/; classtype:trojan-activity;sid:83930173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.205.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067072/; classtype:trojan-activity;sid:83930172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067071)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.241.48.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067071/; classtype:trojan-activity;sid:83930171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067070)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.248.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067070/; classtype:trojan-activity;sid:83930170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067069)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.10.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067069/; classtype:trojan-activity;sid:83930169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.63.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067068/; classtype:trojan-activity;sid:83930168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.189.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067067/; classtype:trojan-activity;sid:83930167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.89.96.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067066/; classtype:trojan-activity;sid:83930166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.177.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067065/; classtype:trojan-activity;sid:83930165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067064)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067064/; classtype:trojan-activity;sid:83930164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067063)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.180.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067063/; classtype:trojan-activity;sid:83930163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.95.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067062/; classtype:trojan-activity;sid:83930162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.200.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067061/; classtype:trojan-activity;sid:83930161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067060)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.236.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067060/; classtype:trojan-activity;sid:83930160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067059)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.139.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067059/; classtype:trojan-activity;sid:83930159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067058)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.233.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067058/; classtype:trojan-activity;sid:83930158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067057)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.159.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067057/; classtype:trojan-activity;sid:83930157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.195.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067056/; classtype:trojan-activity;sid:83930156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.162.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067055/; classtype:trojan-activity;sid:83930155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.92.240.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067054/; classtype:trojan-activity;sid:83930154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.24.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067053/; classtype:trojan-activity;sid:83930153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.146.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067050/; classtype:trojan-activity;sid:83930150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067051)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.89.96.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067051/; classtype:trojan-activity;sid:83930151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.8.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067052/; classtype:trojan-activity;sid:83930152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.9.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067049/; classtype:trojan-activity;sid:83930149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.98.242.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067048/; classtype:trojan-activity;sid:83930148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.113.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067047/; classtype:trojan-activity;sid:83930147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.200.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067046/; classtype:trojan-activity;sid:83930146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.85.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067045/; classtype:trojan-activity;sid:83930145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067044)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.45.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067044/; classtype:trojan-activity;sid:83930144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067043)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.244.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067043/; classtype:trojan-activity;sid:83930143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067042)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.110.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067042/; classtype:trojan-activity;sid:83930142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067038)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.169.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067038/; classtype:trojan-activity;sid:83930138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067039)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.203.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067039/; classtype:trojan-activity;sid:83930139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.160.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067040/; classtype:trojan-activity;sid:83930140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067041)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.13.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067041/; classtype:trojan-activity;sid:83930141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067034)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.255.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067034/; classtype:trojan-activity;sid:83930134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067035)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.99.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067035/; classtype:trojan-activity;sid:83930135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067036)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.149.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067036/; classtype:trojan-activity;sid:83930136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067037)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.74.234.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067037/; classtype:trojan-activity;sid:83930137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.150.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067032/; classtype:trojan-activity;sid:83930132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067033)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.98.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067033/; classtype:trojan-activity;sid:83930133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.3.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067031/; classtype:trojan-activity;sid:83930131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.135.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067030/; classtype:trojan-activity;sid:83930130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.188.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067029/; classtype:trojan-activity;sid:83930129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.141.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067027/; classtype:trojan-activity;sid:83930127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.64.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067028/; classtype:trojan-activity;sid:83930128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.95.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067026/; classtype:trojan-activity;sid:83930126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.177.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067025/; classtype:trojan-activity;sid:83930125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.159.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067023/; classtype:trojan-activity;sid:83930123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.235.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067024/; classtype:trojan-activity;sid:83930124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067022)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.132.221.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067022/; classtype:trojan-activity;sid:83930122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067019/; classtype:trojan-activity;sid:83930119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067020)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.35.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067020/; classtype:trojan-activity;sid:83930120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.138.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067021/; classtype:trojan-activity;sid:83930121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.147.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067018/; classtype:trojan-activity;sid:83930118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.13.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067016/; classtype:trojan-activity;sid:83930116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.199.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067017/; classtype:trojan-activity;sid:83930117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.195.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067015/; classtype:trojan-activity;sid:83930115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067013)"; flow:established,from_client; content:"GET"; http_method; content:"/admin/blink"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"203.23.159.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067013/; classtype:trojan-activity;sid:83930113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067014/; classtype:trojan-activity;sid:83930114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.210.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067012/; classtype:trojan-activity;sid:83930112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.8.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067011/; classtype:trojan-activity;sid:83930111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067010)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.129.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067010/; classtype:trojan-activity;sid:83930110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.169.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067009/; classtype:trojan-activity;sid:83930109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.83.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067008/; classtype:trojan-activity;sid:83930108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.141.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067007/; classtype:trojan-activity;sid:83930107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.177.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067006/; classtype:trojan-activity;sid:83930106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067005)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.183.239.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067005/; classtype:trojan-activity;sid:83930105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.235.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067004/; classtype:trojan-activity;sid:83930104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.235.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067003/; classtype:trojan-activity;sid:83930103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067002)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.7.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067002/; classtype:trojan-activity;sid:83930102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.173.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067001/; classtype:trojan-activity;sid:83930101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067000)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.166.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067000/; classtype:trojan-activity;sid:83930100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066998)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.77.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066998/; classtype:trojan-activity;sid:83930098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.13.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066999/; classtype:trojan-activity;sid:83930099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.187.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066997/; classtype:trojan-activity;sid:83930097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.214.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066996/; classtype:trojan-activity;sid:83930096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.234.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066995/; classtype:trojan-activity;sid:83930095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.72.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066994/; classtype:trojan-activity;sid:83930094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.221.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066993/; classtype:trojan-activity;sid:83930093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.199.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066991/; classtype:trojan-activity;sid:83930091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.208.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066992/; classtype:trojan-activity;sid:83930092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.190.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066990/; classtype:trojan-activity;sid:83930090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.25.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066989/; classtype:trojan-activity;sid:83930089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.85.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066988/; classtype:trojan-activity;sid:83930088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.165.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066987/; classtype:trojan-activity;sid:83930087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.237.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066986/; classtype:trojan-activity;sid:83930086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.68.142"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066985/; classtype:trojan-activity;sid:83930085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.17.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066984/; classtype:trojan-activity;sid:83930084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.81.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066982/; classtype:trojan-activity;sid:83930082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.81.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066983/; classtype:trojan-activity;sid:83930083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066981)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.245.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066981/; classtype:trojan-activity;sid:83930081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.24.55.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066980/; classtype:trojan-activity;sid:83930080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.160.104.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066979/; classtype:trojan-activity;sid:83930079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"38.137.248.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066978/; classtype:trojan-activity;sid:83930078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.234.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066977/; classtype:trojan-activity;sid:83930077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.182.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066976/; classtype:trojan-activity;sid:83930076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.43.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066975/; classtype:trojan-activity;sid:83930075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066970)"; flow:established,from_client; content:"GET"; http_method; content:"/xih9zado/raw"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"rentry.co"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066970/; classtype:trojan-activity;sid:83930070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.221.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066971/; classtype:trojan-activity;sid:83930071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066972)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.116.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066972/; classtype:trojan-activity;sid:83930072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066973)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.5.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066973/; classtype:trojan-activity;sid:83930073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.104.221.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066974/; classtype:trojan-activity;sid:83930074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066969)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.0.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066969/; classtype:trojan-activity;sid:83930069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066968)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.76.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066968/; classtype:trojan-activity;sid:83930068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066967/; classtype:trojan-activity;sid:83930067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.190.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066966/; classtype:trojan-activity;sid:83930066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066965)"; flow:established,from_client; content:"GET"; http_method; content:"/wpi-admin/alocation/download/cliente.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"mtmadvogados.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066965/; classtype:trojan-activity;sid:83930065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.139.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066964/; classtype:trojan-activity;sid:83930064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066963)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1wmgaxnwpvqnfdpprpe__0imvwnk8jssb|7c|26|7c|export=download|7c|26|7c|authuser=0"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066963/; classtype:trojan-activity;sid:83930063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.186.45.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066962/; classtype:trojan-activity;sid:83930062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066961)"; flow:established,from_client; content:"GET"; http_method; content:"/doc869877400_679040923|3f|hash=r3c6wofxf9ixf6cpcmnwrns72cz9niqfn2cwrmoqjvz|7c|26|7c|dl=bea7puaazgnhqz7v7lonxjk2zfr6a4jrmezumondfrg|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066961/; classtype:trojan-activity;sid:83930061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.237.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066960/; classtype:trojan-activity;sid:83930060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066959)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.81.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066959/; classtype:trojan-activity;sid:83930059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.127.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066958/; classtype:trojan-activity;sid:83930058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.81.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066957/; classtype:trojan-activity;sid:83930057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.238.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066956/; classtype:trojan-activity;sid:83930056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.212.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066955/; classtype:trojan-activity;sid:83930055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.252.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066954/; classtype:trojan-activity;sid:83930054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.191.82.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066952/; classtype:trojan-activity;sid:83930052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066953)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.86.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066953/; classtype:trojan-activity;sid:83930053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.81.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066951/; classtype:trojan-activity;sid:83930051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066950)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.9.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066950/; classtype:trojan-activity;sid:83930050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066949)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.75.255.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066949/; classtype:trojan-activity;sid:83930049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.137.248.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066948/; classtype:trojan-activity;sid:83930048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.163.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066947/; classtype:trojan-activity;sid:83930047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.43.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066946/; classtype:trojan-activity;sid:83930046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.78.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066944/; classtype:trojan-activity;sid:83930044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066945)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.127.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066945/; classtype:trojan-activity;sid:83930045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.237.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066943/; classtype:trojan-activity;sid:83930043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066942)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.221.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066942/; classtype:trojan-activity;sid:83930042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.182.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066941/; classtype:trojan-activity;sid:83930041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.123.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066940/; classtype:trojan-activity;sid:83930040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.168.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066939/; classtype:trojan-activity;sid:83930039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066938)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.81.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066938/; classtype:trojan-activity;sid:83930038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.97.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066937/; classtype:trojan-activity;sid:83930037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.25.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066936/; classtype:trojan-activity;sid:83930036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066935)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.173.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066935/; classtype:trojan-activity;sid:83930035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.160.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066934/; classtype:trojan-activity;sid:83930034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.251.213.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066933/; classtype:trojan-activity;sid:83930033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.11.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066932/; classtype:trojan-activity;sid:83930032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.52.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066931/; classtype:trojan-activity;sid:83930031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.191.82.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066930/; classtype:trojan-activity;sid:83930030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.252.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066929/; classtype:trojan-activity;sid:83930029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.155.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066927/; classtype:trojan-activity;sid:83930027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066928)"; flow:established,from_client; content:"GET"; http_method; content:"/c/s2.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.horus-protector.pro"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066928/; classtype:trojan-activity;sid:83930028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.163.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066925/; classtype:trojan-activity;sid:83930025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.123.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066926/; classtype:trojan-activity;sid:83930026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066922)"; flow:established,from_client; content:"GET"; http_method; content:"/c/s4.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.horus-protector.pro"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066922/; classtype:trojan-activity;sid:83930022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066923)"; flow:established,from_client; content:"GET"; http_method; content:"/c/s2.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.horus-protector.pro"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066923/; classtype:trojan-activity;sid:83930023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066924)"; flow:established,from_client; content:"GET"; http_method; content:"/c/s4.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.horus-protector.pro"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066924/; classtype:trojan-activity;sid:83930024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066921)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.248.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066921/; classtype:trojan-activity;sid:83930021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066920)"; flow:established,from_client; content:"GET"; http_method; content:"/c/r4.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.horus-protector.pro"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066920/; classtype:trojan-activity;sid:83930020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066919)"; flow:established,from_client; content:"GET"; http_method; content:"/c/r2.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.horus-protector.pro"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066919/; classtype:trojan-activity;sid:83930019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066917)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.206.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066917/; classtype:trojan-activity;sid:83930017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.197.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066918/; classtype:trojan-activity;sid:83930018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066915)"; flow:established,from_client; content:"GET"; http_method; content:"/c/r2.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.horus-protector.pro"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066915/; classtype:trojan-activity;sid:83930015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066916)"; flow:established,from_client; content:"GET"; http_method; content:"/c/r4.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.horus-protector.pro"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066916/; classtype:trojan-activity;sid:83930016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.78.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066914/; classtype:trojan-activity;sid:83930014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.131.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066912/; classtype:trojan-activity;sid:83930012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.65.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066913/; classtype:trojan-activity;sid:83930013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.75.208.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066911/; classtype:trojan-activity;sid:83930011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.57.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066910/; classtype:trojan-activity;sid:83930010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.142.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066909/; classtype:trojan-activity;sid:83930009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.187.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066908/; classtype:trojan-activity;sid:83930008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.137.248.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066907/; classtype:trojan-activity;sid:83930007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.97.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066906/; classtype:trojan-activity;sid:83930006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.223.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066905/; classtype:trojan-activity;sid:83930005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066904)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.143.138.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066904/; classtype:trojan-activity;sid:83930004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066903)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.36.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066903/; classtype:trojan-activity;sid:83930003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066902)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.168.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066902/; classtype:trojan-activity;sid:83930002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066900)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.164.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066900/; classtype:trojan-activity;sid:83930000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.24.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066901/; classtype:trojan-activity;sid:83930001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.45.240.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066899/; classtype:trojan-activity;sid:83929999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066894)"; flow:established,from_client; content:"GET"; http_method; content:"/c/s2.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066894/; classtype:trojan-activity;sid:83929994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066895)"; flow:established,from_client; content:"GET"; http_method; content:"/c/r2.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066895/; classtype:trojan-activity;sid:83929995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066896)"; flow:established,from_client; content:"GET"; http_method; content:"/c/r2.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066896/; classtype:trojan-activity;sid:83929996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066897)"; flow:established,from_client; content:"GET"; http_method; content:"/c/s2.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066897/; classtype:trojan-activity;sid:83929997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066898)"; flow:established,from_client; content:"GET"; http_method; content:"/c/r2.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066898/; classtype:trojan-activity;sid:83929998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066880)"; flow:established,from_client; content:"GET"; http_method; content:"/c/s2.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.fudi.ing"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066880/; classtype:trojan-activity;sid:83929980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066881)"; flow:established,from_client; content:"GET"; http_method; content:"/c/s2.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.fudi.ing"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066881/; classtype:trojan-activity;sid:83929981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066882)"; flow:established,from_client; content:"GET"; http_method; content:"/c/s4.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066882/; classtype:trojan-activity;sid:83929982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066883)"; flow:established,from_client; content:"GET"; http_method; content:"/c/s4.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066883/; classtype:trojan-activity;sid:83929983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066884)"; flow:established,from_client; content:"GET"; http_method; content:"/c/s2.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066884/; classtype:trojan-activity;sid:83929984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066885)"; flow:established,from_client; content:"GET"; http_method; content:"/c/r4.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"horus-protector.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066885/; classtype:trojan-activity;sid:83929985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066886)"; flow:established,from_client; content:"GET"; http_method; content:"/c/r4.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066886/; classtype:trojan-activity;sid:83929986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066887)"; flow:established,from_client; content:"GET"; http_method; content:"/c/s2.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fudi.ing"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066887/; classtype:trojan-activity;sid:83929987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066888)"; flow:established,from_client; content:"GET"; http_method; content:"/c/r4.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066888/; classtype:trojan-activity;sid:83929988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066889)"; flow:established,from_client; content:"GET"; http_method; content:"/c/r2.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fudi.ing"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066889/; classtype:trojan-activity;sid:83929989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066890)"; flow:established,from_client; content:"GET"; http_method; content:"/c/r2.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fudi.ing"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066890/; classtype:trojan-activity;sid:83929990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066891)"; flow:established,from_client; content:"GET"; http_method; content:"/c/r2.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.fudi.ing"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066891/; classtype:trojan-activity;sid:83929991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066892)"; flow:established,from_client; content:"GET"; http_method; content:"/c/r4.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066892/; classtype:trojan-activity;sid:83929992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066893)"; flow:established,from_client; content:"GET"; http_method; content:"/c/s4.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066893/; classtype:trojan-activity;sid:83929993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066869)"; flow:established,from_client; content:"GET"; http_method; content:"/c/s4.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fudi.ing"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066869/; classtype:trojan-activity;sid:83929969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066870)"; flow:established,from_client; content:"GET"; http_method; content:"/c/s4.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"horus-protector.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066870/; classtype:trojan-activity;sid:83929970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066871)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.109.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066871/; classtype:trojan-activity;sid:83929971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066872)"; flow:established,from_client; content:"GET"; http_method; content:"/c/s4.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066872/; classtype:trojan-activity;sid:83929972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066873)"; flow:established,from_client; content:"GET"; http_method; content:"/c/r4.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fudi.ing"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066873/; classtype:trojan-activity;sid:83929973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066874)"; flow:established,from_client; content:"GET"; http_method; content:"/c/s2.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fudi.ing"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066874/; classtype:trojan-activity;sid:83929974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066875)"; flow:established,from_client; content:"GET"; http_method; content:"/c/s2.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066875/; classtype:trojan-activity;sid:83929975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066876)"; flow:established,from_client; content:"GET"; http_method; content:"/c/r4.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066876/; classtype:trojan-activity;sid:83929976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066877)"; flow:established,from_client; content:"GET"; http_method; content:"/c/s2.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"horus-protector.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066877/; classtype:trojan-activity;sid:83929977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066878)"; flow:established,from_client; content:"GET"; http_method; content:"/c/r2.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066878/; classtype:trojan-activity;sid:83929978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066879)"; flow:established,from_client; content:"GET"; http_method; content:"/c/s4.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.fudi.ing"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066879/; classtype:trojan-activity;sid:83929979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066864)"; flow:established,from_client; content:"GET"; http_method; content:"/c/r4.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"horus-protector.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066864/; classtype:trojan-activity;sid:83929964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066865)"; flow:established,from_client; content:"GET"; http_method; content:"/c/s4.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fudi.ing"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066865/; classtype:trojan-activity;sid:83929965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066866)"; flow:established,from_client; content:"GET"; http_method; content:"/c/r4.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.fudi.ing"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066866/; classtype:trojan-activity;sid:83929966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066867)"; flow:established,from_client; content:"GET"; http_method; content:"/c/r4.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.fudi.ing"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066867/; classtype:trojan-activity;sid:83929967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066868)"; flow:established,from_client; content:"GET"; http_method; content:"/c/r4.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fudi.ing"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066868/; classtype:trojan-activity;sid:83929968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066861)"; flow:established,from_client; content:"GET"; http_method; content:"/c/r2.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.fudi.ing"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066861/; classtype:trojan-activity;sid:83929961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066862)"; flow:established,from_client; content:"GET"; http_method; content:"/c/s2.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"horus-protector.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066862/; classtype:trojan-activity;sid:83929962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066863)"; flow:established,from_client; content:"GET"; http_method; content:"/c/r2.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"horus-protector.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066863/; classtype:trojan-activity;sid:83929963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066858)"; flow:established,from_client; content:"GET"; http_method; content:"/c/s4.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.fudi.ing"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066858/; classtype:trojan-activity;sid:83929958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066859)"; flow:established,from_client; content:"GET"; http_method; content:"/c/s4.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"horus-protector.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066859/; classtype:trojan-activity;sid:83929959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066860)"; flow:established,from_client; content:"GET"; http_method; content:"/c/r2.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"horus-protector.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066860/; classtype:trojan-activity;sid:83929960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.174.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066857/; classtype:trojan-activity;sid:83929957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.155.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066856/; classtype:trojan-activity;sid:83929956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.162.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066854/; classtype:trojan-activity;sid:83929954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.228.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066855/; classtype:trojan-activity;sid:83929955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066853)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.65.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066853/; classtype:trojan-activity;sid:83929953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.209.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066852/; classtype:trojan-activity;sid:83929952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066850)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.156.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066850/; classtype:trojan-activity;sid:83929950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066851)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.255.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066851/; classtype:trojan-activity;sid:83929951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.131.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066849/; classtype:trojan-activity;sid:83929949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066848)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.235.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066848/; classtype:trojan-activity;sid:83929948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.142.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066847/; classtype:trojan-activity;sid:83929947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.40.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066846/; classtype:trojan-activity;sid:83929946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.219.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066845/; classtype:trojan-activity;sid:83929945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066843)"; flow:established,from_client; content:"GET"; http_method; content:"/60/simplekisstogetmebackwithme.gif"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"172.234.216.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066843/; classtype:trojan-activity;sid:83929943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066844)"; flow:established,from_client; content:"GET"; http_method; content:"/60/unn/simplesidethingshappeningeverythingtogetmebackwithentirethingshappeningtheprocesstogetmebackthingstobe___________greatthingshappeneding.doc"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"172.234.216.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066844/; classtype:trojan-activity;sid:83929944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.92.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066842/; classtype:trojan-activity;sid:83929942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.179.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066841/; classtype:trojan-activity;sid:83929941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.94.193.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066839/; classtype:trojan-activity;sid:83929939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066840)"; flow:established,from_client; content:"GET"; http_method; content:"/awoo.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.69.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066840/; classtype:trojan-activity;sid:83929940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066838)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.61.169.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066838/; classtype:trojan-activity;sid:83929938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.45.240.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066837/; classtype:trojan-activity;sid:83929937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066836)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.35.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066836/; classtype:trojan-activity;sid:83929936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066834)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.137.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066834/; classtype:trojan-activity;sid:83929934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066835)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.170.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066835/; classtype:trojan-activity;sid:83929935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066833)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.207.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066833/; classtype:trojan-activity;sid:83929933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066832)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.77.49.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066832/; classtype:trojan-activity;sid:83929932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066831)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.225.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066831/; classtype:trojan-activity;sid:83929931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.2.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066830/; classtype:trojan-activity;sid:83929930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066829)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.200.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066829/; classtype:trojan-activity;sid:83929929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.246.40.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066828/; classtype:trojan-activity;sid:83929928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066824)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.69.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066824/; classtype:trojan-activity;sid:83929924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066825)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.69.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066825/; classtype:trojan-activity;sid:83929925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066826)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.69.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066826/; classtype:trojan-activity;sid:83929926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.106.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066827/; classtype:trojan-activity;sid:83929927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066819)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.69.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066819/; classtype:trojan-activity;sid:83929919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066820)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.69.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066820/; classtype:trojan-activity;sid:83929920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066821)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.69.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066821/; classtype:trojan-activity;sid:83929921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066822)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.69.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066822/; classtype:trojan-activity;sid:83929922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066823)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.69.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066823/; classtype:trojan-activity;sid:83929923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066818/; classtype:trojan-activity;sid:83929918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.30.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066817/; classtype:trojan-activity;sid:83929917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.181.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066816/; classtype:trojan-activity;sid:83929916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"172.95.161.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066814/; classtype:trojan-activity;sid:83929914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.106.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066815/; classtype:trojan-activity;sid:83929915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.5.153"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066813/; classtype:trojan-activity;sid:83929913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.127.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066812/; classtype:trojan-activity;sid:83929912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066811)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.191.82.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066811/; classtype:trojan-activity;sid:83929911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066809)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.172.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066809/; classtype:trojan-activity;sid:83929909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.236.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066810/; classtype:trojan-activity;sid:83929910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.13.48.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066808/; classtype:trojan-activity;sid:83929908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.98.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066807/; classtype:trojan-activity;sid:83929907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.95.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066806/; classtype:trojan-activity;sid:83929906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.2.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066805/; classtype:trojan-activity;sid:83929905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.106.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066804/; classtype:trojan-activity;sid:83929904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066803)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.83.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066803/; classtype:trojan-activity;sid:83929903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066801)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.146.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066801/; classtype:trojan-activity;sid:83929901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066802)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.234.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066802/; classtype:trojan-activity;sid:83929902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.91.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066800/; classtype:trojan-activity;sid:83929900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066795)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.92.242.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066795/; classtype:trojan-activity;sid:83929895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066796)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"buyn.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066796/; classtype:trojan-activity;sid:83929896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066797)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"buyn.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066797/; classtype:trojan-activity;sid:83929897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066798)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.92.242.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066798/; classtype:trojan-activity;sid:83929898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066799)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.buyn.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066799/; classtype:trojan-activity;sid:83929899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066788)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"buyn.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066788/; classtype:trojan-activity;sid:83929888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066789)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.buyn.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066789/; classtype:trojan-activity;sid:83929889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066790)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.92.242.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066790/; classtype:trojan-activity;sid:83929890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066791)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.92.242.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066791/; classtype:trojan-activity;sid:83929891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066792)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"buyn.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066792/; classtype:trojan-activity;sid:83929892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066793)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.buyn.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066793/; classtype:trojan-activity;sid:83929893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066794)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.buyn.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066794/; classtype:trojan-activity;sid:83929894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.132.76.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066787/; classtype:trojan-activity;sid:83929887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066783)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"buyn.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066783/; classtype:trojan-activity;sid:83929883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066784)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.92.242.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066784/; classtype:trojan-activity;sid:83929884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066785)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.buyn.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066785/; classtype:trojan-activity;sid:83929885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066786)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.buyn.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066786/; classtype:trojan-activity;sid:83929886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066777)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"buyn.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066777/; classtype:trojan-activity;sid:83929877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066778)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.buyn.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066778/; classtype:trojan-activity;sid:83929878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066779)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"buyn.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066779/; classtype:trojan-activity;sid:83929879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066780)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.92.242.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066780/; classtype:trojan-activity;sid:83929880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066781)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.buyn.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066781/; classtype:trojan-activity;sid:83929881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066782)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.92.242.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066782/; classtype:trojan-activity;sid:83929882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066766)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.92.242.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066766/; classtype:trojan-activity;sid:83929866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066767)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.buyn.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066767/; classtype:trojan-activity;sid:83929867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066768)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"buyn.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066768/; classtype:trojan-activity;sid:83929868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066769)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"buyn.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066769/; classtype:trojan-activity;sid:83929869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066770)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.92.242.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066770/; classtype:trojan-activity;sid:83929870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066771)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.92.242.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066771/; classtype:trojan-activity;sid:83929871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066772)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"buyn.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066772/; classtype:trojan-activity;sid:83929872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066773)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"buyn.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066773/; classtype:trojan-activity;sid:83929873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066774)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.92.242.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066774/; classtype:trojan-activity;sid:83929874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066775)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.buyn.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066775/; classtype:trojan-activity;sid:83929875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066776)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.buyn.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066776/; classtype:trojan-activity;sid:83929876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.106.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066765/; classtype:trojan-activity;sid:83929865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.127.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066764/; classtype:trojan-activity;sid:83929864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.44.22.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066763/; classtype:trojan-activity;sid:83929863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.81.111.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066761/; classtype:trojan-activity;sid:83929861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066762)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.255.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066762/; classtype:trojan-activity;sid:83929862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.95.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066760/; classtype:trojan-activity;sid:83929860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066759)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.135.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066759/; classtype:trojan-activity;sid:83929859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066756)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.64.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066756/; classtype:trojan-activity;sid:83929856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066757)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.31.168.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066757/; classtype:trojan-activity;sid:83929857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066758)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.84.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066758/; classtype:trojan-activity;sid:83929858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.125.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066754/; classtype:trojan-activity;sid:83929854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.196.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066755/; classtype:trojan-activity;sid:83929855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.45.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066753/; classtype:trojan-activity;sid:83929853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.109.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066752/; classtype:trojan-activity;sid:83929852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.158.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066751/; classtype:trojan-activity;sid:83929851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.240.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066750/; classtype:trojan-activity;sid:83929850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.65.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066749/; classtype:trojan-activity;sid:83929849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.190.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066748/; classtype:trojan-activity;sid:83929848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.253.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066747/; classtype:trojan-activity;sid:83929847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.162.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066746/; classtype:trojan-activity;sid:83929846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.132.76.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066743/; classtype:trojan-activity;sid:83929843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066744)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.128.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066744/; classtype:trojan-activity;sid:83929844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.217.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066745/; classtype:trojan-activity;sid:83929845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.223.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066742/; classtype:trojan-activity;sid:83929842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.199.110.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066741/; classtype:trojan-activity;sid:83929841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.213.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066740/; classtype:trojan-activity;sid:83929840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.191.82.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066739/; classtype:trojan-activity;sid:83929839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.64.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066738/; classtype:trojan-activity;sid:83929838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.43.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066735/; classtype:trojan-activity;sid:83929835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.245.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066736/; classtype:trojan-activity;sid:83929836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.213.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066737/; classtype:trojan-activity;sid:83929837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.152.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066734/; classtype:trojan-activity;sid:83929834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.181.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066733/; classtype:trojan-activity;sid:83929833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.94.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066732/; classtype:trojan-activity;sid:83929832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.223.252.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066731/; classtype:trojan-activity;sid:83929831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.47.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066730/; classtype:trojan-activity;sid:83929830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.211.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066729/; classtype:trojan-activity;sid:83929829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.173.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066728/; classtype:trojan-activity;sid:83929828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066727)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.119.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066727/; classtype:trojan-activity;sid:83929827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.137.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066726/; classtype:trojan-activity;sid:83929826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066725)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.94.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066725/; classtype:trojan-activity;sid:83929825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.16.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066724/; classtype:trojan-activity;sid:83929824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.54.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066723/; classtype:trojan-activity;sid:83929823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.45.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066722/; classtype:trojan-activity;sid:83929822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.111.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066721/; classtype:trojan-activity;sid:83929821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.65.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066720/; classtype:trojan-activity;sid:83929820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.129.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066719/; classtype:trojan-activity;sid:83929819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.148.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066718/; classtype:trojan-activity;sid:83929818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.109.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066717/; classtype:trojan-activity;sid:83929817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.94.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066716/; classtype:trojan-activity;sid:83929816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.50.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066715/; classtype:trojan-activity;sid:83929815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.199.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066714/; classtype:trojan-activity;sid:83929814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066713)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.95.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066713/; classtype:trojan-activity;sid:83929813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.71.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066712/; classtype:trojan-activity;sid:83929812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066711)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.231.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066711/; classtype:trojan-activity;sid:83929811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.172.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066710/; classtype:trojan-activity;sid:83929810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066709)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.29.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066709/; classtype:trojan-activity;sid:83929809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.78.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066708/; classtype:trojan-activity;sid:83929808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.223.252.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066706/; classtype:trojan-activity;sid:83929806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.26.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066707/; classtype:trojan-activity;sid:83929807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.47.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066705/; classtype:trojan-activity;sid:83929805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066702)"; flow:established,from_client; content:"GET"; http_method; content:"/cdn-vs/22per.php"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"imc1.top"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066702/; classtype:trojan-activity;sid:83929802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066703)"; flow:established,from_client; content:"GET"; http_method; content:"/data.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hhic.top"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066703/; classtype:trojan-activity;sid:83929803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066704)"; flow:established,from_client; content:"GET"; http_method; content:"/cdn-vs/22per.php"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"imc1.top"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066704/; classtype:trojan-activity;sid:83929804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.119.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066701/; classtype:trojan-activity;sid:83929801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066700)"; flow:established,from_client; content:"GET"; http_method; content:"/data.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hhic.top"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066700/; classtype:trojan-activity;sid:83929800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066699)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.173.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066699/; classtype:trojan-activity;sid:83929799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.135.132.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066698/; classtype:trojan-activity;sid:83929798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.114.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066697/; classtype:trojan-activity;sid:83929797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.71.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066696/; classtype:trojan-activity;sid:83929796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.205.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066695/; classtype:trojan-activity;sid:83929795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066693)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.201.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066693/; classtype:trojan-activity;sid:83929793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.40.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066694/; classtype:trojan-activity;sid:83929794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066692)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.184.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066692/; classtype:trojan-activity;sid:83929792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.54.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066691/; classtype:trojan-activity;sid:83929791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.173.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066690/; classtype:trojan-activity;sid:83929790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.233.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066689/; classtype:trojan-activity;sid:83929789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.169.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066688/; classtype:trojan-activity;sid:83929788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.36.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066686/; classtype:trojan-activity;sid:83929786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.139.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066687/; classtype:trojan-activity;sid:83929787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.148.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066685/; classtype:trojan-activity;sid:83929785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.90.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066684/; classtype:trojan-activity;sid:83929784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.246.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066683/; classtype:trojan-activity;sid:83929783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.13.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066682/; classtype:trojan-activity;sid:83929782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.66.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066681/; classtype:trojan-activity;sid:83929781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066680)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.129.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066680/; classtype:trojan-activity;sid:83929780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066679)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.90.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066679/; classtype:trojan-activity;sid:83929779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066677)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.62.94.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066677/; classtype:trojan-activity;sid:83929777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066678)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.186.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066678/; classtype:trojan-activity;sid:83929778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.233.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066676/; classtype:trojan-activity;sid:83929776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.129.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066674/; classtype:trojan-activity;sid:83929774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.211.69.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066675/; classtype:trojan-activity;sid:83929775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066673)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.32.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066673/; classtype:trojan-activity;sid:83929773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.153.109.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066672/; classtype:trojan-activity;sid:83929772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.78.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066671/; classtype:trojan-activity;sid:83929771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.26.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066670/; classtype:trojan-activity;sid:83929770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.135.132.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066669/; classtype:trojan-activity;sid:83929769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.110.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066668/; classtype:trojan-activity;sid:83929768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.210.221.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066667/; classtype:trojan-activity;sid:83929767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.95.126.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066666/; classtype:trojan-activity;sid:83929766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.134.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066665/; classtype:trojan-activity;sid:83929765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066664)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.68.28.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066664/; classtype:trojan-activity;sid:83929764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066663)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066663/; classtype:trojan-activity;sid:83929763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.59.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066662/; classtype:trojan-activity;sid:83929762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.173.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066660/; classtype:trojan-activity;sid:83929760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.36.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066661/; classtype:trojan-activity;sid:83929761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.203.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066659/; classtype:trojan-activity;sid:83929759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.216.0.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066658/; classtype:trojan-activity;sid:83929758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.11.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066657/; classtype:trojan-activity;sid:83929757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.106.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066656/; classtype:trojan-activity;sid:83929756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.36.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066655/; classtype:trojan-activity;sid:83929755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.231.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066654/; classtype:trojan-activity;sid:83929754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.217.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066653/; classtype:trojan-activity;sid:83929753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.153.109.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066652/; classtype:trojan-activity;sid:83929752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.7.168.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066651/; classtype:trojan-activity;sid:83929751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.249.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066650/; classtype:trojan-activity;sid:83929750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066649)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.244.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066649/; classtype:trojan-activity;sid:83929749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066648)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.37.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066648/; classtype:trojan-activity;sid:83929748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066647)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.240.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066647/; classtype:trojan-activity;sid:83929747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.181.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066645/; classtype:trojan-activity;sid:83929745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.213.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066646/; classtype:trojan-activity;sid:83929746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.94.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066644/; classtype:trojan-activity;sid:83929744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.139.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066643/; classtype:trojan-activity;sid:83929743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.106.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066642/; classtype:trojan-activity;sid:83929742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.163.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066641/; classtype:trojan-activity;sid:83929741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.125.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066640/; classtype:trojan-activity;sid:83929740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.115.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066639/; classtype:trojan-activity;sid:83929739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.69.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066638/; classtype:trojan-activity;sid:83929738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.112.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066637/; classtype:trojan-activity;sid:83929737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.171.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066636/; classtype:trojan-activity;sid:83929736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.203.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066635/; classtype:trojan-activity;sid:83929735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.13.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066634/; classtype:trojan-activity;sid:83929734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.92.240.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066633/; classtype:trojan-activity;sid:83929733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066632)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.171.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066632/; classtype:trojan-activity;sid:83929732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.193.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066630/; classtype:trojan-activity;sid:83929730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066631)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.100.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066631/; classtype:trojan-activity;sid:83929731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066629)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.187.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066629/; classtype:trojan-activity;sid:83929729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.216.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066628/; classtype:trojan-activity;sid:83929728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.59.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066627/; classtype:trojan-activity;sid:83929727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.17.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066625/; classtype:trojan-activity;sid:83929725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.186.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066626/; classtype:trojan-activity;sid:83929726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.155.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066624/; classtype:trojan-activity;sid:83929724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.167.182.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066623/; classtype:trojan-activity;sid:83929723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066622)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.143.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066622/; classtype:trojan-activity;sid:83929722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.7.168.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066621/; classtype:trojan-activity;sid:83929721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.138.131.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066620/; classtype:trojan-activity;sid:83929720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.242.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066619/; classtype:trojan-activity;sid:83929719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"38.137.251.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066616/; classtype:trojan-activity;sid:83929716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.181.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066617/; classtype:trojan-activity;sid:83929717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.13.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066618/; classtype:trojan-activity;sid:83929718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.94.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066615/; classtype:trojan-activity;sid:83929715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.125.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066613/; classtype:trojan-activity;sid:83929713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.213.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066614/; classtype:trojan-activity;sid:83929714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066612)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.70.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066612/; classtype:trojan-activity;sid:83929712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.173.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066611/; classtype:trojan-activity;sid:83929711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.163.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066610/; classtype:trojan-activity;sid:83929710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.112.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066609/; classtype:trojan-activity;sid:83929709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.232.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066608/; classtype:trojan-activity;sid:83929708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.115.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066607/; classtype:trojan-activity;sid:83929707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.54.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066606/; classtype:trojan-activity;sid:83929706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.171.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066605/; classtype:trojan-activity;sid:83929705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.86.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066604/; classtype:trojan-activity;sid:83929704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066602)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.133.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066602/; classtype:trojan-activity;sid:83929702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.65.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066603/; classtype:trojan-activity;sid:83929703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.70.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066599/; classtype:trojan-activity;sid:83929699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.46.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066600/; classtype:trojan-activity;sid:83929700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.169.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066601/; classtype:trojan-activity;sid:83929701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.200.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066598/; classtype:trojan-activity;sid:83929698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066597)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.210.221.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066597/; classtype:trojan-activity;sid:83929697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.87.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066596/; classtype:trojan-activity;sid:83929696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.112.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066594/; classtype:trojan-activity;sid:83929694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.137.251.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066595/; classtype:trojan-activity;sid:83929695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.68.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066593/; classtype:trojan-activity;sid:83929693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.232.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066592/; classtype:trojan-activity;sid:83929692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.235.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066591/; classtype:trojan-activity;sid:83929691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066590)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.38.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066590/; classtype:trojan-activity;sid:83929690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.173.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066587/; classtype:trojan-activity;sid:83929687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066588)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.95.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066588/; classtype:trojan-activity;sid:83929688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066589)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.226.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066589/; classtype:trojan-activity;sid:83929689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.167.31.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066586/; classtype:trojan-activity;sid:83929686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.236.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066585/; classtype:trojan-activity;sid:83929685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066584/; classtype:trojan-activity;sid:83929684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.123.216.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066583/; classtype:trojan-activity;sid:83929683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.150.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066582/; classtype:trojan-activity;sid:83929682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.54.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066581/; classtype:trojan-activity;sid:83929681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.214.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066580/; classtype:trojan-activity;sid:83929680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.180.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066579/; classtype:trojan-activity;sid:83929679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.17.154.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066578/; classtype:trojan-activity;sid:83929678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.86.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066577/; classtype:trojan-activity;sid:83929677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.111.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066576/; classtype:trojan-activity;sid:83929676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.20.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066575/; classtype:trojan-activity;sid:83929675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.186.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066574/; classtype:trojan-activity;sid:83929674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066573)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.94.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066573/; classtype:trojan-activity;sid:83929673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066571)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066571/; classtype:trojan-activity;sid:83929671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.10.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066572/; classtype:trojan-activity;sid:83929672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.214.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066570/; classtype:trojan-activity;sid:83929670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.240.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066569/; classtype:trojan-activity;sid:83929669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.113.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066568/; classtype:trojan-activity;sid:83929668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.120.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066567/; classtype:trojan-activity;sid:83929667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.36.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066566/; classtype:trojan-activity;sid:83929666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.162.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066565/; classtype:trojan-activity;sid:83929665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066563/; classtype:trojan-activity;sid:83929663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.236.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066564/; classtype:trojan-activity;sid:83929664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.21.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066562/; classtype:trojan-activity;sid:83929662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.38.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066561/; classtype:trojan-activity;sid:83929661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.6.0"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066560/; classtype:trojan-activity;sid:83929660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.17.154.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066559/; classtype:trojan-activity;sid:83929659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.239.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066558/; classtype:trojan-activity;sid:83929658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.162.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066557/; classtype:trojan-activity;sid:83929657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.127.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066556/; classtype:trojan-activity;sid:83929656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066555)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.157.50.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066555/; classtype:trojan-activity;sid:83929655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066553)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.10.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066553/; classtype:trojan-activity;sid:83929653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.214.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066554/; classtype:trojan-activity;sid:83929654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.82.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066552/; classtype:trojan-activity;sid:83929652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.113.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066551/; classtype:trojan-activity;sid:83929651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.143.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066549/; classtype:trojan-activity;sid:83929649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.197.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066550/; classtype:trojan-activity;sid:83929650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.74.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066548/; classtype:trojan-activity;sid:83929648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.81.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066547/; classtype:trojan-activity;sid:83929647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.40.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066546/; classtype:trojan-activity;sid:83929646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.201.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066545/; classtype:trojan-activity;sid:83929645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.84.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066544/; classtype:trojan-activity;sid:83929644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.19.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066543/; classtype:trojan-activity;sid:83929643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066541)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.178.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066541/; classtype:trojan-activity;sid:83929641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066542)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.64.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066542/; classtype:trojan-activity;sid:83929642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066540)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.26.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066540/; classtype:trojan-activity;sid:83929640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066539)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.8.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066539/; classtype:trojan-activity;sid:83929639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.73.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066538/; classtype:trojan-activity;sid:83929638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.221.47.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066537/; classtype:trojan-activity;sid:83929637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066536)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.139.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066536/; classtype:trojan-activity;sid:83929636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.187.160.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066534/; classtype:trojan-activity;sid:83929634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.86.233.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066535/; classtype:trojan-activity;sid:83929635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.6.0"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066533/; classtype:trojan-activity;sid:83929633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.103.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066532/; classtype:trojan-activity;sid:83929632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.239.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066531/; classtype:trojan-activity;sid:83929631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.9.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066530/; classtype:trojan-activity;sid:83929630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.229.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066529/; classtype:trojan-activity;sid:83929629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.70.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066528/; classtype:trojan-activity;sid:83929628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.114.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066527/; classtype:trojan-activity;sid:83929627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.253.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066526/; classtype:trojan-activity;sid:83929626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066525)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.120.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066525/; classtype:trojan-activity;sid:83929625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.219.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066524/; classtype:trojan-activity;sid:83929624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.89.100"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066523/; classtype:trojan-activity;sid:83929623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"192.24.137.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066522/; classtype:trojan-activity;sid:83929622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.211.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066521/; classtype:trojan-activity;sid:83929621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.74.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066520/; classtype:trojan-activity;sid:83929620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.70.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066519/; classtype:trojan-activity;sid:83929619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.201.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066518/; classtype:trojan-activity;sid:83929618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.220.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066517/; classtype:trojan-activity;sid:83929617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.228.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066516/; classtype:trojan-activity;sid:83929616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.84.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066515/; classtype:trojan-activity;sid:83929615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.81.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066514/; classtype:trojan-activity;sid:83929614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.143.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066513/; classtype:trojan-activity;sid:83929613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066512)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.185.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066512/; classtype:trojan-activity;sid:83929612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066508)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.231.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066508/; classtype:trojan-activity;sid:83929608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.87.31.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066509/; classtype:trojan-activity;sid:83929609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.219.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066510/; classtype:trojan-activity;sid:83929610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.108.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066511/; classtype:trojan-activity;sid:83929611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066507)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.99.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066507/; classtype:trojan-activity;sid:83929607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.187.160.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066506/; classtype:trojan-activity;sid:83929606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.221.47.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066505/; classtype:trojan-activity;sid:83929605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.3.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066504/; classtype:trojan-activity;sid:83929604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.109.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066503/; classtype:trojan-activity;sid:83929603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.3.142"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066502/; classtype:trojan-activity;sid:83929602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.90.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066501/; classtype:trojan-activity;sid:83929601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.103.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066500/; classtype:trojan-activity;sid:83929600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.226.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066499/; classtype:trojan-activity;sid:83929599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.20.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066498/; classtype:trojan-activity;sid:83929598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.40.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066497/; classtype:trojan-activity;sid:83929597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.24.137.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066496/; classtype:trojan-activity;sid:83929596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.209.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066495/; classtype:trojan-activity;sid:83929595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066494)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.176.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066494/; classtype:trojan-activity;sid:83929594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066493)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.254.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066493/; classtype:trojan-activity;sid:83929593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.226.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066492/; classtype:trojan-activity;sid:83929592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.164.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066491/; classtype:trojan-activity;sid:83929591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.89.100"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066490/; classtype:trojan-activity;sid:83929590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.91.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066489/; classtype:trojan-activity;sid:83929589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.172.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066487/; classtype:trojan-activity;sid:83929587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066488)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.182.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066488/; classtype:trojan-activity;sid:83929588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.163.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066486/; classtype:trojan-activity;sid:83929586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.39.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066484/; classtype:trojan-activity;sid:83929584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.226.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066485/; classtype:trojan-activity;sid:83929585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066483)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.116.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066483/; classtype:trojan-activity;sid:83929583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.109.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066482/; classtype:trojan-activity;sid:83929582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.103.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066481/; classtype:trojan-activity;sid:83929581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.36.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066479/; classtype:trojan-activity;sid:83929579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066480)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.90.162.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066480/; classtype:trojan-activity;sid:83929580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.91.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066478/; classtype:trojan-activity;sid:83929578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.70.25.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066477/; classtype:trojan-activity;sid:83929577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066476)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.113.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066476/; classtype:trojan-activity;sid:83929576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066475)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.162.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066475/; classtype:trojan-activity;sid:83929575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066474)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.33.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066474/; classtype:trojan-activity;sid:83929574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.226.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066473/; classtype:trojan-activity;sid:83929573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.164.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066472/; classtype:trojan-activity;sid:83929572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.91.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066471/; classtype:trojan-activity;sid:83929571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.197.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066470/; classtype:trojan-activity;sid:83929570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.237.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066469/; classtype:trojan-activity;sid:83929569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.86.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066468/; classtype:trojan-activity;sid:83929568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.112.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066467/; classtype:trojan-activity;sid:83929567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.16.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066465/; classtype:trojan-activity;sid:83929565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.163.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066466/; classtype:trojan-activity;sid:83929566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.85.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066464/; classtype:trojan-activity;sid:83929564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.173.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066463/; classtype:trojan-activity;sid:83929563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.11.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066462/; classtype:trojan-activity;sid:83929562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066461)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.174.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066461/; classtype:trojan-activity;sid:83929561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066460)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.206.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066460/; classtype:trojan-activity;sid:83929560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066459)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.61.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066459/; classtype:trojan-activity;sid:83929559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066458)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.86.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066458/; classtype:trojan-activity;sid:83929558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066455)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.200.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066455/; classtype:trojan-activity;sid:83929555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066456)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066456/; classtype:trojan-activity;sid:83929556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066457)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066457/; classtype:trojan-activity;sid:83929557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066454)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.51.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066454/; classtype:trojan-activity;sid:83929554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066453)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.133.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066453/; classtype:trojan-activity;sid:83929553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066452)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.113.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066452/; classtype:trojan-activity;sid:83929552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066450)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.60.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066450/; classtype:trojan-activity;sid:83929550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066451)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.128.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066451/; classtype:trojan-activity;sid:83929551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066449)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.175.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066449/; classtype:trojan-activity;sid:83929549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066448)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.153.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066448/; classtype:trojan-activity;sid:83929548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066447)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.218.203.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066447/; classtype:trojan-activity;sid:83929547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066444)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.212.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066444/; classtype:trojan-activity;sid:83929544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066445)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.94.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066445/; classtype:trojan-activity;sid:83929545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066446)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.174.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066446/; classtype:trojan-activity;sid:83929546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.36.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066442/; classtype:trojan-activity;sid:83929542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066443)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.254.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066443/; classtype:trojan-activity;sid:83929543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066440)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066440/; classtype:trojan-activity;sid:83929540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066441)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.148.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066441/; classtype:trojan-activity;sid:83929541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.28.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066439/; classtype:trojan-activity;sid:83929539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.60.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066438/; classtype:trojan-activity;sid:83929538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.233.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066437/; classtype:trojan-activity;sid:83929537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.199.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066436/; classtype:trojan-activity;sid:83929536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.170.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066435/; classtype:trojan-activity;sid:83929535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.50.57.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066434/; classtype:trojan-activity;sid:83929534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.219.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066432/; classtype:trojan-activity;sid:83929532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.162.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066433/; classtype:trojan-activity;sid:83929533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.91.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066431/; classtype:trojan-activity;sid:83929531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.20.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066430/; classtype:trojan-activity;sid:83929530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.6.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066428/; classtype:trojan-activity;sid:83929528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.72.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066429/; classtype:trojan-activity;sid:83929529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.139.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066427/; classtype:trojan-activity;sid:83929527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.140.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066426/; classtype:trojan-activity;sid:83929526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"172.95.161.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066425/; classtype:trojan-activity;sid:83929525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066423)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.59.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066423/; classtype:trojan-activity;sid:83929523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066424)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.201.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066424/; classtype:trojan-activity;sid:83929524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.119.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066420/; classtype:trojan-activity;sid:83929520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.91.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066421/; classtype:trojan-activity;sid:83929521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066422)"; flow:established,from_client; content:"GET"; http_method; content:"/local/templates/main/js/jquery.maskedinput.js|3f|d=1243"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"omnicomm-ural.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066422/; classtype:trojan-activity;sid:83929522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.155.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066418/; classtype:trojan-activity;sid:83929518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.237.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066419/; classtype:trojan-activity;sid:83929519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.86.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066416/; classtype:trojan-activity;sid:83929516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.197.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066417/; classtype:trojan-activity;sid:83929517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.28.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066415/; classtype:trojan-activity;sid:83929515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.11.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066414/; classtype:trojan-activity;sid:83929514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.231.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066411/; classtype:trojan-activity;sid:83929511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.144.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066412/; classtype:trojan-activity;sid:83929512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.122.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066413/; classtype:trojan-activity;sid:83929513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.150.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066410/; classtype:trojan-activity;sid:83929510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066409)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.150.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066409/; classtype:trojan-activity;sid:83929509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066408)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.178.249.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066408/; classtype:trojan-activity;sid:83929508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.36.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066407/; classtype:trojan-activity;sid:83929507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.177.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066406/; classtype:trojan-activity;sid:83929506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.153.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066405/; classtype:trojan-activity;sid:83929505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.122.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066404/; classtype:trojan-activity;sid:83929504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.138.137.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066403/; classtype:trojan-activity;sid:83929503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.238.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066400/; classtype:trojan-activity;sid:83929500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.254.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066401/; classtype:trojan-activity;sid:83929501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.56.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066402/; classtype:trojan-activity;sid:83929502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.201.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066399/; classtype:trojan-activity;sid:83929499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.140.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066397/; classtype:trojan-activity;sid:83929497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066398)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaoxd/mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.156.248.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066398/; classtype:trojan-activity;sid:83929498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.6.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066396/; classtype:trojan-activity;sid:83929496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.113.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066395/; classtype:trojan-activity;sid:83929495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.155.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066394/; classtype:trojan-activity;sid:83929494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.91.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066393/; classtype:trojan-activity;sid:83929493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066392)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.176.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066392/; classtype:trojan-activity;sid:83929492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066391)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.63.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066391/; classtype:trojan-activity;sid:83929491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066390)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.176.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066390/; classtype:trojan-activity;sid:83929490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.188.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066389/; classtype:trojan-activity;sid:83929489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.146.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066388/; classtype:trojan-activity;sid:83929488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.119.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066387/; classtype:trojan-activity;sid:83929487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.242.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066386/; classtype:trojan-activity;sid:83929486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.83.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066385/; classtype:trojan-activity;sid:83929485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.167.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066384/; classtype:trojan-activity;sid:83929484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.215.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066383/; classtype:trojan-activity;sid:83929483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.197.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066382/; classtype:trojan-activity;sid:83929482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.144.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066381/; classtype:trojan-activity;sid:83929481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.86.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066380/; classtype:trojan-activity;sid:83929480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.87.126.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066379/; classtype:trojan-activity;sid:83929479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.148.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066378/; classtype:trojan-activity;sid:83929478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.150.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066376/; classtype:trojan-activity;sid:83929476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.118.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066377/; classtype:trojan-activity;sid:83929477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.196.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066375/; classtype:trojan-activity;sid:83929475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.122.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066374/; classtype:trojan-activity;sid:83929474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066373)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.99.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066373/; classtype:trojan-activity;sid:83929473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066372)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.188.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066372/; classtype:trojan-activity;sid:83929472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.68.130.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066371/; classtype:trojan-activity;sid:83929471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.162.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066370/; classtype:trojan-activity;sid:83929470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.102.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066369/; classtype:trojan-activity;sid:83929469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.2.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066368/; classtype:trojan-activity;sid:83929468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066367/; classtype:trojan-activity;sid:83929467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.100.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066366/; classtype:trojan-activity;sid:83929466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.199.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066365/; classtype:trojan-activity;sid:83929465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066364)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.56.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066364/; classtype:trojan-activity;sid:83929464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.70.25.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066363/; classtype:trojan-activity;sid:83929463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.113.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066362/; classtype:trojan-activity;sid:83929462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.231.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066361/; classtype:trojan-activity;sid:83929461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.27.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066359/; classtype:trojan-activity;sid:83929459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066360)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.210.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066360/; classtype:trojan-activity;sid:83929460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066358)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.232.132.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066358/; classtype:trojan-activity;sid:83929458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066354)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.245.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066354/; classtype:trojan-activity;sid:83929454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066355)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.37.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066355/; classtype:trojan-activity;sid:83929455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.242.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066356/; classtype:trojan-activity;sid:83929456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066357)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.65.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066357/; classtype:trojan-activity;sid:83929457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.86.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066352/; classtype:trojan-activity;sid:83929452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.83.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066353/; classtype:trojan-activity;sid:83929453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066349)"; flow:established,from_client; content:"GET"; http_method; content:"/55/greatbunfeelsoftandhoney.gif"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"172.234.216.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066349/; classtype:trojan-activity;sid:83929449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066350)"; flow:established,from_client; content:"GET"; http_method; content:"/55/kbm/plangetitsbacktounderstandhowmuchgreatethingsaregoingtobegetbacktothethingshappeninggetbackinterstedthings____________sheisbeatyofgirlthingstogetback.doc"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"172.234.216.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066350/; classtype:trojan-activity;sid:83929450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.125.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066351/; classtype:trojan-activity;sid:83929451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.188.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066348/; classtype:trojan-activity;sid:83929448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.172.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066347/; classtype:trojan-activity;sid:83929447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.197.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066346/; classtype:trojan-activity;sid:83929446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066345)"; flow:established,from_client; content:"GET"; http_method; content:"/55/kbm/plangetitsbacktounderstandhowmuchgreatethingsaregoingtobegetbacktothethingshappeninggetbackinterstedthings____________sheisbeatyofgirlthingstogetback.doc"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"172.234.216.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066345/; classtype:trojan-activity;sid:83929445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066344)"; flow:established,from_client; content:"GET"; http_method; content:"/55/greatbunfeelsoftandhoney.gif"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"172.234.216.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066344/; classtype:trojan-activity;sid:83929444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066340)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/bh/simplethingstobefranksheisverybeautifulgirlevenwhichicaansethegirltogetbacktohegreattingsforme__________sheisverybeautyhotgirlsever.doc"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"104.219.239.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066340/; classtype:trojan-activity;sid:83929440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.196.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066341/; classtype:trojan-activity;sid:83929441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066342)"; flow:established,from_client; content:"GET"; http_method; content:"/54/winiti.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"104.219.239.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066342/; classtype:trojan-activity;sid:83929442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.118.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066343/; classtype:trojan-activity;sid:83929443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.248.123.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066339/; classtype:trojan-activity;sid:83929439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.137.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066338/; classtype:trojan-activity;sid:83929438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.148.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066337/; classtype:trojan-activity;sid:83929437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066336)"; flow:established,from_client; content:"GET"; http_method; content:"/81/createdgoodthingswtihmewhilealot.gif"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"185.29.9.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066336/; classtype:trojan-activity;sid:83929436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.125.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066334/; classtype:trojan-activity;sid:83929434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066335)"; flow:established,from_client; content:"GET"; http_method; content:"/81/dg/simplethingsbutsuchagreatthingstobackwithinentirethingstohappenedwithentirethingsbackwith_________simplethingsbacktounderserthings.doc"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"185.29.9.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066335/; classtype:trojan-activity;sid:83929435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.87.126.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066333/; classtype:trojan-activity;sid:83929433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.34.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066332/; classtype:trojan-activity;sid:83929432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.174.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066331/; classtype:trojan-activity;sid:83929431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.206.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066330/; classtype:trojan-activity;sid:83929430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066329)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.15.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066329/; classtype:trojan-activity;sid:83929429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.102.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066327/; classtype:trojan-activity;sid:83929427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066328)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.79.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066328/; classtype:trojan-activity;sid:83929428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066326)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.172.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066326/; classtype:trojan-activity;sid:83929426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.189.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066325/; classtype:trojan-activity;sid:83929425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066324)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.10.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066324/; classtype:trojan-activity;sid:83929424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066323)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.217.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066323/; classtype:trojan-activity;sid:83929423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.196.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066322/; classtype:trojan-activity;sid:83929422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.237.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066321/; classtype:trojan-activity;sid:83929421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.83.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066320/; classtype:trojan-activity;sid:83929420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.106.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066319/; classtype:trojan-activity;sid:83929419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.118.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066318/; classtype:trojan-activity;sid:83929418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.87.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066317/; classtype:trojan-activity;sid:83929417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.156.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066316/; classtype:trojan-activity;sid:83929416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066314)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.126.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066314/; classtype:trojan-activity;sid:83929414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066315)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.88.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066315/; classtype:trojan-activity;sid:83929415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066313)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.126.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066313/; classtype:trojan-activity;sid:83929413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.34.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066312/; classtype:trojan-activity;sid:83929412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.8.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066310/; classtype:trojan-activity;sid:83929410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066311)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.229.207.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066311/; classtype:trojan-activity;sid:83929411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066309/; classtype:trojan-activity;sid:83929409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.211.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066308/; classtype:trojan-activity;sid:83929408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.248.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066307/; classtype:trojan-activity;sid:83929407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.246.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066306/; classtype:trojan-activity;sid:83929406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.88.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066305/; classtype:trojan-activity;sid:83929405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066304)"; flow:established,from_client; content:"GET"; http_method; content:"/arpzwwipdht225.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"91.92.246.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066304/; classtype:trojan-activity;sid:83929404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.184.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066303/; classtype:trojan-activity;sid:83929403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066302)"; flow:established,from_client; content:"GET"; http_method; content:"/vivgjsekctb249.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cpanel-adminhost.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066302/; classtype:trojan-activity;sid:83929402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066301)"; flow:established,from_client; content:"GET"; http_method; content:"/hairdressing.ocx"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"cpanel-adminhost.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066301/; classtype:trojan-activity;sid:83929401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066300)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.245.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066300/; classtype:trojan-activity;sid:83929400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.130.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066299/; classtype:trojan-activity;sid:83929399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.13.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066298/; classtype:trojan-activity;sid:83929398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.83.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066297/; classtype:trojan-activity;sid:83929397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.116.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066296/; classtype:trojan-activity;sid:83929396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066295)"; flow:established,from_client; content:"GET"; http_method; content:"/mkzzzstunslf176.bin"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"212.162.149.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066295/; classtype:trojan-activity;sid:83929395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.248.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066292/; classtype:trojan-activity;sid:83929392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066293)"; flow:established,from_client; content:"GET"; http_method; content:"/ppiyxog190.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"212.162.149.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066293/; classtype:trojan-activity;sid:83929393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066294)"; flow:established,from_client; content:"GET"; http_method; content:"/mmairdbrrlrsepv214.bin"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"212.162.149.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066294/; classtype:trojan-activity;sid:83929394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.220.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066291/; classtype:trojan-activity;sid:83929391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.139.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066290/; classtype:trojan-activity;sid:83929390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.37.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066289/; classtype:trojan-activity;sid:83929389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.87.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066287/; classtype:trojan-activity;sid:83929387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.4.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066288/; classtype:trojan-activity;sid:83929388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066286)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.247.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066286/; classtype:trojan-activity;sid:83929386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066285)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.164.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066285/; classtype:trojan-activity;sid:83929385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.101.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066284/; classtype:trojan-activity;sid:83929384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066283)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.128.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066283/; classtype:trojan-activity;sid:83929383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.8.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066282/; classtype:trojan-activity;sid:83929382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066281/; classtype:trojan-activity;sid:83929381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066278)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.109.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066278/; classtype:trojan-activity;sid:83929378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.124.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066279/; classtype:trojan-activity;sid:83929379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.45.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066280/; classtype:trojan-activity;sid:83929380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.191.66.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066274/; classtype:trojan-activity;sid:83929374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066275)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.7.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066275/; classtype:trojan-activity;sid:83929375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.234.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066276/; classtype:trojan-activity;sid:83929376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066277)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066277/; classtype:trojan-activity;sid:83929377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066273)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.138.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066273/; classtype:trojan-activity;sid:83929373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.211.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066272/; classtype:trojan-activity;sid:83929372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.220.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066271/; classtype:trojan-activity;sid:83929371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.213.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066270/; classtype:trojan-activity;sid:83929370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.240.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066269/; classtype:trojan-activity;sid:83929369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.104.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066268/; classtype:trojan-activity;sid:83929368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.184.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066267/; classtype:trojan-activity;sid:83929367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.224.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066265/; classtype:trojan-activity;sid:83929365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.13.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066266/; classtype:trojan-activity;sid:83929366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.106.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066264/; classtype:trojan-activity;sid:83929364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.112.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066263/; classtype:trojan-activity;sid:83929363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.176.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066262/; classtype:trojan-activity;sid:83929362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.66.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066261/; classtype:trojan-activity;sid:83929361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.37.40.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066260/; classtype:trojan-activity;sid:83929360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066259)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.62.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066259/; classtype:trojan-activity;sid:83929359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.90.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066258/; classtype:trojan-activity;sid:83929358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066257/; classtype:trojan-activity;sid:83929357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066256)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066256/; classtype:trojan-activity;sid:83929356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.116.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066255/; classtype:trojan-activity;sid:83929355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.30.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066253/; classtype:trojan-activity;sid:83929353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.28.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066254/; classtype:trojan-activity;sid:83929354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.54.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066252/; classtype:trojan-activity;sid:83929352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.227.58.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066251/; classtype:trojan-activity;sid:83929351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.237.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066250/; classtype:trojan-activity;sid:83929350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.58.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066249/; classtype:trojan-activity;sid:83929349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.60.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066248/; classtype:trojan-activity;sid:83929348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.91.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066247/; classtype:trojan-activity;sid:83929347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.12.13.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066246/; classtype:trojan-activity;sid:83929346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066243)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.x68"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.117.3.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066243/; classtype:trojan-activity;sid:83929343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066244)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.69.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066244/; classtype:trojan-activity;sid:83929344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066245)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.69.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066245/; classtype:trojan-activity;sid:83929345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066240)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.armv7l"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.117.3.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066240/; classtype:trojan-activity;sid:83929340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066241)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.69.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066241/; classtype:trojan-activity;sid:83929341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066242)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.117.3.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066242/; classtype:trojan-activity;sid:83929342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.121.3.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066233/; classtype:trojan-activity;sid:83929333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066234)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.mipsel"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.117.3.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066234/; classtype:trojan-activity;sid:83929334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066235)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.117.3.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066235/; classtype:trojan-activity;sid:83929335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066236)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.sparc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.117.3.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066236/; classtype:trojan-activity;sid:83929336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066237)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.armv4l"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.117.3.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066237/; classtype:trojan-activity;sid:83929337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066238)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.armv6l"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.117.3.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066238/; classtype:trojan-activity;sid:83929338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066239)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.armv5l"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.117.3.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066239/; classtype:trojan-activity;sid:83929339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066232)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/zbqs6n2km8t0rlotua5l6/cheatrun_u.zip|3f|rlkey=ha6cslkjll8ov6exhi5lw8sxb|7c|26|7c|st=5wmi12d1|7c|26|7c|dl=0"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"www.dl.dropboxusercontent.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066232/; classtype:trojan-activity;sid:83929332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066231)"; flow:established,from_client; content:"GET"; http_method; content:"/media/favicon/default/dr/sorrisadr.png"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"248.215.70.34.bc.googleusercontent.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066231/; classtype:trojan-activity;sid:83929331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066230)"; flow:established,from_client; content:"GET"; http_method; content:"/media/favicon/default/tj/01u8ccd.png"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"248.215.70.34.bc.googleusercontent.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066230/; classtype:trojan-activity;sid:83929330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066227)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.51.126.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066227/; classtype:trojan-activity;sid:83929327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.231.44.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066228/; classtype:trojan-activity;sid:83929328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066229)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.51.126.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066229/; classtype:trojan-activity;sid:83929329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066223)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/hz30cg0nd0am0km/dr_fone_setup_2024.rar/file"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066223/; classtype:trojan-activity;sid:83929323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066224)"; flow:established,from_client; content:"GET"; http_method; content:"/1/xmrig-6.20.0-linux-x64/xmrig-6.20.0/xmrig"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"162.248.247.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066224/; classtype:trojan-activity;sid:83929324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.231.44.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066225/; classtype:trojan-activity;sid:83929325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066226)"; flow:established,from_client; content:"GET"; http_method; content:"/2/lolminer_v1.76_lin64/1.76/lolminer"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"162.248.247.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066226/; classtype:trojan-activity;sid:83929326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.188.192.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066222/; classtype:trojan-activity;sid:83929322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066221)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/x0u5x5hh4t6zaq6/ccleaner_lates_uptated.rar/file"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066221/; classtype:trojan-activity;sid:83929321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.188.91.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066219/; classtype:trojan-activity;sid:83929319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.188.91.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066220/; classtype:trojan-activity;sid:83929320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.128.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066218/; classtype:trojan-activity;sid:83929318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.20.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066217/; classtype:trojan-activity;sid:83929317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.45.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066216/; classtype:trojan-activity;sid:83929316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.46.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066215/; classtype:trojan-activity;sid:83929315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066214)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.226.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066214/; classtype:trojan-activity;sid:83929314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.248.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066213/; classtype:trojan-activity;sid:83929313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066212)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.47.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066212/; classtype:trojan-activity;sid:83929312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066211)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.68.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066211/; classtype:trojan-activity;sid:83929311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.240.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066210/; classtype:trojan-activity;sid:83929310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.202.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066209/; classtype:trojan-activity;sid:83929309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066208)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.21.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066208/; classtype:trojan-activity;sid:83929308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.229.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066207/; classtype:trojan-activity;sid:83929307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.104.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066206/; classtype:trojan-activity;sid:83929306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.177.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066205/; classtype:trojan-activity;sid:83929305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.37.40.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066204/; classtype:trojan-activity;sid:83929304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.60.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066203/; classtype:trojan-activity;sid:83929303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.143.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066202/; classtype:trojan-activity;sid:83929302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066201)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.122.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066201/; classtype:trojan-activity;sid:83929301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.69.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066200/; classtype:trojan-activity;sid:83929300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066199)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.211.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066199/; classtype:trojan-activity;sid:83929299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.249.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066198/; classtype:trojan-activity;sid:83929298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.109.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066197/; classtype:trojan-activity;sid:83929297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.44.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066196/; classtype:trojan-activity;sid:83929296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.30.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066195/; classtype:trojan-activity;sid:83929295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.227.58.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066194/; classtype:trojan-activity;sid:83929294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.63.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066193/; classtype:trojan-activity;sid:83929293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.28.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066192/; classtype:trojan-activity;sid:83929292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.237.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066191/; classtype:trojan-activity;sid:83929291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.111.102.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066190/; classtype:trojan-activity;sid:83929290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.168.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066189/; classtype:trojan-activity;sid:83929289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.215.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066188/; classtype:trojan-activity;sid:83929288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.79.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066187/; classtype:trojan-activity;sid:83929287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.127.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066186/; classtype:trojan-activity;sid:83929286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.189.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066185/; classtype:trojan-activity;sid:83929285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.211.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066183/; classtype:trojan-activity;sid:83929283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.46.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066184/; classtype:trojan-activity;sid:83929284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.248.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066180/; classtype:trojan-activity;sid:83929280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066181)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.79.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066181/; classtype:trojan-activity;sid:83929281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066182)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.182.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066182/; classtype:trojan-activity;sid:83929282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066179)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.163.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066179/; classtype:trojan-activity;sid:83929279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.154.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066178/; classtype:trojan-activity;sid:83929278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066177)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.146.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066177/; classtype:trojan-activity;sid:83929277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066176/; classtype:trojan-activity;sid:83929276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066174)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.225.106.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066174/; classtype:trojan-activity;sid:83929274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066175)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.52.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066175/; classtype:trojan-activity;sid:83929275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.69.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066173/; classtype:trojan-activity;sid:83929273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.193.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066172/; classtype:trojan-activity;sid:83929272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.220.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066171/; classtype:trojan-activity;sid:83929271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.231.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066169/; classtype:trojan-activity;sid:83929269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.177.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066170/; classtype:trojan-activity;sid:83929270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.229.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066168/; classtype:trojan-activity;sid:83929268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.69.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066167/; classtype:trojan-activity;sid:83929267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.160.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066166/; classtype:trojan-activity;sid:83929266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.173.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066165/; classtype:trojan-activity;sid:83929265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.223.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066164/; classtype:trojan-activity;sid:83929264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.109.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066162/; classtype:trojan-activity;sid:83929262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.196.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066163/; classtype:trojan-activity;sid:83929263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.109.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066161/; classtype:trojan-activity;sid:83929261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066160)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.231.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066160/; classtype:trojan-activity;sid:83929260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.96.107"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066159/; classtype:trojan-activity;sid:83929259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066158)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.217.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066158/; classtype:trojan-activity;sid:83929258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066157)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.159.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066157/; classtype:trojan-activity;sid:83929257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066155)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.165.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066155/; classtype:trojan-activity;sid:83929255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.170.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066156/; classtype:trojan-activity;sid:83929256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.76.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066153/; classtype:trojan-activity;sid:83929253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066154)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.214.111.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066154/; classtype:trojan-activity;sid:83929254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.63.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066152/; classtype:trojan-activity;sid:83929252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.114.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066150/; classtype:trojan-activity;sid:83929250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.44.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066151/; classtype:trojan-activity;sid:83929251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.127.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066149/; classtype:trojan-activity;sid:83929249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.96.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066148/; classtype:trojan-activity;sid:83929248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.63.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066147/; classtype:trojan-activity;sid:83929247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.193.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066146/; classtype:trojan-activity;sid:83929246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.189.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066145/; classtype:trojan-activity;sid:83929245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.244.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066144/; classtype:trojan-activity;sid:83929244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.177.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066143/; classtype:trojan-activity;sid:83929243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.211.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066142/; classtype:trojan-activity;sid:83929242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.141.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066141/; classtype:trojan-activity;sid:83929241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.35.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066140/; classtype:trojan-activity;sid:83929240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.93.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066139/; classtype:trojan-activity;sid:83929239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066138)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.100.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066138/; classtype:trojan-activity;sid:83929238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.210.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066136/; classtype:trojan-activity;sid:83929236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.138.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066137/; classtype:trojan-activity;sid:83929237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.2.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066135/; classtype:trojan-activity;sid:83929235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.69.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066134/; classtype:trojan-activity;sid:83929234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.249.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066133/; classtype:trojan-activity;sid:83929233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.187.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066131/; classtype:trojan-activity;sid:83929231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.18.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066132/; classtype:trojan-activity;sid:83929232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.4.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066130/; classtype:trojan-activity;sid:83929230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.160.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066129/; classtype:trojan-activity;sid:83929229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.46.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066128/; classtype:trojan-activity;sid:83929228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.77.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066127/; classtype:trojan-activity;sid:83929227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.78.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066126/; classtype:trojan-activity;sid:83929226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066125)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.95.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066125/; classtype:trojan-activity;sid:83929225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.173.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066124/; classtype:trojan-activity;sid:83929224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.221.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066123/; classtype:trojan-activity;sid:83929223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.76.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066121/; classtype:trojan-activity;sid:83929221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.114.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066122/; classtype:trojan-activity;sid:83929222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.214.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066120/; classtype:trojan-activity;sid:83929220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066119)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.86.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066119/; classtype:trojan-activity;sid:83929219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066118)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.89.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066118/; classtype:trojan-activity;sid:83929218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.63.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066116/; classtype:trojan-activity;sid:83929216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.224.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066117/; classtype:trojan-activity;sid:83929217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.30.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066115/; classtype:trojan-activity;sid:83929215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066114)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.4.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066114/; classtype:trojan-activity;sid:83929214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066113)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.34.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066113/; classtype:trojan-activity;sid:83929213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066111)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.129.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066111/; classtype:trojan-activity;sid:83929211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066112)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.169.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066112/; classtype:trojan-activity;sid:83929212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.144.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066110/; classtype:trojan-activity;sid:83929210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.170.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066109/; classtype:trojan-activity;sid:83929209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.4.2.45"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066108/; classtype:trojan-activity;sid:83929208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.76.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066107/; classtype:trojan-activity;sid:83929207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.91.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066106/; classtype:trojan-activity;sid:83929206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.77.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066105/; classtype:trojan-activity;sid:83929205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.141.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066104/; classtype:trojan-activity;sid:83929204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.79.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066103/; classtype:trojan-activity;sid:83929203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.93.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066102/; classtype:trojan-activity;sid:83929202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.43.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066101/; classtype:trojan-activity;sid:83929201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.251.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066100/; classtype:trojan-activity;sid:83929200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.39.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066099/; classtype:trojan-activity;sid:83929199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.240.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066098/; classtype:trojan-activity;sid:83929198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066097)"; flow:established,from_client; content:"GET"; http_method; content:"/55/winiti.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"198.46.174.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066097/; classtype:trojan-activity;sid:83929197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066096)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.232.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066096/; classtype:trojan-activity;sid:83929196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066095)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.220.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066095/; classtype:trojan-activity;sid:83929195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066094)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.217.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066094/; classtype:trojan-activity;sid:83929194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.18.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066093/; classtype:trojan-activity;sid:83929193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.62.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066092/; classtype:trojan-activity;sid:83929192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.215.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066091/; classtype:trojan-activity;sid:83929191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.78.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066089/; classtype:trojan-activity;sid:83929189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.251.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066090/; classtype:trojan-activity;sid:83929190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.219.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066088/; classtype:trojan-activity;sid:83929188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.127.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066087/; classtype:trojan-activity;sid:83929187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.30.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066085/; classtype:trojan-activity;sid:83929185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.179.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066086/; classtype:trojan-activity;sid:83929186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.77.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066084/; classtype:trojan-activity;sid:83929184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.224.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066083/; classtype:trojan-activity;sid:83929183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.144.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066082/; classtype:trojan-activity;sid:83929182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.41.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066081/; classtype:trojan-activity;sid:83929181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066080)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.87.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066080/; classtype:trojan-activity;sid:83929180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066079)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.254.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066079/; classtype:trojan-activity;sid:83929179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066078)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066078/; classtype:trojan-activity;sid:83929178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.50.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066076/; classtype:trojan-activity;sid:83929176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.170.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066077/; classtype:trojan-activity;sid:83929177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.186.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066074/; classtype:trojan-activity;sid:83929174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.229.190.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066075/; classtype:trojan-activity;sid:83929175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.153.210.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066073/; classtype:trojan-activity;sid:83929173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.4.2.45"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066072/; classtype:trojan-activity;sid:83929172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.76.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066071/; classtype:trojan-activity;sid:83929171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.250.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066070/; classtype:trojan-activity;sid:83929170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.174.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066069/; classtype:trojan-activity;sid:83929169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.13.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066067/; classtype:trojan-activity;sid:83929167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.163.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066068/; classtype:trojan-activity;sid:83929168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066066)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.91.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066066/; classtype:trojan-activity;sid:83929166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.129.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066065/; classtype:trojan-activity;sid:83929165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.6.209"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066064/; classtype:trojan-activity;sid:83929164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.35.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066062/; classtype:trojan-activity;sid:83929162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.191.137.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066063/; classtype:trojan-activity;sid:83929163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.188.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066061/; classtype:trojan-activity;sid:83929161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066060)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.208.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066060/; classtype:trojan-activity;sid:83929160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.71.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066059/; classtype:trojan-activity;sid:83929159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.79.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066058/; classtype:trojan-activity;sid:83929158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.248.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066057/; classtype:trojan-activity;sid:83929157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066056)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.91.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066056/; classtype:trojan-activity;sid:83929156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066055)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.132.36.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066055/; classtype:trojan-activity;sid:83929155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.211.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066054/; classtype:trojan-activity;sid:83929154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.251.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066053/; classtype:trojan-activity;sid:83929153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066052)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.136.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066052/; classtype:trojan-activity;sid:83929152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066051)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.228.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066051/; classtype:trojan-activity;sid:83929151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.219.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066050/; classtype:trojan-activity;sid:83929150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.41.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066049/; classtype:trojan-activity;sid:83929149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.186.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066048/; classtype:trojan-activity;sid:83929148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.244.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066047/; classtype:trojan-activity;sid:83929147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.127.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066046/; classtype:trojan-activity;sid:83929146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.53.154.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066045/; classtype:trojan-activity;sid:83929145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.41.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066044/; classtype:trojan-activity;sid:83929144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.120.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066043/; classtype:trojan-activity;sid:83929143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.229.190.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066042/; classtype:trojan-activity;sid:83929142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.215.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066041/; classtype:trojan-activity;sid:83929141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.5.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066039/; classtype:trojan-activity;sid:83929139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.37.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066040/; classtype:trojan-activity;sid:83929140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.174.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066038/; classtype:trojan-activity;sid:83929138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.54.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066037/; classtype:trojan-activity;sid:83929137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066036)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.92.240.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066036/; classtype:trojan-activity;sid:83929136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.153.210.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066035/; classtype:trojan-activity;sid:83929135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.101.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066032/; classtype:trojan-activity;sid:83929132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066033)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.83.207.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066033/; classtype:trojan-activity;sid:83929133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.182.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066034/; classtype:trojan-activity;sid:83929134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.52.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066031/; classtype:trojan-activity;sid:83929131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.186.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066030/; classtype:trojan-activity;sid:83929130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.163.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066029/; classtype:trojan-activity;sid:83929129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.179.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066028/; classtype:trojan-activity;sid:83929128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.13.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066026/; classtype:trojan-activity;sid:83929126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.255.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066027/; classtype:trojan-activity;sid:83929127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.139.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066025/; classtype:trojan-activity;sid:83929125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.137.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066023/; classtype:trojan-activity;sid:83929123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.173.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066024/; classtype:trojan-activity;sid:83929124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.35.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066022/; classtype:trojan-activity;sid:83929122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.102.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066021/; classtype:trojan-activity;sid:83929121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.169.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066020/; classtype:trojan-activity;sid:83929120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.188.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066019/; classtype:trojan-activity;sid:83929119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.246.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066018/; classtype:trojan-activity;sid:83929118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.250.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066017/; classtype:trojan-activity;sid:83929117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.80.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066016/; classtype:trojan-activity;sid:83929116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.246.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066015/; classtype:trojan-activity;sid:83929115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.252.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066014/; classtype:trojan-activity;sid:83929114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066012)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.81.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066012/; classtype:trojan-activity;sid:83929112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066013)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.221.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066013/; classtype:trojan-activity;sid:83929113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.41.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066011/; classtype:trojan-activity;sid:83929111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.89.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066009/; classtype:trojan-activity;sid:83929109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.107.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066010/; classtype:trojan-activity;sid:83929110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.28.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066008/; classtype:trojan-activity;sid:83929108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.53.154.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066007/; classtype:trojan-activity;sid:83929107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.139.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066006/; classtype:trojan-activity;sid:83929106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.70.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066005/; classtype:trojan-activity;sid:83929105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.36.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066004/; classtype:trojan-activity;sid:83929104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.5.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066003/; classtype:trojan-activity;sid:83929103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.49.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066002/; classtype:trojan-activity;sid:83929102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.56.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066001/; classtype:trojan-activity;sid:83929101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3066000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.54.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3066000/; classtype:trojan-activity;sid:83929100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.68.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065999/; classtype:trojan-activity;sid:83929099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065998)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.244.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065998/; classtype:trojan-activity;sid:83929098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.40.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065996/; classtype:trojan-activity;sid:83929096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.182.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065997/; classtype:trojan-activity;sid:83929097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.159.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065993/; classtype:trojan-activity;sid:83929093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.248.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065994/; classtype:trojan-activity;sid:83929094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.52.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065995/; classtype:trojan-activity;sid:83929095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065992)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.141.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065992/; classtype:trojan-activity;sid:83929092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065991)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.77.69.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065991/; classtype:trojan-activity;sid:83929091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.190.136.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065990/; classtype:trojan-activity;sid:83929090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065989)"; flow:established,from_client; content:"GET"; http_method; content:"/blink"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"77.90.22.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065989/; classtype:trojan-activity;sid:83929089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.140.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065988/; classtype:trojan-activity;sid:83929088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.183.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065987/; classtype:trojan-activity;sid:83929087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.44.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065986/; classtype:trojan-activity;sid:83929086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.193.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065985/; classtype:trojan-activity;sid:83929085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.51.20.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065984/; classtype:trojan-activity;sid:83929084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.207.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065983/; classtype:trojan-activity;sid:83929083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.74.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065980/; classtype:trojan-activity;sid:83929080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.182.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065981/; classtype:trojan-activity;sid:83929081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.131.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065982/; classtype:trojan-activity;sid:83929082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.134.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065979/; classtype:trojan-activity;sid:83929079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.51.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065978/; classtype:trojan-activity;sid:83929078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.151.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065977/; classtype:trojan-activity;sid:83929077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065976)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.246.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065976/; classtype:trojan-activity;sid:83929076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.141.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065975/; classtype:trojan-activity;sid:83929075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.68.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065974/; classtype:trojan-activity;sid:83929074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065973)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.172.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065973/; classtype:trojan-activity;sid:83929073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.36.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065972/; classtype:trojan-activity;sid:83929072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.47.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065971/; classtype:trojan-activity;sid:83929071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.70.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065970/; classtype:trojan-activity;sid:83929070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.36.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065969/; classtype:trojan-activity;sid:83929069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.183.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065968/; classtype:trojan-activity;sid:83929068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.40.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065967/; classtype:trojan-activity;sid:83929067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.131.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065966/; classtype:trojan-activity;sid:83929066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.182.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065965/; classtype:trojan-activity;sid:83929065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.89.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065964/; classtype:trojan-activity;sid:83929064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.180.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065963/; classtype:trojan-activity;sid:83929063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.230.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065962/; classtype:trojan-activity;sid:83929062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.10.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065961/; classtype:trojan-activity;sid:83929061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.56.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065960/; classtype:trojan-activity;sid:83929060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.171.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065959/; classtype:trojan-activity;sid:83929059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.225.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065958/; classtype:trojan-activity;sid:83929058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065957/; classtype:trojan-activity;sid:83929057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065956)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.165.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065956/; classtype:trojan-activity;sid:83929056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.100.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065955/; classtype:trojan-activity;sid:83929055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.107.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065954/; classtype:trojan-activity;sid:83929054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.140.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065953/; classtype:trojan-activity;sid:83929053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065952)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.4.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065952/; classtype:trojan-activity;sid:83929052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065951)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.121.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065951/; classtype:trojan-activity;sid:83929051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.85.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065950/; classtype:trojan-activity;sid:83929050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.175.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065949/; classtype:trojan-activity;sid:83929049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065948)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065948/; classtype:trojan-activity;sid:83929048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065947)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.145.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065947/; classtype:trojan-activity;sid:83929047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.173.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065945/; classtype:trojan-activity;sid:83929045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065946)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.167.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065946/; classtype:trojan-activity;sid:83929046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.255.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065943/; classtype:trojan-activity;sid:83929043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065944)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.126.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065944/; classtype:trojan-activity;sid:83929044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065942)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.16.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065942/; classtype:trojan-activity;sid:83929042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.44.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065941/; classtype:trojan-activity;sid:83929041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065940)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.74.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065940/; classtype:trojan-activity;sid:83929040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.193.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065939/; classtype:trojan-activity;sid:83929039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.182.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065938/; classtype:trojan-activity;sid:83929038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.51.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065937/; classtype:trojan-activity;sid:83929037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.41.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065936/; classtype:trojan-activity;sid:83929036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.86.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065935/; classtype:trojan-activity;sid:83929035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.35.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065934/; classtype:trojan-activity;sid:83929034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065932)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.42.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065932/; classtype:trojan-activity;sid:83929032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.179.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065933/; classtype:trojan-activity;sid:83929033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.123.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065931/; classtype:trojan-activity;sid:83929031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065930)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065930/; classtype:trojan-activity;sid:83929030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065929)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.193.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065929/; classtype:trojan-activity;sid:83929029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065928)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.57.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065928/; classtype:trojan-activity;sid:83929028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.189.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065926/; classtype:trojan-activity;sid:83929026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.165.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065927/; classtype:trojan-activity;sid:83929027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.36.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065925/; classtype:trojan-activity;sid:83929025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.182.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065923/; classtype:trojan-activity;sid:83929023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.207.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065924/; classtype:trojan-activity;sid:83929024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.224.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065922/; classtype:trojan-activity;sid:83929022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.230.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065921/; classtype:trojan-activity;sid:83929021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.213.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065919/; classtype:trojan-activity;sid:83929019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.90.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065920/; classtype:trojan-activity;sid:83929020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.10.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065918/; classtype:trojan-activity;sid:83929018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.124.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065917/; classtype:trojan-activity;sid:83929017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065916/; classtype:trojan-activity;sid:83929016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.209.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065915/; classtype:trojan-activity;sid:83929015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.254.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065914/; classtype:trojan-activity;sid:83929014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.175.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065913/; classtype:trojan-activity;sid:83929013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065912)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.23.151.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065912/; classtype:trojan-activity;sid:83929012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065911)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.145.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065911/; classtype:trojan-activity;sid:83929011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065910)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.181.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065910/; classtype:trojan-activity;sid:83929010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.159.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065908/; classtype:trojan-activity;sid:83929008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065909)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.144.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065909/; classtype:trojan-activity;sid:83929009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.140.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065907/; classtype:trojan-activity;sid:83929007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.224.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065906/; classtype:trojan-activity;sid:83929006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.81.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065905/; classtype:trojan-activity;sid:83929005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.161.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065904/; classtype:trojan-activity;sid:83929004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.41.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065903/; classtype:trojan-activity;sid:83929003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.123.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065901/; classtype:trojan-activity;sid:83929001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.190.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065902/; classtype:trojan-activity;sid:83929002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.246.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065900/; classtype:trojan-activity;sid:83929000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.91.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065899/; classtype:trojan-activity;sid:83928999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.251.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065898/; classtype:trojan-activity;sid:83928998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065896)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.244.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065896/; classtype:trojan-activity;sid:83928996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065897)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.69.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065897/; classtype:trojan-activity;sid:83928997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.113.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065895/; classtype:trojan-activity;sid:83928995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.86.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065894/; classtype:trojan-activity;sid:83928994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.209.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065893/; classtype:trojan-activity;sid:83928993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.45.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065892/; classtype:trojan-activity;sid:83928992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.182.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065891/; classtype:trojan-activity;sid:83928991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.90.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065889/; classtype:trojan-activity;sid:83928989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.177.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065890/; classtype:trojan-activity;sid:83928990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.57.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065888/; classtype:trojan-activity;sid:83928988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.57.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065887/; classtype:trojan-activity;sid:83928987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.169.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065885/; classtype:trojan-activity;sid:83928985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.244.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065886/; classtype:trojan-activity;sid:83928986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.49.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065884/; classtype:trojan-activity;sid:83928984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.140.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065883/; classtype:trojan-activity;sid:83928983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.181.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065882/; classtype:trojan-activity;sid:83928982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.89.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065881/; classtype:trojan-activity;sid:83928981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.72.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065880/; classtype:trojan-activity;sid:83928980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.222.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065879/; classtype:trojan-activity;sid:83928979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.41.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065878/; classtype:trojan-activity;sid:83928978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.4.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065877/; classtype:trojan-activity;sid:83928977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065876)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.28.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065876/; classtype:trojan-activity;sid:83928976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.89.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065875/; classtype:trojan-activity;sid:83928975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.162.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065874/; classtype:trojan-activity;sid:83928974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065873)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.145.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065873/; classtype:trojan-activity;sid:83928973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.81.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065872/; classtype:trojan-activity;sid:83928972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.254.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065871/; classtype:trojan-activity;sid:83928971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.98.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065870/; classtype:trojan-activity;sid:83928970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.246.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065869/; classtype:trojan-activity;sid:83928969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.245.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065868/; classtype:trojan-activity;sid:83928968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.221.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065867/; classtype:trojan-activity;sid:83928967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.5.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065866/; classtype:trojan-activity;sid:83928966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.10.61"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065865/; classtype:trojan-activity;sid:83928965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.177.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065864/; classtype:trojan-activity;sid:83928964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.103.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065863/; classtype:trojan-activity;sid:83928963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.57.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065861/; classtype:trojan-activity;sid:83928961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065862)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065862/; classtype:trojan-activity;sid:83928962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.37.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065859/; classtype:trojan-activity;sid:83928959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.165.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065860/; classtype:trojan-activity;sid:83928960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.209.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065858/; classtype:trojan-activity;sid:83928958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.49.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065857/; classtype:trojan-activity;sid:83928957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.245.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065856/; classtype:trojan-activity;sid:83928956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.169.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065854/; classtype:trojan-activity;sid:83928954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.81.23"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065855/; classtype:trojan-activity;sid:83928955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.2.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065853/; classtype:trojan-activity;sid:83928953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.222.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065852/; classtype:trojan-activity;sid:83928952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.37.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065851/; classtype:trojan-activity;sid:83928951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.41.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065850/; classtype:trojan-activity;sid:83928950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.145.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065849/; classtype:trojan-activity;sid:83928949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065848)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.4.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065848/; classtype:trojan-activity;sid:83928948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065847)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.51.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065847/; classtype:trojan-activity;sid:83928947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.45.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065846/; classtype:trojan-activity;sid:83928946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.98.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065845/; classtype:trojan-activity;sid:83928945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.26.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065844/; classtype:trojan-activity;sid:83928944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.5.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065843/; classtype:trojan-activity;sid:83928943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.254.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065842/; classtype:trojan-activity;sid:83928942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.65.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065841/; classtype:trojan-activity;sid:83928941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.53.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065840/; classtype:trojan-activity;sid:83928940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.57.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065839/; classtype:trojan-activity;sid:83928939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.110.7.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065838/; classtype:trojan-activity;sid:83928938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.228.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065837/; classtype:trojan-activity;sid:83928937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.142.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065836/; classtype:trojan-activity;sid:83928936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065835)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.144.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065835/; classtype:trojan-activity;sid:83928935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.209.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065834/; classtype:trojan-activity;sid:83928934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065833)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.22.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065833/; classtype:trojan-activity;sid:83928933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065832)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.228.0.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065832/; classtype:trojan-activity;sid:83928932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065831)"; flow:established,from_client; content:"GET"; http_method; content:"/orderreview"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"xdfds.loyalty.hienphucuanhanloai.org"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065831/; classtype:trojan-activity;sid:83928931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.74.18.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065830/; classtype:trojan-activity;sid:83928930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.9.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065829/; classtype:trojan-activity;sid:83928929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.215.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065828/; classtype:trojan-activity;sid:83928928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.2.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065826/; classtype:trojan-activity;sid:83928926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.90.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065827/; classtype:trojan-activity;sid:83928927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065825/; classtype:trojan-activity;sid:83928925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065824)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.200.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065824/; classtype:trojan-activity;sid:83928924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065823)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.139.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065823/; classtype:trojan-activity;sid:83928923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065822)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.95.235"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065822/; classtype:trojan-activity;sid:83928922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.182.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065821/; classtype:trojan-activity;sid:83928921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.6.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065820/; classtype:trojan-activity;sid:83928920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.65.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065819/; classtype:trojan-activity;sid:83928919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.232.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065818/; classtype:trojan-activity;sid:83928918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.228.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065817/; classtype:trojan-activity;sid:83928917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.110.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065816/; classtype:trojan-activity;sid:83928916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065815)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.110.7.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065815/; classtype:trojan-activity;sid:83928915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.85.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065814/; classtype:trojan-activity;sid:83928914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.249.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065813/; classtype:trojan-activity;sid:83928913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065812/; classtype:trojan-activity;sid:83928912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065811)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.219.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065811/; classtype:trojan-activity;sid:83928911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.243.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065810/; classtype:trojan-activity;sid:83928910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.171.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065809/; classtype:trojan-activity;sid:83928909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065808)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.27.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065808/; classtype:trojan-activity;sid:83928908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.77.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065807/; classtype:trojan-activity;sid:83928907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.136.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065806/; classtype:trojan-activity;sid:83928906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.74.18.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065805/; classtype:trojan-activity;sid:83928905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.7.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065804/; classtype:trojan-activity;sid:83928904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.182.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065803/; classtype:trojan-activity;sid:83928903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.247.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065801/; classtype:trojan-activity;sid:83928901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.83.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065802/; classtype:trojan-activity;sid:83928902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065799)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.162.48.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065799/; classtype:trojan-activity;sid:83928899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065800)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.86.246.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065800/; classtype:trojan-activity;sid:83928900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065798)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.218.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065798/; classtype:trojan-activity;sid:83928898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.83.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065797/; classtype:trojan-activity;sid:83928897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.173.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065796/; classtype:trojan-activity;sid:83928896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.249.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065795/; classtype:trojan-activity;sid:83928895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.101.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065794/; classtype:trojan-activity;sid:83928894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.112.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065793/; classtype:trojan-activity;sid:83928893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065792)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.195.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065792/; classtype:trojan-activity;sid:83928892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.171.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065791/; classtype:trojan-activity;sid:83928891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065790)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.99.104.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065790/; classtype:trojan-activity;sid:83928890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065789)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.170.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065789/; classtype:trojan-activity;sid:83928889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.202.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065787/; classtype:trojan-activity;sid:83928887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.26.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065788/; classtype:trojan-activity;sid:83928888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065786)"; flow:established,from_client; content:"GET"; http_method; content:"/orderreview"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"poka.award.vuheritagefoundation.org"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065786/; classtype:trojan-activity;sid:83928886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.247.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065785/; classtype:trojan-activity;sid:83928885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.214.12.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065784/; classtype:trojan-activity;sid:83928884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.215.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065783/; classtype:trojan-activity;sid:83928883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.2.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065781/; classtype:trojan-activity;sid:83928881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.7.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065782/; classtype:trojan-activity;sid:83928882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.21.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065780/; classtype:trojan-activity;sid:83928880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065779)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.136.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065779/; classtype:trojan-activity;sid:83928879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065778)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065778/; classtype:trojan-activity;sid:83928878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065777)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.25.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065777/; classtype:trojan-activity;sid:83928877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065776)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.112.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065776/; classtype:trojan-activity;sid:83928876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065775)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.170.201.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065775/; classtype:trojan-activity;sid:83928875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065774)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.56.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065774/; classtype:trojan-activity;sid:83928874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.25.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065773/; classtype:trojan-activity;sid:83928873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.234.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065772/; classtype:trojan-activity;sid:83928872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065768)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.132.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065768/; classtype:trojan-activity;sid:83928868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065769)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.214.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065769/; classtype:trojan-activity;sid:83928869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065770)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.66.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065770/; classtype:trojan-activity;sid:83928870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065771)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.86.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065771/; classtype:trojan-activity;sid:83928871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065767)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.22.218"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065767/; classtype:trojan-activity;sid:83928867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.193.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065766/; classtype:trojan-activity;sid:83928866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.101.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065765/; classtype:trojan-activity;sid:83928865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.114.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3065764/; classtype:trojan-activity;sid:83928864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.53.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065763/; classtype:trojan-activity;sid:83928863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.180.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065762/; classtype:trojan-activity;sid:83928862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065760)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.206.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065760/; classtype:trojan-activity;sid:83928860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.171.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065761/; classtype:trojan-activity;sid:83928861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065759)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.113.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065759/; classtype:trojan-activity;sid:83928859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065758)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065758/; classtype:trojan-activity;sid:83928858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.22.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065757/; classtype:trojan-activity;sid:83928857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.125.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065756/; classtype:trojan-activity;sid:83928856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.215.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065755/; classtype:trojan-activity;sid:83928855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.153.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065754/; classtype:trojan-activity;sid:83928854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.15.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065753/; classtype:trojan-activity;sid:83928853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.186.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065752/; classtype:trojan-activity;sid:83928852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065751/; classtype:trojan-activity;sid:83928851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.139.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065749/; classtype:trojan-activity;sid:83928849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.193.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065750/; classtype:trojan-activity;sid:83928850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.90.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065748/; classtype:trojan-activity;sid:83928848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.189.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065747/; classtype:trojan-activity;sid:83928847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065743)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.165.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065743/; classtype:trojan-activity;sid:83928843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065744)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.151.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065744/; classtype:trojan-activity;sid:83928844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065745)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.171.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065745/; classtype:trojan-activity;sid:83928845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065746)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065746/; classtype:trojan-activity;sid:83928846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065742)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.19.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065742/; classtype:trojan-activity;sid:83928842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.158.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065741/; classtype:trojan-activity;sid:83928841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.231.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065740/; classtype:trojan-activity;sid:83928840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.12.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065739/; classtype:trojan-activity;sid:83928839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.118.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065738/; classtype:trojan-activity;sid:83928838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.5.33.126"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065737/; classtype:trojan-activity;sid:83928837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.112.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065736/; classtype:trojan-activity;sid:83928836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.59.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065735/; classtype:trojan-activity;sid:83928835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.66.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065734/; classtype:trojan-activity;sid:83928834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.233.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065733/; classtype:trojan-activity;sid:83928833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065732)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.34.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065732/; classtype:trojan-activity;sid:83928832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.22.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065731/; classtype:trojan-activity;sid:83928831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.90.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065730/; classtype:trojan-activity;sid:83928830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.66.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065729/; classtype:trojan-activity;sid:83928829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065728)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.36.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065728/; classtype:trojan-activity;sid:83928828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.11.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065727/; classtype:trojan-activity;sid:83928827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.196.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065726/; classtype:trojan-activity;sid:83928826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.115.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065725/; classtype:trojan-activity;sid:83928825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.62.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065722/; classtype:trojan-activity;sid:83928822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.125.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065723/; classtype:trojan-activity;sid:83928823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.230.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065724/; classtype:trojan-activity;sid:83928824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.43.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065721/; classtype:trojan-activity;sid:83928821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.158.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065720/; classtype:trojan-activity;sid:83928820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.65.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065719/; classtype:trojan-activity;sid:83928819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.106.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065718/; classtype:trojan-activity;sid:83928818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065717)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.180.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065717/; classtype:trojan-activity;sid:83928817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.95.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065716/; classtype:trojan-activity;sid:83928816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.93.109.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065715/; classtype:trojan-activity;sid:83928815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.231.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065714/; classtype:trojan-activity;sid:83928814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.150.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065713/; classtype:trojan-activity;sid:83928813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.172.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065712/; classtype:trojan-activity;sid:83928812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.194.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065711/; classtype:trojan-activity;sid:83928811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.185.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065710/; classtype:trojan-activity;sid:83928810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.233.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065709/; classtype:trojan-activity;sid:83928809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.91.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065708/; classtype:trojan-activity;sid:83928808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.80.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065707/; classtype:trojan-activity;sid:83928807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.59.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065706/; classtype:trojan-activity;sid:83928806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.73.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065705/; classtype:trojan-activity;sid:83928805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.74.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065704/; classtype:trojan-activity;sid:83928804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065703)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.131.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065703/; classtype:trojan-activity;sid:83928803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.65.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065702/; classtype:trojan-activity;sid:83928802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.139.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065701/; classtype:trojan-activity;sid:83928801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.196.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065700/; classtype:trojan-activity;sid:83928800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065699)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.43.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065699/; classtype:trojan-activity;sid:83928799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.62.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065698/; classtype:trojan-activity;sid:83928798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.230.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065697/; classtype:trojan-activity;sid:83928797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.121.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065696/; classtype:trojan-activity;sid:83928796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.115.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065695/; classtype:trojan-activity;sid:83928795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.65.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065694/; classtype:trojan-activity;sid:83928794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.106.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065692/; classtype:trojan-activity;sid:83928792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065693)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.167.129.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065693/; classtype:trojan-activity;sid:83928793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065691)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"63.227.145.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065691/; classtype:trojan-activity;sid:83928791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065690)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.160.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065690/; classtype:trojan-activity;sid:83928790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065687)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.226.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065687/; classtype:trojan-activity;sid:83928787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065688)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.180.110.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065688/; classtype:trojan-activity;sid:83928788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065689)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.244.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065689/; classtype:trojan-activity;sid:83928789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.115.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065685/; classtype:trojan-activity;sid:83928785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.66.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065686/; classtype:trojan-activity;sid:83928786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.185.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065684/; classtype:trojan-activity;sid:83928784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.222.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065683/; classtype:trojan-activity;sid:83928783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.211.41.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065682/; classtype:trojan-activity;sid:83928782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.172.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065681/; classtype:trojan-activity;sid:83928781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.238.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065680/; classtype:trojan-activity;sid:83928780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.183.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065679/; classtype:trojan-activity;sid:83928779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065678)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.153.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065678/; classtype:trojan-activity;sid:83928778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.131.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065677/; classtype:trojan-activity;sid:83928777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065676)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.129.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065676/; classtype:trojan-activity;sid:83928776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065675)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.194.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065675/; classtype:trojan-activity;sid:83928775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.157.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065674/; classtype:trojan-activity;sid:83928774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.79.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065673/; classtype:trojan-activity;sid:83928773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.100.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065672/; classtype:trojan-activity;sid:83928772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.65.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065671/; classtype:trojan-activity;sid:83928771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.121.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065670/; classtype:trojan-activity;sid:83928770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.117.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065669/; classtype:trojan-activity;sid:83928769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.2.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065668/; classtype:trojan-activity;sid:83928768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.3.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065667/; classtype:trojan-activity;sid:83928767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.98.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065666/; classtype:trojan-activity;sid:83928766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.31.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065665/; classtype:trojan-activity;sid:83928765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.66.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065664/; classtype:trojan-activity;sid:83928764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.31.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065662/; classtype:trojan-activity;sid:83928762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.121.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065663/; classtype:trojan-activity;sid:83928763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.44.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065661/; classtype:trojan-activity;sid:83928761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.150.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065660/; classtype:trojan-activity;sid:83928760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.40.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065659/; classtype:trojan-activity;sid:83928759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.198.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065658/; classtype:trojan-activity;sid:83928758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.2.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065656/; classtype:trojan-activity;sid:83928756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065657/; classtype:trojan-activity;sid:83928757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.179.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065655/; classtype:trojan-activity;sid:83928755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.96.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065654/; classtype:trojan-activity;sid:83928754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065652)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.228.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065652/; classtype:trojan-activity;sid:83928752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065653)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.134.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065653/; classtype:trojan-activity;sid:83928753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065651)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.11.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065651/; classtype:trojan-activity;sid:83928751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065649)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.126.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065649/; classtype:trojan-activity;sid:83928749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.224.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065650/; classtype:trojan-activity;sid:83928750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.148.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065647/; classtype:trojan-activity;sid:83928747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.165.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065648/; classtype:trojan-activity;sid:83928748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.171.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065646/; classtype:trojan-activity;sid:83928746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.249.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065645/; classtype:trojan-activity;sid:83928745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.176.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065644/; classtype:trojan-activity;sid:83928744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.79.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065642/; classtype:trojan-activity;sid:83928742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.200.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065643/; classtype:trojan-activity;sid:83928743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.117.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065641/; classtype:trojan-activity;sid:83928741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.112.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065640/; classtype:trojan-activity;sid:83928740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.100.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065639/; classtype:trojan-activity;sid:83928739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.176.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065638/; classtype:trojan-activity;sid:83928738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065637)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.109.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065637/; classtype:trojan-activity;sid:83928737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065636)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.21.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065636/; classtype:trojan-activity;sid:83928736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.105.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065635/; classtype:trojan-activity;sid:83928735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.198.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065634/; classtype:trojan-activity;sid:83928734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.121.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065633/; classtype:trojan-activity;sid:83928733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.203.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065632/; classtype:trojan-activity;sid:83928732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.40.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065631/; classtype:trojan-activity;sid:83928731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.249.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065630/; classtype:trojan-activity;sid:83928730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.220.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065629/; classtype:trojan-activity;sid:83928729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.249.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065628/; classtype:trojan-activity;sid:83928728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.96.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065627/; classtype:trojan-activity;sid:83928727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.148.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065626/; classtype:trojan-activity;sid:83928726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.176.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065625/; classtype:trojan-activity;sid:83928725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065624)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.106.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065624/; classtype:trojan-activity;sid:83928724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065620)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.238.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065620/; classtype:trojan-activity;sid:83928720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.109.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065621/; classtype:trojan-activity;sid:83928721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.55.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065622/; classtype:trojan-activity;sid:83928722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065623)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.38.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065623/; classtype:trojan-activity;sid:83928723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065619)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.32.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065619/; classtype:trojan-activity;sid:83928719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.174.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065618/; classtype:trojan-activity;sid:83928718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065617)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"aasse.members.openarmscv.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065617/; classtype:trojan-activity;sid:83928717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065616)"; flow:established,from_client; content:"GET"; http_method; content:"/orderreview"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"frtwv.loyalty.hienphucuanhanloai.org"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065616/; classtype:trojan-activity;sid:83928716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.105.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065615/; classtype:trojan-activity;sid:83928715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.213.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065614/; classtype:trojan-activity;sid:83928714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.243.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065613/; classtype:trojan-activity;sid:83928713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.40.240.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065612/; classtype:trojan-activity;sid:83928712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.236.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065611/; classtype:trojan-activity;sid:83928711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.37.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065610/; classtype:trojan-activity;sid:83928710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.105.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065609/; classtype:trojan-activity;sid:83928709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.51.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065608/; classtype:trojan-activity;sid:83928708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.45.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065607/; classtype:trojan-activity;sid:83928707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.218.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065606/; classtype:trojan-activity;sid:83928706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065605)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.34.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065605/; classtype:trojan-activity;sid:83928705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.167.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065604/; classtype:trojan-activity;sid:83928704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.113.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065603/; classtype:trojan-activity;sid:83928703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.154.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065602/; classtype:trojan-activity;sid:83928702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.5.39.25"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065601/; classtype:trojan-activity;sid:83928701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.55.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065600/; classtype:trojan-activity;sid:83928700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.74.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065599/; classtype:trojan-activity;sid:83928699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.174.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065598/; classtype:trojan-activity;sid:83928698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.43.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065597/; classtype:trojan-activity;sid:83928697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065595)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.171.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065595/; classtype:trojan-activity;sid:83928695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.220.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065596/; classtype:trojan-activity;sid:83928696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065593)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.77.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065593/; classtype:trojan-activity;sid:83928693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065594)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.34.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065594/; classtype:trojan-activity;sid:83928694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.245.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065592/; classtype:trojan-activity;sid:83928692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.243.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065591/; classtype:trojan-activity;sid:83928691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.37.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065589/; classtype:trojan-activity;sid:83928689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.61.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065590/; classtype:trojan-activity;sid:83928690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.45.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065588/; classtype:trojan-activity;sid:83928688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.254.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065587/; classtype:trojan-activity;sid:83928687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065586)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.120.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065586/; classtype:trojan-activity;sid:83928686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065585)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.43.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065585/; classtype:trojan-activity;sid:83928685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.150.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065584/; classtype:trojan-activity;sid:83928684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065581)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.32.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065581/; classtype:trojan-activity;sid:83928681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065582)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.34.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065582/; classtype:trojan-activity;sid:83928682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.164.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065583/; classtype:trojan-activity;sid:83928683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065580)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.169.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065580/; classtype:trojan-activity;sid:83928680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.167.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065579/; classtype:trojan-activity;sid:83928679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.125.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065578/; classtype:trojan-activity;sid:83928678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.102.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065577/; classtype:trojan-activity;sid:83928677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.25.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065576/; classtype:trojan-activity;sid:83928676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.43.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065575/; classtype:trojan-activity;sid:83928675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.67.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065574/; classtype:trojan-activity;sid:83928674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065573)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.13.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065573/; classtype:trojan-activity;sid:83928673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.25.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065572/; classtype:trojan-activity;sid:83928672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065571)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.9.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065571/; classtype:trojan-activity;sid:83928671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.167.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065569/; classtype:trojan-activity;sid:83928669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065570)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.180.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065570/; classtype:trojan-activity;sid:83928670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065567)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.245.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065567/; classtype:trojan-activity;sid:83928667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065568)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.8.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065568/; classtype:trojan-activity;sid:83928668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.215.248.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065566/; classtype:trojan-activity;sid:83928666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.161.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065565/; classtype:trojan-activity;sid:83928665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.214.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065564/; classtype:trojan-activity;sid:83928664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.231.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065563/; classtype:trojan-activity;sid:83928663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.45.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065562/; classtype:trojan-activity;sid:83928662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.181.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065561/; classtype:trojan-activity;sid:83928661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.105.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065560/; classtype:trojan-activity;sid:83928660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.40.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065559/; classtype:trojan-activity;sid:83928659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.211.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065558/; classtype:trojan-activity;sid:83928658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065557)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.118.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065557/; classtype:trojan-activity;sid:83928657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065556)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.90.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065556/; classtype:trojan-activity;sid:83928656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065555)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.92.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065555/; classtype:trojan-activity;sid:83928655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065554)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.145.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065554/; classtype:trojan-activity;sid:83928654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065553)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.155.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065553/; classtype:trojan-activity;sid:83928653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.44.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065552/; classtype:trojan-activity;sid:83928652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.180.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065551/; classtype:trojan-activity;sid:83928651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.125.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065550/; classtype:trojan-activity;sid:83928650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.150.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065549/; classtype:trojan-activity;sid:83928649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.86.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065548/; classtype:trojan-activity;sid:83928648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.197.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065547/; classtype:trojan-activity;sid:83928647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.25.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065546/; classtype:trojan-activity;sid:83928646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065545)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.149.245.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065545/; classtype:trojan-activity;sid:83928645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065544)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.121.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065544/; classtype:trojan-activity;sid:83928644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.161.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065543/; classtype:trojan-activity;sid:83928643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.231.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065542/; classtype:trojan-activity;sid:83928642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.105.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065541/; classtype:trojan-activity;sid:83928641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.214.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065540/; classtype:trojan-activity;sid:83928640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.2.111.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065539/; classtype:trojan-activity;sid:83928639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.44.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065538/; classtype:trojan-activity;sid:83928638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065537/; classtype:trojan-activity;sid:83928637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.114.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065536/; classtype:trojan-activity;sid:83928636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.180.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065535/; classtype:trojan-activity;sid:83928635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.163.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065534/; classtype:trojan-activity;sid:83928634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065532)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.71.41"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065532/; classtype:trojan-activity;sid:83928632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.223.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065533/; classtype:trojan-activity;sid:83928633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.31.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065529/; classtype:trojan-activity;sid:83928629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065530)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.61.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065530/; classtype:trojan-activity;sid:83928630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.44.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065531/; classtype:trojan-activity;sid:83928631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.127.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065526/; classtype:trojan-activity;sid:83928626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.124.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065527/; classtype:trojan-activity;sid:83928627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.78.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065524/; classtype:trojan-activity;sid:83928624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.86.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065523/; classtype:trojan-activity;sid:83928623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.160.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065522/; classtype:trojan-activity;sid:83928622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.169.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065521/; classtype:trojan-activity;sid:83928621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.83.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065520/; classtype:trojan-activity;sid:83928620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.214.8.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065519/; classtype:trojan-activity;sid:83928619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.249.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065518/; classtype:trojan-activity;sid:83928618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065516)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.49.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065516/; classtype:trojan-activity;sid:83928616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065517)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.50.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065517/; classtype:trojan-activity;sid:83928617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.43.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065515/; classtype:trojan-activity;sid:83928615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.69.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065514/; classtype:trojan-activity;sid:83928614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065513)"; flow:established,from_client; content:"GET"; http_method; content:"/orderreview"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"kuzo.loyalty.hienphucuanhanloai.org"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065513/; classtype:trojan-activity;sid:83928613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.213.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065512/; classtype:trojan-activity;sid:83928612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065511)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.83.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065511/; classtype:trojan-activity;sid:83928611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065510)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.107.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065510/; classtype:trojan-activity;sid:83928610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.8.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065509/; classtype:trojan-activity;sid:83928609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065508)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.223.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065508/; classtype:trojan-activity;sid:83928608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065507)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.193.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065507/; classtype:trojan-activity;sid:83928607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065505)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.248.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065505/; classtype:trojan-activity;sid:83928605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.88.156.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065506/; classtype:trojan-activity;sid:83928606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.72.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065504/; classtype:trojan-activity;sid:83928604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065503)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.127.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065503/; classtype:trojan-activity;sid:83928603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.209.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065502/; classtype:trojan-activity;sid:83928602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.60.237.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065501/; classtype:trojan-activity;sid:83928601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.90.162.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065500/; classtype:trojan-activity;sid:83928600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.177.28.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065499/; classtype:trojan-activity;sid:83928599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065498)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.56.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065498/; classtype:trojan-activity;sid:83928598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.43.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065497/; classtype:trojan-activity;sid:83928597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.69.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065496/; classtype:trojan-activity;sid:83928596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.191.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065495/; classtype:trojan-activity;sid:83928595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.44.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065494/; classtype:trojan-activity;sid:83928594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.2.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065493/; classtype:trojan-activity;sid:83928593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.204.196.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065492/; classtype:trojan-activity;sid:83928592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065491)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.139.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065491/; classtype:trojan-activity;sid:83928591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065490)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/mcd/ienetcache.hta"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"107.173.143.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065490/; classtype:trojan-activity;sid:83928590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.133.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065489/; classtype:trojan-activity;sid:83928589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065488)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.213.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065488/; classtype:trojan-activity;sid:83928588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.115.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065487/; classtype:trojan-activity;sid:83928587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.131.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065486/; classtype:trojan-activity;sid:83928586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.164.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065485/; classtype:trojan-activity;sid:83928585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.217.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065484/; classtype:trojan-activity;sid:83928584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.161.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065483/; classtype:trojan-activity;sid:83928583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.167.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065482/; classtype:trojan-activity;sid:83928582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065481)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.125.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065481/; classtype:trojan-activity;sid:83928581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065479)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.50.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065479/; classtype:trojan-activity;sid:83928579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.112.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065480/; classtype:trojan-activity;sid:83928580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.88.156.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065478/; classtype:trojan-activity;sid:83928578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065477)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.90.162.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065477/; classtype:trojan-activity;sid:83928577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.191.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065476/; classtype:trojan-activity;sid:83928576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065475)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.31.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065475/; classtype:trojan-activity;sid:83928575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.122.255.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065474/; classtype:trojan-activity;sid:83928574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.42.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065473/; classtype:trojan-activity;sid:83928573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.44.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065472/; classtype:trojan-activity;sid:83928572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.161.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065471/; classtype:trojan-activity;sid:83928571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.151.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065469/; classtype:trojan-activity;sid:83928569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.153.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065470/; classtype:trojan-activity;sid:83928570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065468)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.43.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065468/; classtype:trojan-activity;sid:83928568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.177.28.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065467/; classtype:trojan-activity;sid:83928567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.191.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065466/; classtype:trojan-activity;sid:83928566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.134.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065465/; classtype:trojan-activity;sid:83928565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065464)"; flow:established,from_client; content:"GET"; http_method; content:"/orderreview"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"fljnd.loyalty.hienphucuanhanloai.org"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065464/; classtype:trojan-activity;sid:83928564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.78.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065463/; classtype:trojan-activity;sid:83928563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.115.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065462/; classtype:trojan-activity;sid:83928562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.89.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065461/; classtype:trojan-activity;sid:83928561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.131.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065460/; classtype:trojan-activity;sid:83928560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.7.1"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065459/; classtype:trojan-activity;sid:83928559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.95.124.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065458/; classtype:trojan-activity;sid:83928558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.211.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065457/; classtype:trojan-activity;sid:83928557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.172.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065456/; classtype:trojan-activity;sid:83928556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.228.0.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065455/; classtype:trojan-activity;sid:83928555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065454)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.102.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065454/; classtype:trojan-activity;sid:83928554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065452)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.117.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065452/; classtype:trojan-activity;sid:83928552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.209.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065453/; classtype:trojan-activity;sid:83928553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065451)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.81.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065451/; classtype:trojan-activity;sid:83928551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065450)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.248.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065450/; classtype:trojan-activity;sid:83928550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065449)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.209.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065449/; classtype:trojan-activity;sid:83928549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065447)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.69.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065447/; classtype:trojan-activity;sid:83928547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065448)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.143.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065448/; classtype:trojan-activity;sid:83928548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065446)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.224.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065446/; classtype:trojan-activity;sid:83928546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065445)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.171.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065445/; classtype:trojan-activity;sid:83928545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.14.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065444/; classtype:trojan-activity;sid:83928544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.45.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065443/; classtype:trojan-activity;sid:83928543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.89.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065442/; classtype:trojan-activity;sid:83928542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.153.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065441/; classtype:trojan-activity;sid:83928541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.59.186.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065440/; classtype:trojan-activity;sid:83928540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.211.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065439/; classtype:trojan-activity;sid:83928539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.134.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065438/; classtype:trojan-activity;sid:83928538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.197.218.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065437/; classtype:trojan-activity;sid:83928537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.7.1"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065436/; classtype:trojan-activity;sid:83928536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.150.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065434/; classtype:trojan-activity;sid:83928534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.89.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065435/; classtype:trojan-activity;sid:83928535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.33.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065433/; classtype:trojan-activity;sid:83928533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.173.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065432/; classtype:trojan-activity;sid:83928532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.226.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065431/; classtype:trojan-activity;sid:83928531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.133.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065430/; classtype:trojan-activity;sid:83928530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.47.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065429/; classtype:trojan-activity;sid:83928529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.186.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065428/; classtype:trojan-activity;sid:83928528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.209.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065427/; classtype:trojan-activity;sid:83928527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.102.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065426/; classtype:trojan-activity;sid:83928526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.68.72.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065425/; classtype:trojan-activity;sid:83928525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065424)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.104.221.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065424/; classtype:trojan-activity;sid:83928524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065423)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.22.235"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065423/; classtype:trojan-activity;sid:83928523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065422)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.67.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065422/; classtype:trojan-activity;sid:83928522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065421)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.151.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065421/; classtype:trojan-activity;sid:83928521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065420)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.88.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065420/; classtype:trojan-activity;sid:83928520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065419)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.188.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065419/; classtype:trojan-activity;sid:83928519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065418)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.207.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065418/; classtype:trojan-activity;sid:83928518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065416)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.243.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065416/; classtype:trojan-activity;sid:83928516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065417)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.161.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065417/; classtype:trojan-activity;sid:83928517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.99.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065415/; classtype:trojan-activity;sid:83928515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.23.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065414/; classtype:trojan-activity;sid:83928514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.159.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065413/; classtype:trojan-activity;sid:83928513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.103.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065412/; classtype:trojan-activity;sid:83928512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065411)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.228.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065411/; classtype:trojan-activity;sid:83928511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.59.186.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065410/; classtype:trojan-activity;sid:83928510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065409)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.114.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065409/; classtype:trojan-activity;sid:83928509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065408)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.183.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065408/; classtype:trojan-activity;sid:83928508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065407)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.221.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065407/; classtype:trojan-activity;sid:83928507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065406)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.51.60.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065406/; classtype:trojan-activity;sid:83928506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065405)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.249.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065405/; classtype:trojan-activity;sid:83928505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065404)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.146.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065404/; classtype:trojan-activity;sid:83928504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.226.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065403/; classtype:trojan-activity;sid:83928503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.173.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065402/; classtype:trojan-activity;sid:83928502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.81.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065401/; classtype:trojan-activity;sid:83928501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065400)"; flow:established,from_client; content:"GET"; http_method; content:"/orderreview"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"hmen.loyalty.hienphucuanhanloai.org"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065400/; classtype:trojan-activity;sid:83928500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.99.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065399/; classtype:trojan-activity;sid:83928499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.227.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065398/; classtype:trojan-activity;sid:83928498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.47.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065397/; classtype:trojan-activity;sid:83928497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.186.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065396/; classtype:trojan-activity;sid:83928496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.103.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065394/; classtype:trojan-activity;sid:83928494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.68.72.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065395/; classtype:trojan-activity;sid:83928495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.99.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065393/; classtype:trojan-activity;sid:83928493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065392)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.64.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065392/; classtype:trojan-activity;sid:83928492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065391)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.144.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065391/; classtype:trojan-activity;sid:83928491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065390)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.98.23.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065390/; classtype:trojan-activity;sid:83928490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.32.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065388/; classtype:trojan-activity;sid:83928488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.114.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065389/; classtype:trojan-activity;sid:83928489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.34.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065387/; classtype:trojan-activity;sid:83928487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.203.232.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065386/; classtype:trojan-activity;sid:83928486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.182.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065385/; classtype:trojan-activity;sid:83928485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.199.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065384/; classtype:trojan-activity;sid:83928484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.150.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065383/; classtype:trojan-activity;sid:83928483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.184.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065382/; classtype:trojan-activity;sid:83928482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065380)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.110.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065380/; classtype:trojan-activity;sid:83928480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065381)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.236.58.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065381/; classtype:trojan-activity;sid:83928481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.157.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065378/; classtype:trojan-activity;sid:83928478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065379)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.209.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065379/; classtype:trojan-activity;sid:83928479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.227.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065377/; classtype:trojan-activity;sid:83928477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.46.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065376/; classtype:trojan-activity;sid:83928476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.77.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065375/; classtype:trojan-activity;sid:83928475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.59.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065374/; classtype:trojan-activity;sid:83928474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.184.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065373/; classtype:trojan-activity;sid:83928473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.13.219.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065372/; classtype:trojan-activity;sid:83928472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.149.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065371/; classtype:trojan-activity;sid:83928471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065370)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.50.57.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065370/; classtype:trojan-activity;sid:83928470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.114.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065369/; classtype:trojan-activity;sid:83928469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065368)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.35.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065368/; classtype:trojan-activity;sid:83928468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065366)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.9.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065366/; classtype:trojan-activity;sid:83928466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065367)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.133.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065367/; classtype:trojan-activity;sid:83928467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.32.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065365/; classtype:trojan-activity;sid:83928465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065364)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.203.232.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065364/; classtype:trojan-activity;sid:83928464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.38.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065363/; classtype:trojan-activity;sid:83928463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.165.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065362/; classtype:trojan-activity;sid:83928462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065361)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.205.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065361/; classtype:trojan-activity;sid:83928461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.199.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065360/; classtype:trojan-activity;sid:83928460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.171.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065359/; classtype:trojan-activity;sid:83928459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065358)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065358/; classtype:trojan-activity;sid:83928458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.90.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065357/; classtype:trojan-activity;sid:83928457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.189.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065355/; classtype:trojan-activity;sid:83928455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065356)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.9.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065356/; classtype:trojan-activity;sid:83928456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.46.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065354/; classtype:trojan-activity;sid:83928454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.89.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065353/; classtype:trojan-activity;sid:83928453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.173.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065352/; classtype:trojan-activity;sid:83928452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.2.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065351/; classtype:trojan-activity;sid:83928451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065350)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.162.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065350/; classtype:trojan-activity;sid:83928450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065349)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.6.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065349/; classtype:trojan-activity;sid:83928449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065348)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.4.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065348/; classtype:trojan-activity;sid:83928448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065346)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.98.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065346/; classtype:trojan-activity;sid:83928446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.168.88.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065347/; classtype:trojan-activity;sid:83928447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065345)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.93.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065345/; classtype:trojan-activity;sid:83928445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065342)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.126.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065342/; classtype:trojan-activity;sid:83928442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065343)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.101.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065343/; classtype:trojan-activity;sid:83928443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065344)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.231.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065344/; classtype:trojan-activity;sid:83928444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.170.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065341/; classtype:trojan-activity;sid:83928441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.240.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065340/; classtype:trojan-activity;sid:83928440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065339)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.220.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065339/; classtype:trojan-activity;sid:83928439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.153.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065338/; classtype:trojan-activity;sid:83928438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065337)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.41.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065337/; classtype:trojan-activity;sid:83928437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065336)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065336/; classtype:trojan-activity;sid:83928436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.78.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065335/; classtype:trojan-activity;sid:83928435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.135.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065334/; classtype:trojan-activity;sid:83928434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.240.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065333/; classtype:trojan-activity;sid:83928433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.173.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065332/; classtype:trojan-activity;sid:83928432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.111.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065331/; classtype:trojan-activity;sid:83928431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.170.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065330/; classtype:trojan-activity;sid:83928430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.189.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065328/; classtype:trojan-activity;sid:83928428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.51.148.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065329/; classtype:trojan-activity;sid:83928429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.227.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065327/; classtype:trojan-activity;sid:83928427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.72.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065326/; classtype:trojan-activity;sid:83928426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065325)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.87.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065325/; classtype:trojan-activity;sid:83928425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065324)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.90.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065324/; classtype:trojan-activity;sid:83928424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065323)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.171.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065323/; classtype:trojan-activity;sid:83928423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.10.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065322/; classtype:trojan-activity;sid:83928422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.2.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065321/; classtype:trojan-activity;sid:83928421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.45.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065320/; classtype:trojan-activity;sid:83928420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.153.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065319/; classtype:trojan-activity;sid:83928419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.135.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065318/; classtype:trojan-activity;sid:83928418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.5.2"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065317/; classtype:trojan-activity;sid:83928417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.177.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065316/; classtype:trojan-activity;sid:83928416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.26.63.27"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065315/; classtype:trojan-activity;sid:83928415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065313)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.17.154.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065313/; classtype:trojan-activity;sid:83928413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.240.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065314/; classtype:trojan-activity;sid:83928414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065312)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.237.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065312/; classtype:trojan-activity;sid:83928412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065311)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.41.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065311/; classtype:trojan-activity;sid:83928411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.227.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065310/; classtype:trojan-activity;sid:83928410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.89.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065309/; classtype:trojan-activity;sid:83928409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.93.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065308/; classtype:trojan-activity;sid:83928408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.91.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065306/; classtype:trojan-activity;sid:83928406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.51.148.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065307/; classtype:trojan-activity;sid:83928407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.245.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065305/; classtype:trojan-activity;sid:83928405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.189.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065304/; classtype:trojan-activity;sid:83928404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.111.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065303/; classtype:trojan-activity;sid:83928403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.119.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065302/; classtype:trojan-activity;sid:83928402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.80.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065301/; classtype:trojan-activity;sid:83928401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.10.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065299/; classtype:trojan-activity;sid:83928399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.87.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065300/; classtype:trojan-activity;sid:83928400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065298)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.246.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065298/; classtype:trojan-activity;sid:83928398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065297)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.195.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065297/; classtype:trojan-activity;sid:83928397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065296)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065296/; classtype:trojan-activity;sid:83928396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065295)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065295/; classtype:trojan-activity;sid:83928395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.124.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065294/; classtype:trojan-activity;sid:83928394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065293)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.5.2"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065293/; classtype:trojan-activity;sid:83928393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.137.251.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065292/; classtype:trojan-activity;sid:83928392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.84.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065291/; classtype:trojan-activity;sid:83928391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.177.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065290/; classtype:trojan-activity;sid:83928390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.89.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065289/; classtype:trojan-activity;sid:83928389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065288)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.49.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065288/; classtype:trojan-activity;sid:83928388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.93.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065287/; classtype:trojan-activity;sid:83928387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065286)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.183.42.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065286/; classtype:trojan-activity;sid:83928386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.119.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065285/; classtype:trojan-activity;sid:83928385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.217.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065284/; classtype:trojan-activity;sid:83928384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.117.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065283/; classtype:trojan-activity;sid:83928383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065282/; classtype:trojan-activity;sid:83928382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065281)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.104.195.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065281/; classtype:trojan-activity;sid:83928381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065280)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065280/; classtype:trojan-activity;sid:83928380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.104.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065279/; classtype:trojan-activity;sid:83928379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.124.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065278/; classtype:trojan-activity;sid:83928378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.255.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065277/; classtype:trojan-activity;sid:83928377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.217.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065276/; classtype:trojan-activity;sid:83928376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.6.168.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065275/; classtype:trojan-activity;sid:83928375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.22.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065274/; classtype:trojan-activity;sid:83928374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.135.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065273/; classtype:trojan-activity;sid:83928373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065272)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.136.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065272/; classtype:trojan-activity;sid:83928372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065271)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.208.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065271/; classtype:trojan-activity;sid:83928371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.115.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065270/; classtype:trojan-activity;sid:83928370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065269)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.37.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065269/; classtype:trojan-activity;sid:83928369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065268)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.231.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065268/; classtype:trojan-activity;sid:83928368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.0.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065267/; classtype:trojan-activity;sid:83928367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.174.137.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065266/; classtype:trojan-activity;sid:83928366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065265)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.126.214.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065265/; classtype:trojan-activity;sid:83928365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.57.218.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065264/; classtype:trojan-activity;sid:83928364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.45.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065263/; classtype:trojan-activity;sid:83928363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.69.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065262/; classtype:trojan-activity;sid:83928362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.217.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065261/; classtype:trojan-activity;sid:83928361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.61.93.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065260/; classtype:trojan-activity;sid:83928360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065259)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.183.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065259/; classtype:trojan-activity;sid:83928359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.218.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065258/; classtype:trojan-activity;sid:83928358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.211.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065257/; classtype:trojan-activity;sid:83928357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065256)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.93.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065256/; classtype:trojan-activity;sid:83928356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.173.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065255/; classtype:trojan-activity;sid:83928355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.168.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065254/; classtype:trojan-activity;sid:83928354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.13.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065253/; classtype:trojan-activity;sid:83928353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.217.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065252/; classtype:trojan-activity;sid:83928352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.22.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065251/; classtype:trojan-activity;sid:83928351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.41.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065250/; classtype:trojan-activity;sid:83928350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065249)"; flow:established,from_client; content:"GET"; http_method; content:"/l/botirc.i686"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065249/; classtype:trojan-activity;sid:83928349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/mipsbotirc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065247/; classtype:trojan-activity;sid:83928347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065248)"; flow:established,from_client; content:"GET"; http_method; content:"/c/ppcbotirc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065248/; classtype:trojan-activity;sid:83928348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065246)"; flow:established,from_client; content:"GET"; http_method; content:"/c/botirc.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065246/; classtype:trojan-activity;sid:83928346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065241)"; flow:established,from_client; content:"GET"; http_method; content:"/l/botirc.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065241/; classtype:trojan-activity;sid:83928341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065242)"; flow:established,from_client; content:"GET"; http_method; content:"/c/sh4botirc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065242/; classtype:trojan-activity;sid:83928342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065243)"; flow:established,from_client; content:"GET"; http_method; content:"/c/mipsbotirc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065243/; classtype:trojan-activity;sid:83928343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065244)"; flow:established,from_client; content:"GET"; http_method; content:"/c/botirc.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065244/; classtype:trojan-activity;sid:83928344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/botirc.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065245/; classtype:trojan-activity;sid:83928345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065240)"; flow:established,from_client; content:"GET"; http_method; content:"/l/mipsbotirc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065240/; classtype:trojan-activity;sid:83928340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065239)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/i686botirc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065239/; classtype:trojan-activity;sid:83928339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065238)"; flow:established,from_client; content:"GET"; http_method; content:"/l/i686botirc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065238/; classtype:trojan-activity;sid:83928338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/botirc.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065237/; classtype:trojan-activity;sid:83928337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065234)"; flow:established,from_client; content:"GET"; http_method; content:"/c/m68kbotirc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065234/; classtype:trojan-activity;sid:83928334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065235)"; flow:established,from_client; content:"GET"; http_method; content:"/c/armbotirc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065235/; classtype:trojan-activity;sid:83928335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065236)"; flow:established,from_client; content:"GET"; http_method; content:"/c/botirc.i686"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065236/; classtype:trojan-activity;sid:83928336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065233)"; flow:established,from_client; content:"GET"; http_method; content:"/l/botirc.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065233/; classtype:trojan-activity;sid:83928333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/mpslbotirc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065230/; classtype:trojan-activity;sid:83928330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065231)"; flow:established,from_client; content:"GET"; http_method; content:"/l/mpslbotirc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065231/; classtype:trojan-activity;sid:83928331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065232)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/botirc.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065232/; classtype:trojan-activity;sid:83928332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065226)"; flow:established,from_client; content:"GET"; http_method; content:"/c/botirc.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065226/; classtype:trojan-activity;sid:83928326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065227)"; flow:established,from_client; content:"GET"; http_method; content:"/l/sh4botirc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065227/; classtype:trojan-activity;sid:83928327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065228)"; flow:established,from_client; content:"GET"; http_method; content:"/c/mpslbotirc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065228/; classtype:trojan-activity;sid:83928328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065229)"; flow:established,from_client; content:"GET"; http_method; content:"/c/botirc.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065229/; classtype:trojan-activity;sid:83928329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065222)"; flow:established,from_client; content:"GET"; http_method; content:"/l/botirc.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065222/; classtype:trojan-activity;sid:83928322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065223)"; flow:established,from_client; content:"GET"; http_method; content:"/l/botirc.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065223/; classtype:trojan-activity;sid:83928323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065224)"; flow:established,from_client; content:"GET"; http_method; content:"/l/x86botirc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065224/; classtype:trojan-activity;sid:83928324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065225)"; flow:established,from_client; content:"GET"; http_method; content:"/c/botirc.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065225/; classtype:trojan-activity;sid:83928325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065219)"; flow:established,from_client; content:"GET"; http_method; content:"/c/botirc.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065219/; classtype:trojan-activity;sid:83928319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065220)"; flow:established,from_client; content:"GET"; http_method; content:"/l/armbotirc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065220/; classtype:trojan-activity;sid:83928320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065221)"; flow:established,from_client; content:"GET"; http_method; content:"/c/arm7botirc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065221/; classtype:trojan-activity;sid:83928321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065215)"; flow:established,from_client; content:"GET"; http_method; content:"/c/botirc.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065215/; classtype:trojan-activity;sid:83928315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065216)"; flow:established,from_client; content:"GET"; http_method; content:"/l/ppcbotirc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065216/; classtype:trojan-activity;sid:83928316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065217)"; flow:established,from_client; content:"GET"; http_method; content:"/c/x86botirc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065217/; classtype:trojan-activity;sid:83928317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065218)"; flow:established,from_client; content:"GET"; http_method; content:"/c/i686botirc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065218/; classtype:trojan-activity;sid:83928318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065204)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/botirc.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065204/; classtype:trojan-activity;sid:83928304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065205)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/botirc.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065205/; classtype:trojan-activity;sid:83928305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065206)"; flow:established,from_client; content:"GET"; http_method; content:"/u/i686botirc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065206/; classtype:trojan-activity;sid:83928306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065207)"; flow:established,from_client; content:"GET"; http_method; content:"/a/mipsbotirc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065207/; classtype:trojan-activity;sid:83928307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065208)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/x86botirc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065208/; classtype:trojan-activity;sid:83928308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/botirc.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065209/; classtype:trojan-activity;sid:83928309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065210)"; flow:established,from_client; content:"GET"; http_method; content:"/u/x86botirc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065210/; classtype:trojan-activity;sid:83928310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065211)"; flow:established,from_client; content:"GET"; http_method; content:"/u/botirc.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065211/; classtype:trojan-activity;sid:83928311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065212)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/mipsbotirc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065212/; classtype:trojan-activity;sid:83928312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065213)"; flow:established,from_client; content:"GET"; http_method; content:"/u/botirc.i686"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065213/; classtype:trojan-activity;sid:83928313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065214)"; flow:established,from_client; content:"GET"; http_method; content:"/u/mipsbotirc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065214/; classtype:trojan-activity;sid:83928314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x86botirc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065202/; classtype:trojan-activity;sid:83928302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065203)"; flow:established,from_client; content:"GET"; http_method; content:"/l/botirc.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065203/; classtype:trojan-activity;sid:83928303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/botirc.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065196/; classtype:trojan-activity;sid:83928296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065197)"; flow:established,from_client; content:"GET"; http_method; content:"/u/botirc.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065197/; classtype:trojan-activity;sid:83928297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065198)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/arm7botirc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065198/; classtype:trojan-activity;sid:83928298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065199)"; flow:established,from_client; content:"GET"; http_method; content:"/a/botirc.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065199/; classtype:trojan-activity;sid:83928299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065200)"; flow:established,from_client; content:"GET"; http_method; content:"/u/botirc.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065200/; classtype:trojan-activity;sid:83928300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065201)"; flow:established,from_client; content:"GET"; http_method; content:"/a/arm7botirc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065201/; classtype:trojan-activity;sid:83928301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065193)"; flow:established,from_client; content:"GET"; http_method; content:"/a/botirc.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065193/; classtype:trojan-activity;sid:83928293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065194)"; flow:established,from_client; content:"GET"; http_method; content:"/l/botirc.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065194/; classtype:trojan-activity;sid:83928294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065195)"; flow:established,from_client; content:"GET"; http_method; content:"/l/arm7botirc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065195/; classtype:trojan-activity;sid:83928295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065190)"; flow:established,from_client; content:"GET"; http_method; content:"/l/botirc.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065190/; classtype:trojan-activity;sid:83928290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065191)"; flow:established,from_client; content:"GET"; http_method; content:"/u/arm7botirc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065191/; classtype:trojan-activity;sid:83928291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065192)"; flow:established,from_client; content:"GET"; http_method; content:"/u/botirc.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065192/; classtype:trojan-activity;sid:83928292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065188)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/botirc.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065188/; classtype:trojan-activity;sid:83928288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/botirc.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065189/; classtype:trojan-activity;sid:83928289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065179)"; flow:established,from_client; content:"GET"; http_method; content:"/u/sh4botirc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065179/; classtype:trojan-activity;sid:83928279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065180)"; flow:established,from_client; content:"GET"; http_method; content:"/u/m68kbotirc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065180/; classtype:trojan-activity;sid:83928280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065181)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/mpslbotirc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065181/; classtype:trojan-activity;sid:83928281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065182)"; flow:established,from_client; content:"GET"; http_method; content:"/u/botirc.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065182/; classtype:trojan-activity;sid:83928282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065183)"; flow:established,from_client; content:"GET"; http_method; content:"/u/mpslbotirc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065183/; classtype:trojan-activity;sid:83928283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065184)"; flow:established,from_client; content:"GET"; http_method; content:"/a/botirc.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065184/; classtype:trojan-activity;sid:83928284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065185)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/botirc.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065185/; classtype:trojan-activity;sid:83928285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065186)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/ppcbotirc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065186/; classtype:trojan-activity;sid:83928286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065187)"; flow:established,from_client; content:"GET"; http_method; content:"/u/armbotirc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065187/; classtype:trojan-activity;sid:83928287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065174)"; flow:established,from_client; content:"GET"; http_method; content:"/a/sh4botirc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065174/; classtype:trojan-activity;sid:83928274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065175)"; flow:established,from_client; content:"GET"; http_method; content:"/u/botirc.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065175/; classtype:trojan-activity;sid:83928275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065176)"; flow:established,from_client; content:"GET"; http_method; content:"/a/ppcbotirc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065176/; classtype:trojan-activity;sid:83928276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/botirc.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065177/; classtype:trojan-activity;sid:83928277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/sh4botirc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065178/; classtype:trojan-activity;sid:83928278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/botirc.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065172/; classtype:trojan-activity;sid:83928272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/i686botirc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065173/; classtype:trojan-activity;sid:83928273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/ppcbotirc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065168/; classtype:trojan-activity;sid:83928268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065169)"; flow:established,from_client; content:"GET"; http_method; content:"/u/botirc.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065169/; classtype:trojan-activity;sid:83928269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065170)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/armbotirc200"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065170/; classtype:trojan-activity;sid:83928270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/botirc.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065171/; classtype:trojan-activity;sid:83928271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065164)"; flow:established,from_client; content:"GET"; http_method; content:"/l/m68kbotirc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065164/; classtype:trojan-activity;sid:83928264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/botirc.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065165/; classtype:trojan-activity;sid:83928265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065166)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/botirc.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065166/; classtype:trojan-activity;sid:83928266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/arm7botirc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065167/; classtype:trojan-activity;sid:83928267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065160)"; flow:established,from_client; content:"GET"; http_method; content:"/l/botirc.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065160/; classtype:trojan-activity;sid:83928260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065161)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/botirc.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065161/; classtype:trojan-activity;sid:83928261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065162)"; flow:established,from_client; content:"GET"; http_method; content:"/u/ppcbotirc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065162/; classtype:trojan-activity;sid:83928262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065163)"; flow:established,from_client; content:"GET"; http_method; content:"/a/botirc.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065163/; classtype:trojan-activity;sid:83928263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065158)"; flow:established,from_client; content:"GET"; http_method; content:"/u/botirc.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065158/; classtype:trojan-activity;sid:83928258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/m68kbotirc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065159/; classtype:trojan-activity;sid:83928259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065151)"; flow:established,from_client; content:"GET"; http_method; content:"/b/mipsbotirc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065151/; classtype:trojan-activity;sid:83928251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065152)"; flow:established,from_client; content:"GET"; http_method; content:"/z/x86botirc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065152/; classtype:trojan-activity;sid:83928252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065153)"; flow:established,from_client; content:"GET"; http_method; content:"/b/botirc.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065153/; classtype:trojan-activity;sid:83928253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065154)"; flow:established,from_client; content:"GET"; http_method; content:"/z/botirc.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065154/; classtype:trojan-activity;sid:83928254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065155)"; flow:established,from_client; content:"GET"; http_method; content:"/z/botirc.i686"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065155/; classtype:trojan-activity;sid:83928255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065156)"; flow:established,from_client; content:"GET"; http_method; content:"/b/botirc.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065156/; classtype:trojan-activity;sid:83928256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065157)"; flow:established,from_client; content:"GET"; http_method; content:"/z/i686botirc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065157/; classtype:trojan-activity;sid:83928257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065147)"; flow:established,from_client; content:"GET"; http_method; content:"/g/botirc.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065147/; classtype:trojan-activity;sid:83928247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065148)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/botirc.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065148/; classtype:trojan-activity;sid:83928248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065149)"; flow:established,from_client; content:"GET"; http_method; content:"/z/botirc.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065149/; classtype:trojan-activity;sid:83928249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065150)"; flow:established,from_client; content:"GET"; http_method; content:"/g/i686botirc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065150/; classtype:trojan-activity;sid:83928250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065144)"; flow:established,from_client; content:"GET"; http_method; content:"/z/mpslbotirc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065144/; classtype:trojan-activity;sid:83928244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065145)"; flow:established,from_client; content:"GET"; http_method; content:"/b/mpslbotirc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065145/; classtype:trojan-activity;sid:83928245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065146)"; flow:established,from_client; content:"GET"; http_method; content:"/b/armbotirc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065146/; classtype:trojan-activity;sid:83928246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065139)"; flow:established,from_client; content:"GET"; http_method; content:"/b/botirc.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065139/; classtype:trojan-activity;sid:83928239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065140)"; flow:established,from_client; content:"GET"; http_method; content:"/z/ppcbotirc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065140/; classtype:trojan-activity;sid:83928240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065141)"; flow:established,from_client; content:"GET"; http_method; content:"/z/botirc.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065141/; classtype:trojan-activity;sid:83928241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065142)"; flow:established,from_client; content:"GET"; http_method; content:"/z/armbotirc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065142/; classtype:trojan-activity;sid:83928242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065143)"; flow:established,from_client; content:"GET"; http_method; content:"/g/botirc.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065143/; classtype:trojan-activity;sid:83928243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065138)"; flow:established,from_client; content:"GET"; http_method; content:"/a/armbotirc200"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065138/; classtype:trojan-activity;sid:83928238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065131)"; flow:established,from_client; content:"GET"; http_method; content:"/multi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065131/; classtype:trojan-activity;sid:83928231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065132)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/botirc.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065132/; classtype:trojan-activity;sid:83928232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065133)"; flow:established,from_client; content:"GET"; http_method; content:"/b/m68kbotirc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065133/; classtype:trojan-activity;sid:83928233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065134)"; flow:established,from_client; content:"GET"; http_method; content:"/b/botirc.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065134/; classtype:trojan-activity;sid:83928234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065135)"; flow:established,from_client; content:"GET"; http_method; content:"/z/botirc.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065135/; classtype:trojan-activity;sid:83928235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065136)"; flow:established,from_client; content:"GET"; http_method; content:"/z/botirc.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065136/; classtype:trojan-activity;sid:83928236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065137)"; flow:established,from_client; content:"GET"; http_method; content:"/g/botirc.i686"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065137/; classtype:trojan-activity;sid:83928237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065125)"; flow:established,from_client; content:"GET"; http_method; content:"/b/botirc.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065125/; classtype:trojan-activity;sid:83928225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065126)"; flow:established,from_client; content:"GET"; http_method; content:"/b/sh4botirc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065126/; classtype:trojan-activity;sid:83928226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065127)"; flow:established,from_client; content:"GET"; http_method; content:"/z/botirc.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065127/; classtype:trojan-activity;sid:83928227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065128)"; flow:established,from_client; content:"GET"; http_method; content:"/z/botirc.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065128/; classtype:trojan-activity;sid:83928228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065129)"; flow:established,from_client; content:"GET"; http_method; content:"/g/botirc.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065129/; classtype:trojan-activity;sid:83928229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065130)"; flow:established,from_client; content:"GET"; http_method; content:"/z/arm7botirc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065130/; classtype:trojan-activity;sid:83928230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.0.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065124/; classtype:trojan-activity;sid:83928224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"38.137.250.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065122/; classtype:trojan-activity;sid:83928222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.104.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065123/; classtype:trojan-activity;sid:83928223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065121)"; flow:established,from_client; content:"GET"; http_method; content:"/z/mipsbotirc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065121/; classtype:trojan-activity;sid:83928221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065120)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.103.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065120/; classtype:trojan-activity;sid:83928220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065119)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.168.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065119/; classtype:trojan-activity;sid:83928219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065117)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.118.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065117/; classtype:trojan-activity;sid:83928217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065118)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.154.117.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065118/; classtype:trojan-activity;sid:83928218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.169.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065116/; classtype:trojan-activity;sid:83928216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.61.93.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065114/; classtype:trojan-activity;sid:83928214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.30.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065115/; classtype:trojan-activity;sid:83928215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.165.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065113/; classtype:trojan-activity;sid:83928213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.125.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065112/; classtype:trojan-activity;sid:83928212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.69.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065111/; classtype:trojan-activity;sid:83928211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.56.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065110/; classtype:trojan-activity;sid:83928210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.139.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065108/; classtype:trojan-activity;sid:83928208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.170.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065109/; classtype:trojan-activity;sid:83928209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.45.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065107/; classtype:trojan-activity;sid:83928207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.121.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065105/; classtype:trojan-activity;sid:83928205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065106)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.221.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065106/; classtype:trojan-activity;sid:83928206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065104)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.253.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065104/; classtype:trojan-activity;sid:83928204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065102)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.230.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065102/; classtype:trojan-activity;sid:83928202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065103)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.52.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065103/; classtype:trojan-activity;sid:83928203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065101)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.106.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065101/; classtype:trojan-activity;sid:83928201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065100)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.202.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065100/; classtype:trojan-activity;sid:83928200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065099)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.92.97.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065099/; classtype:trojan-activity;sid:83928199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065098)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.211.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065098/; classtype:trojan-activity;sid:83928198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.3.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065097/; classtype:trojan-activity;sid:83928197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.6.192.1"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065096/; classtype:trojan-activity;sid:83928196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.162.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065095/; classtype:trojan-activity;sid:83928195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065094)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.169.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065094/; classtype:trojan-activity;sid:83928194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.100.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065093/; classtype:trojan-activity;sid:83928193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.195.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065092/; classtype:trojan-activity;sid:83928192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.104.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065091/; classtype:trojan-activity;sid:83928191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065090)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.43.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065090/; classtype:trojan-activity;sid:83928190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.30.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065089/; classtype:trojan-activity;sid:83928189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065088)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.1.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065088/; classtype:trojan-activity;sid:83928188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065087)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.171.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065087/; classtype:trojan-activity;sid:83928187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065085)"; flow:established,from_client; content:"GET"; http_method; content:"/40/ka/simplethingswantobegreatwaytounderstandhowsimpleitiswearegoodandeverythinggreat________thingsaregreatthingstouseugod.doc"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"46.183.222.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065085/; classtype:trojan-activity;sid:83928185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065086)"; flow:established,from_client; content:"GET"; http_method; content:"/40/newsomethinggoodthingshappene.gif"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"46.183.222.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065086/; classtype:trojan-activity;sid:83928186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065084/; classtype:trojan-activity;sid:83928184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.125.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065083/; classtype:trojan-activity;sid:83928183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.186.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065082/; classtype:trojan-activity;sid:83928182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.231.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065081/; classtype:trojan-activity;sid:83928181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.41.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065080/; classtype:trojan-activity;sid:83928180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.45.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065079/; classtype:trojan-activity;sid:83928179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.56.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065078/; classtype:trojan-activity;sid:83928178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.188.91.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065077/; classtype:trojan-activity;sid:83928177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.24.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065076/; classtype:trojan-activity;sid:83928176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.96.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065075/; classtype:trojan-activity;sid:83928175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.190.136.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065074/; classtype:trojan-activity;sid:83928174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.174.137.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065073/; classtype:trojan-activity;sid:83928173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065071)"; flow:established,from_client; content:"GET"; http_method; content:"/selectex-file-host/judit1.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.196.10.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065071/; classtype:trojan-activity;sid:83928171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.250.50.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065072/; classtype:trojan-activity;sid:83928172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065069)"; flow:established,from_client; content:"GET"; http_method; content:"/selectex-file-host/54gtxx.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.196.10.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065069/; classtype:trojan-activity;sid:83928169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065070)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/bnc/verygoodthingstobegreatadvancesystemtakecareofyourthingstobebackwithnewthingsgetback____________sweeetthingshappenegirl.doc"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"198.46.174.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065070/; classtype:trojan-activity;sid:83928170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.162.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065067/; classtype:trojan-activity;sid:83928167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.121.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065068/; classtype:trojan-activity;sid:83928168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065066)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.45.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065066/; classtype:trojan-activity;sid:83928166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065065)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.214.229.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065065/; classtype:trojan-activity;sid:83928165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065064)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.167.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065064/; classtype:trojan-activity;sid:83928164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.41.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065063/; classtype:trojan-activity;sid:83928163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.138.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065062/; classtype:trojan-activity;sid:83928162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.114.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065061/; classtype:trojan-activity;sid:83928161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065060)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.195.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065060/; classtype:trojan-activity;sid:83928160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065059)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.211.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065059/; classtype:trojan-activity;sid:83928159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.172.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065058/; classtype:trojan-activity;sid:83928158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065057)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.84.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065057/; classtype:trojan-activity;sid:83928157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.66.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065056/; classtype:trojan-activity;sid:83928156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.186.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065055/; classtype:trojan-activity;sid:83928155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.45.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065054/; classtype:trojan-activity;sid:83928154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.87.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065053/; classtype:trojan-activity;sid:83928153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.41.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065052/; classtype:trojan-activity;sid:83928152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.74.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065051/; classtype:trojan-activity;sid:83928151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.123.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065050/; classtype:trojan-activity;sid:83928150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.219.13.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065049/; classtype:trojan-activity;sid:83928149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.115.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065048/; classtype:trojan-activity;sid:83928148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.138.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065047/; classtype:trojan-activity;sid:83928147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065046)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.127.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065046/; classtype:trojan-activity;sid:83928146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065045)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.152.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065045/; classtype:trojan-activity;sid:83928145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065044)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/aws"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065044/; classtype:trojan-activity;sid:83928144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065038)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065038/; classtype:trojan-activity;sid:83928138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065039)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armbotirc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065039/; classtype:trojan-activity;sid:83928139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065040)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7botirc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065040/; classtype:trojan-activity;sid:83928140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065041)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/goahead"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065041/; classtype:trojan-activity;sid:83928141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065042)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/final.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065042/; classtype:trojan-activity;sid:83928142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065043)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gpon443"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065043/; classtype:trojan-activity;sid:83928143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.213.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065037/; classtype:trojan-activity;sid:83928137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.41.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065036/; classtype:trojan-activity;sid:83928136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065035)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/wget.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065035/; classtype:trojan-activity;sid:83928135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.89.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065034/; classtype:trojan-activity;sid:83928134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065025)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68kbotirc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065025/; classtype:trojan-activity;sid:83928125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065026)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86botirc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065026/; classtype:trojan-activity;sid:83928126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065027)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jaws"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065027/; classtype:trojan-activity;sid:83928127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065028)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hnap"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065028/; classtype:trojan-activity;sid:83928128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065029)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsbotirc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065029/; classtype:trojan-activity;sid:83928129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065030)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/huawei"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065030/; classtype:trojan-activity;sid:83928130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065031)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/no.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065031/; classtype:trojan-activity;sid:83928131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065032)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i686botirc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065032/; classtype:trojan-activity;sid:83928132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065033)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zyxel"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065033/; classtype:trojan-activity;sid:83928133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065019)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zte"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065019/; classtype:trojan-activity;sid:83928119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065020)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065020/; classtype:trojan-activity;sid:83928120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065021)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/realtek"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065021/; classtype:trojan-activity;sid:83928121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065022)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/thinkphp"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065022/; classtype:trojan-activity;sid:83928122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065023)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pulse"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065023/; classtype:trojan-activity;sid:83928123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065024)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yarn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065024/; classtype:trojan-activity;sid:83928124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065016)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpslbotirc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065016/; classtype:trojan-activity;sid:83928116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065017)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppcbotirc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065017/; classtype:trojan-activity;sid:83928117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065018)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4botirc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065018/; classtype:trojan-activity;sid:83928118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.114.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065015/; classtype:trojan-activity;sid:83928115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.1.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065014/; classtype:trojan-activity;sid:83928114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.44.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065013/; classtype:trojan-activity;sid:83928113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.240.253.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065012/; classtype:trojan-activity;sid:83928112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.61.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065011/; classtype:trojan-activity;sid:83928111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.244.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065009/; classtype:trojan-activity;sid:83928109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065010)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.59.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065010/; classtype:trojan-activity;sid:83928110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.137.248.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065008/; classtype:trojan-activity;sid:83928108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.207.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065007/; classtype:trojan-activity;sid:83928107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065006)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.163.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065006/; classtype:trojan-activity;sid:83928106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065004)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.85.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065004/; classtype:trojan-activity;sid:83928104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065005)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.183.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065005/; classtype:trojan-activity;sid:83928105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065003)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.22.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065003/; classtype:trojan-activity;sid:83928103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065002)"; flow:established,from_client; content:"GET"; http_method; content:"/luckypatcher.apk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.seasidebeautyco.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065002/; classtype:trojan-activity;sid:83928102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065001)"; flow:established,from_client; content:"GET"; http_method; content:"/luckypatcher.apk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.seasidebeautyco.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065001/; classtype:trojan-activity;sid:83928101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3065000)"; flow:established,from_client; content:"GET"; http_method; content:"/luckypatcher.apk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"seasidebeautyco.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3065000/; classtype:trojan-activity;sid:83928100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064999)"; flow:established,from_client; content:"GET"; http_method; content:"/luckypatcher.apk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"seasidebeautyco.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064999/; classtype:trojan-activity;sid:83928099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.87.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064998/; classtype:trojan-activity;sid:83928098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.165.140.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064997/; classtype:trojan-activity;sid:83928097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.74.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064996/; classtype:trojan-activity;sid:83928096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.120.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064995/; classtype:trojan-activity;sid:83928095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064994)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.170.201.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064994/; classtype:trojan-activity;sid:83928094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.161.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064993/; classtype:trojan-activity;sid:83928093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.184.10.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064992/; classtype:trojan-activity;sid:83928092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.91.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064991/; classtype:trojan-activity;sid:83928091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.38.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064990/; classtype:trojan-activity;sid:83928090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064989)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.89.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064989/; classtype:trojan-activity;sid:83928089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064988)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.83.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064988/; classtype:trojan-activity;sid:83928088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064987)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.2.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064987/; classtype:trojan-activity;sid:83928087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.24.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064986/; classtype:trojan-activity;sid:83928086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.245.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064985/; classtype:trojan-activity;sid:83928085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064984)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.225.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064984/; classtype:trojan-activity;sid:83928084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.93.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064982/; classtype:trojan-activity;sid:83928082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.170.201.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064983/; classtype:trojan-activity;sid:83928083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064981)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.174.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064981/; classtype:trojan-activity;sid:83928081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.188.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064980/; classtype:trojan-activity;sid:83928080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064979/; classtype:trojan-activity;sid:83928079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064978)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.169.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064978/; classtype:trojan-activity;sid:83928078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064976)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.170.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064976/; classtype:trojan-activity;sid:83928076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.227.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064977/; classtype:trojan-activity;sid:83928077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.10.144.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064974/; classtype:trojan-activity;sid:83928074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.7.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064975/; classtype:trojan-activity;sid:83928075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064972)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.206.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064972/; classtype:trojan-activity;sid:83928072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064973)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.225.118.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064973/; classtype:trojan-activity;sid:83928073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.114.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064971/; classtype:trojan-activity;sid:83928071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.174.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064970/; classtype:trojan-activity;sid:83928070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.240.253.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064967/; classtype:trojan-activity;sid:83928067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.178.248.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064968/; classtype:trojan-activity;sid:83928068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.141.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064969/; classtype:trojan-activity;sid:83928069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.71.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064966/; classtype:trojan-activity;sid:83928066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064965/; classtype:trojan-activity;sid:83928065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.214.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064964/; classtype:trojan-activity;sid:83928064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064963)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.96.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064963/; classtype:trojan-activity;sid:83928063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064962)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.86.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064962/; classtype:trojan-activity;sid:83928062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064961)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.95.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064961/; classtype:trojan-activity;sid:83928061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064960)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.230.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064960/; classtype:trojan-activity;sid:83928060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064959)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064959/; classtype:trojan-activity;sid:83928059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.61.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064958/; classtype:trojan-activity;sid:83928058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.119.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064957/; classtype:trojan-activity;sid:83928057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064956)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.184.10.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064956/; classtype:trojan-activity;sid:83928056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.120.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064955/; classtype:trojan-activity;sid:83928055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.161.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064954/; classtype:trojan-activity;sid:83928054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.253.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064953/; classtype:trojan-activity;sid:83928053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.163.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064952/; classtype:trojan-activity;sid:83928052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.67.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064951/; classtype:trojan-activity;sid:83928051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064950)"; flow:established,from_client; content:"GET"; http_method; content:"/alpha.doc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"berkshirehathway.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064950/; classtype:trojan-activity;sid:83928050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.236.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064949/; classtype:trojan-activity;sid:83928049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064948)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.198.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064948/; classtype:trojan-activity;sid:83928048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.201.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064947/; classtype:trojan-activity;sid:83928047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.210.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064945/; classtype:trojan-activity;sid:83928045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.51.90"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064946/; classtype:trojan-activity;sid:83928046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064943)"; flow:established,from_client; content:"GET"; http_method; content:"/t2307w/csrss.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"107.173.143.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064943/; classtype:trojan-activity;sid:83928043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064944)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/mnu/gdfc.hta"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"192.3.118.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064944/; classtype:trojan-activity;sid:83928044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.165.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064942/; classtype:trojan-activity;sid:83928042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.158.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064940/; classtype:trojan-activity;sid:83928040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064938)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.248.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064938/; classtype:trojan-activity;sid:83928038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.67.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064937/; classtype:trojan-activity;sid:83928037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.71.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064935/; classtype:trojan-activity;sid:83928035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.113.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064936/; classtype:trojan-activity;sid:83928036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064934)"; flow:established,from_client; content:"GET"; http_method; content:"/44/winiti.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"172.234.216.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064934/; classtype:trojan-activity;sid:83928034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064933)"; flow:established,from_client; content:"GET"; http_method; content:"/duk.doc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"berkshirehathway.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064933/; classtype:trojan-activity;sid:83928033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.214.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064932/; classtype:trojan-activity;sid:83928032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.74.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064930/; classtype:trojan-activity;sid:83928030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.250.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064929/; classtype:trojan-activity;sid:83928029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064928)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.91.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064928/; classtype:trojan-activity;sid:83928028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064925)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.162.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064925/; classtype:trojan-activity;sid:83928025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.6.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064926/; classtype:trojan-activity;sid:83928026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064927)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.37.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064927/; classtype:trojan-activity;sid:83928027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.211.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064923/; classtype:trojan-activity;sid:83928023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.115.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064924/; classtype:trojan-activity;sid:83928024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.39.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064922/; classtype:trojan-activity;sid:83928022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.135.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064921/; classtype:trojan-activity;sid:83928021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.44.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064920/; classtype:trojan-activity;sid:83928020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.194.107.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064919/; classtype:trojan-activity;sid:83928019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.236.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064918/; classtype:trojan-activity;sid:83928018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.239.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064917/; classtype:trojan-activity;sid:83928017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.47.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064916/; classtype:trojan-activity;sid:83928016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.182.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064915/; classtype:trojan-activity;sid:83928015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.170.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064913/; classtype:trojan-activity;sid:83928013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.253.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064914/; classtype:trojan-activity;sid:83928014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.216.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064912/; classtype:trojan-activity;sid:83928012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.95.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064910/; classtype:trojan-activity;sid:83928010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064911)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.174.238.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064911/; classtype:trojan-activity;sid:83928011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064908)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.5.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064908/; classtype:trojan-activity;sid:83928008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064909)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.146.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064909/; classtype:trojan-activity;sid:83928009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064906)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.222.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064906/; classtype:trojan-activity;sid:83928006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064907)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064907/; classtype:trojan-activity;sid:83928007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.176.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064903/; classtype:trojan-activity;sid:83928003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.155.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064904/; classtype:trojan-activity;sid:83928004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.165.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064905/; classtype:trojan-activity;sid:83928005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.238.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064902/; classtype:trojan-activity;sid:83928002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.182.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064901/; classtype:trojan-activity;sid:83928001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.22.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064900/; classtype:trojan-activity;sid:83928000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.130.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064899/; classtype:trojan-activity;sid:83927999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.75.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064898/; classtype:trojan-activity;sid:83927998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.220.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064897/; classtype:trojan-activity;sid:83927997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.27.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064896/; classtype:trojan-activity;sid:83927996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.129.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064895/; classtype:trojan-activity;sid:83927995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.7.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064894/; classtype:trojan-activity;sid:83927994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.239.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064893/; classtype:trojan-activity;sid:83927993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.21.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064892/; classtype:trojan-activity;sid:83927992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.135.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064891/; classtype:trojan-activity;sid:83927991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.65.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064890/; classtype:trojan-activity;sid:83927990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.38.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064889/; classtype:trojan-activity;sid:83927989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.253.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064888/; classtype:trojan-activity;sid:83927988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064887)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.113.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064887/; classtype:trojan-activity;sid:83927987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.145.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064886/; classtype:trojan-activity;sid:83927986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.211.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064885/; classtype:trojan-activity;sid:83927985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.39.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064884/; classtype:trojan-activity;sid:83927984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.118.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064882/; classtype:trojan-activity;sid:83927982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.171.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064883/; classtype:trojan-activity;sid:83927983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.81.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064881/; classtype:trojan-activity;sid:83927981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.249.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064880/; classtype:trojan-activity;sid:83927980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064879)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.45.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064879/; classtype:trojan-activity;sid:83927979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064878)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.174.238.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064878/; classtype:trojan-activity;sid:83927978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064877)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.90.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064877/; classtype:trojan-activity;sid:83927977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.130.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064876/; classtype:trojan-activity;sid:83927976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.99.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064875/; classtype:trojan-activity;sid:83927975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.147.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064874/; classtype:trojan-activity;sid:83927974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064873)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.110.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064873/; classtype:trojan-activity;sid:83927973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064872)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.80.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064872/; classtype:trojan-activity;sid:83927972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.155.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064871/; classtype:trojan-activity;sid:83927971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.225.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064869/; classtype:trojan-activity;sid:83927969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.135.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064870/; classtype:trojan-activity;sid:83927970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.182.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064868/; classtype:trojan-activity;sid:83927968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.176.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064867/; classtype:trojan-activity;sid:83927967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.238.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064866/; classtype:trojan-activity;sid:83927966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.222.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064865/; classtype:trojan-activity;sid:83927965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.27.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064864/; classtype:trojan-activity;sid:83927964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.7.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064862/; classtype:trojan-activity;sid:83927962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.86.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064863/; classtype:trojan-activity;sid:83927963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.248.82.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064861/; classtype:trojan-activity;sid:83927961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.180.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064860/; classtype:trojan-activity;sid:83927960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.255.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064859/; classtype:trojan-activity;sid:83927959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.7.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064858/; classtype:trojan-activity;sid:83927958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.164.195.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064856/; classtype:trojan-activity;sid:83927956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.93.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064857/; classtype:trojan-activity;sid:83927957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064855)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.51.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064855/; classtype:trojan-activity;sid:83927955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.83.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064854/; classtype:trojan-activity;sid:83927954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064853)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.59.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064853/; classtype:trojan-activity;sid:83927953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.22.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064852/; classtype:trojan-activity;sid:83927952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.184.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064851/; classtype:trojan-activity;sid:83927951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.182.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064850/; classtype:trojan-activity;sid:83927950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.145.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064849/; classtype:trojan-activity;sid:83927949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.118.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064848/; classtype:trojan-activity;sid:83927948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.65.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064847/; classtype:trojan-activity;sid:83927947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.41.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064845/; classtype:trojan-activity;sid:83927945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.162.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064846/; classtype:trojan-activity;sid:83927946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.143.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064844/; classtype:trojan-activity;sid:83927944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.12.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064843/; classtype:trojan-activity;sid:83927943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.152.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064842/; classtype:trojan-activity;sid:83927942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.9.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064841/; classtype:trojan-activity;sid:83927941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.165.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064840/; classtype:trojan-activity;sid:83927940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.43.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064839/; classtype:trojan-activity;sid:83927939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.162.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064838/; classtype:trojan-activity;sid:83927938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064837)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.122.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064837/; classtype:trojan-activity;sid:83927937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064836)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.12.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064836/; classtype:trojan-activity;sid:83927936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064835)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.245.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064835/; classtype:trojan-activity;sid:83927935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.185.140.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064834/; classtype:trojan-activity;sid:83927934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064832)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.71.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064832/; classtype:trojan-activity;sid:83927932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.216.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064833/; classtype:trojan-activity;sid:83927933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.147.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064831/; classtype:trojan-activity;sid:83927931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.225.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064830/; classtype:trojan-activity;sid:83927930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.162.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064829/; classtype:trojan-activity;sid:83927929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.86.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064828/; classtype:trojan-activity;sid:83927928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.180.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064827/; classtype:trojan-activity;sid:83927927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.7.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064826/; classtype:trojan-activity;sid:83927926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.67.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064825/; classtype:trojan-activity;sid:83927925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.128.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064824/; classtype:trojan-activity;sid:83927924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.222.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064822/; classtype:trojan-activity;sid:83927922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.89.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064823/; classtype:trojan-activity;sid:83927923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.150.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064821/; classtype:trojan-activity;sid:83927921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.116.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064819/; classtype:trojan-activity;sid:83927919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.56.12.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064820/; classtype:trojan-activity;sid:83927920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064818)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.73.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064818/; classtype:trojan-activity;sid:83927918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.114.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064817/; classtype:trojan-activity;sid:83927917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.210.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064816/; classtype:trojan-activity;sid:83927916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064815)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.5.168"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064815/; classtype:trojan-activity;sid:83927915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.91.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064814/; classtype:trojan-activity;sid:83927914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.92.240.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064812/; classtype:trojan-activity;sid:83927912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.182.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064813/; classtype:trojan-activity;sid:83927913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.201.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064811/; classtype:trojan-activity;sid:83927911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.152.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064810/; classtype:trojan-activity;sid:83927910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.165.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064809/; classtype:trojan-activity;sid:83927909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.8.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064808/; classtype:trojan-activity;sid:83927908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.53.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064807/; classtype:trojan-activity;sid:83927907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.71.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064806/; classtype:trojan-activity;sid:83927906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.9.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064805/; classtype:trojan-activity;sid:83927905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064804)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.116.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064804/; classtype:trojan-activity;sid:83927904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.185.140.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064803/; classtype:trojan-activity;sid:83927903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.235.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064801/; classtype:trojan-activity;sid:83927901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.22.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064802/; classtype:trojan-activity;sid:83927902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.252.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064800/; classtype:trojan-activity;sid:83927900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.43.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064799/; classtype:trojan-activity;sid:83927899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.120.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064798/; classtype:trojan-activity;sid:83927898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.243.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064796/; classtype:trojan-activity;sid:83927896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.224.217.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064797/; classtype:trojan-activity;sid:83927897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.116.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064795/; classtype:trojan-activity;sid:83927895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.7.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064794/; classtype:trojan-activity;sid:83927894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.67.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064793/; classtype:trojan-activity;sid:83927893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.66.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064792/; classtype:trojan-activity;sid:83927892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.79.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064791/; classtype:trojan-activity;sid:83927891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.248.82.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064790/; classtype:trojan-activity;sid:83927890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.12.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064789/; classtype:trojan-activity;sid:83927889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.255.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064788/; classtype:trojan-activity;sid:83927888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.222.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064786/; classtype:trojan-activity;sid:83927886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.128.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064787/; classtype:trojan-activity;sid:83927887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.171.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064785/; classtype:trojan-activity;sid:83927885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064784)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.253.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064784/; classtype:trojan-activity;sid:83927884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064781)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.196.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064781/; classtype:trojan-activity;sid:83927881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064782)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.65.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064782/; classtype:trojan-activity;sid:83927882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064783)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.2.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064783/; classtype:trojan-activity;sid:83927883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.33.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064780/; classtype:trojan-activity;sid:83927880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.211.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064779/; classtype:trojan-activity;sid:83927879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.201.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064778/; classtype:trojan-activity;sid:83927878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.149.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064777/; classtype:trojan-activity;sid:83927877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.71.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064776/; classtype:trojan-activity;sid:83927876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.130.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064775/; classtype:trojan-activity;sid:83927875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.162.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064774/; classtype:trojan-activity;sid:83927874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.92.240.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064773/; classtype:trojan-activity;sid:83927873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.23.152"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064772/; classtype:trojan-activity;sid:83927872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064771)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.252.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064771/; classtype:trojan-activity;sid:83927871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064770)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.103.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064770/; classtype:trojan-activity;sid:83927870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.12.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064769/; classtype:trojan-activity;sid:83927869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.97.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064768/; classtype:trojan-activity;sid:83927868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064767)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.253.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064767/; classtype:trojan-activity;sid:83927867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064766)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.25.72.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064766/; classtype:trojan-activity;sid:83927866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064764)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.120.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064764/; classtype:trojan-activity;sid:83927864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064765)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.3.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064765/; classtype:trojan-activity;sid:83927865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064763)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.200.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064763/; classtype:trojan-activity;sid:83927863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.171.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064761/; classtype:trojan-activity;sid:83927861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064762)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.111.75.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064762/; classtype:trojan-activity;sid:83927862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064758)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.226.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064758/; classtype:trojan-activity;sid:83927858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064759)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.187.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064759/; classtype:trojan-activity;sid:83927859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064760)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.40.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064760/; classtype:trojan-activity;sid:83927860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064757)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.230.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064757/; classtype:trojan-activity;sid:83927857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064756)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.88.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064756/; classtype:trojan-activity;sid:83927856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.248.127.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064755/; classtype:trojan-activity;sid:83927855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.243.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064754/; classtype:trojan-activity;sid:83927854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.79.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064753/; classtype:trojan-activity;sid:83927853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.152.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064752/; classtype:trojan-activity;sid:83927852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.24.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064751/; classtype:trojan-activity;sid:83927851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.66.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064750/; classtype:trojan-activity;sid:83927850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.120.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064749/; classtype:trojan-activity;sid:83927849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064748)"; flow:established,from_client; content:"GET"; http_method; content:"/selectex-file-host/onedrive.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"185.196.10.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064748/; classtype:trojan-activity;sid:83927848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.200.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064747/; classtype:trojan-activity;sid:83927847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.68.162.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064746/; classtype:trojan-activity;sid:83927846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.81.87.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064745/; classtype:trojan-activity;sid:83927845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064744)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.67.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064744/; classtype:trojan-activity;sid:83927844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.54.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064743/; classtype:trojan-activity;sid:83927843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.224.217.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064742/; classtype:trojan-activity;sid:83927842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064741)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.147.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064741/; classtype:trojan-activity;sid:83927841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.246.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064740/; classtype:trojan-activity;sid:83927840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.92.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064738/; classtype:trojan-activity;sid:83927838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064739)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.92.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064739/; classtype:trojan-activity;sid:83927839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.176.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064737/; classtype:trojan-activity;sid:83927837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.158.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064735/; classtype:trojan-activity;sid:83927835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.211.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064736/; classtype:trojan-activity;sid:83927836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.128.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064734/; classtype:trojan-activity;sid:83927834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.9.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064731/; classtype:trojan-activity;sid:83927831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.169.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064732/; classtype:trojan-activity;sid:83927832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.26.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064733/; classtype:trojan-activity;sid:83927833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.173.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064730/; classtype:trojan-activity;sid:83927830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.204.196.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064729/; classtype:trojan-activity;sid:83927829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.40.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064728/; classtype:trojan-activity;sid:83927828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.198.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064727/; classtype:trojan-activity;sid:83927827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.201.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064726/; classtype:trojan-activity;sid:83927826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"210.19.69.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064725/; classtype:trojan-activity;sid:83927825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.188.91.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064722/; classtype:trojan-activity;sid:83927822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.250.50.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064723/; classtype:trojan-activity;sid:83927823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.209.250.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064724/; classtype:trojan-activity;sid:83927824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.49.102.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064721/; classtype:trojan-activity;sid:83927821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064720/; classtype:trojan-activity;sid:83927820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.215.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064719/; classtype:trojan-activity;sid:83927819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.97.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064718/; classtype:trojan-activity;sid:83927818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.9.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064717/; classtype:trojan-activity;sid:83927817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064716)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.141.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064716/; classtype:trojan-activity;sid:83927816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.23.152"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064715/; classtype:trojan-activity;sid:83927815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064714)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.95.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064714/; classtype:trojan-activity;sid:83927814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.248.127.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064713/; classtype:trojan-activity;sid:83927813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064712)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.106.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064712/; classtype:trojan-activity;sid:83927812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.92.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064710/; classtype:trojan-activity;sid:83927810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.212.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064711/; classtype:trojan-activity;sid:83927811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064709)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.106.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064709/; classtype:trojan-activity;sid:83927809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.12.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064708/; classtype:trojan-activity;sid:83927808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.174.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064707/; classtype:trojan-activity;sid:83927807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.13.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064706/; classtype:trojan-activity;sid:83927806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.68.162.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064705/; classtype:trojan-activity;sid:83927805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.159.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064704/; classtype:trojan-activity;sid:83927804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.55.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064703/; classtype:trojan-activity;sid:83927803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.239.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064702/; classtype:trojan-activity;sid:83927802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.24.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064701/; classtype:trojan-activity;sid:83927801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.144.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064700/; classtype:trojan-activity;sid:83927800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.183.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064699/; classtype:trojan-activity;sid:83927799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.54.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064698/; classtype:trojan-activity;sid:83927798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.127.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064697/; classtype:trojan-activity;sid:83927797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.9.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064696/; classtype:trojan-activity;sid:83927796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064694)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.55.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064694/; classtype:trojan-activity;sid:83927794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064695)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.48.29.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064695/; classtype:trojan-activity;sid:83927795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064693)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.164.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064693/; classtype:trojan-activity;sid:83927793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.92.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064692/; classtype:trojan-activity;sid:83927792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.17.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064690/; classtype:trojan-activity;sid:83927790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064691)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.42.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064691/; classtype:trojan-activity;sid:83927791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.246.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064689/; classtype:trojan-activity;sid:83927789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064688)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.74.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064688/; classtype:trojan-activity;sid:83927788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.169.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064687/; classtype:trojan-activity;sid:83927787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.173.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064686/; classtype:trojan-activity;sid:83927786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.198.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064685/; classtype:trojan-activity;sid:83927785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.215.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064684/; classtype:trojan-activity;sid:83927784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.209.250.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064683/; classtype:trojan-activity;sid:83927783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.208.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064682/; classtype:trojan-activity;sid:83927782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.125.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064681/; classtype:trojan-activity;sid:83927781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.32.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064680/; classtype:trojan-activity;sid:83927780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.156.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064679/; classtype:trojan-activity;sid:83927779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.163.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064678/; classtype:trojan-activity;sid:83927778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.226.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064676/; classtype:trojan-activity;sid:83927776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.39.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064677/; classtype:trojan-activity;sid:83927777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.113.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064675/; classtype:trojan-activity;sid:83927775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064674/; classtype:trojan-activity;sid:83927774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064673)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.246.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064673/; classtype:trojan-activity;sid:83927773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064672)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.121.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064672/; classtype:trojan-activity;sid:83927772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.232.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064671/; classtype:trojan-activity;sid:83927771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.29.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064670/; classtype:trojan-activity;sid:83927770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064669)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.152.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064669/; classtype:trojan-activity;sid:83927769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.77.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064667/; classtype:trojan-activity;sid:83927767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.13.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064668/; classtype:trojan-activity;sid:83927768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.170.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064666/; classtype:trojan-activity;sid:83927766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.121.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064665/; classtype:trojan-activity;sid:83927765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.35.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064664/; classtype:trojan-activity;sid:83927764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.13.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064663/; classtype:trojan-activity;sid:83927763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.152.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064662/; classtype:trojan-activity;sid:83927762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.55.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064661/; classtype:trojan-activity;sid:83927761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.183.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064659/; classtype:trojan-activity;sid:83927759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.9.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064660/; classtype:trojan-activity;sid:83927760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.57.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064658/; classtype:trojan-activity;sid:83927758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.253.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064657/; classtype:trojan-activity;sid:83927757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.2.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064656/; classtype:trojan-activity;sid:83927756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.17.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064655/; classtype:trojan-activity;sid:83927755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.250.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064654/; classtype:trojan-activity;sid:83927754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064653)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.67.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064653/; classtype:trojan-activity;sid:83927753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064652)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.218.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064652/; classtype:trojan-activity;sid:83927752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064651)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.169.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064651/; classtype:trojan-activity;sid:83927751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.173.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064650/; classtype:trojan-activity;sid:83927750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.245.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064649/; classtype:trojan-activity;sid:83927749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064647)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.156.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064647/; classtype:trojan-activity;sid:83927747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.26.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064648/; classtype:trojan-activity;sid:83927748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.66.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064646/; classtype:trojan-activity;sid:83927746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064645)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.39.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064645/; classtype:trojan-activity;sid:83927745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.70.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064644/; classtype:trojan-activity;sid:83927744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.163.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064643/; classtype:trojan-activity;sid:83927743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.215.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064642/; classtype:trojan-activity;sid:83927742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.226.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064641/; classtype:trojan-activity;sid:83927741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064640)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.75.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064640/; classtype:trojan-activity;sid:83927740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.92.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064639/; classtype:trojan-activity;sid:83927739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.176.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064638/; classtype:trojan-activity;sid:83927738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.113.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064637/; classtype:trojan-activity;sid:83927737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.195.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064636/; classtype:trojan-activity;sid:83927736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.212.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064635/; classtype:trojan-activity;sid:83927735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.250.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064634/; classtype:trojan-activity;sid:83927734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.67.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064633/; classtype:trojan-activity;sid:83927733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.77.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064632/; classtype:trojan-activity;sid:83927732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064631)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.36.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064631/; classtype:trojan-activity;sid:83927731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064630)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.135.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064630/; classtype:trojan-activity;sid:83927730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.116.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064629/; classtype:trojan-activity;sid:83927729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.208.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064628/; classtype:trojan-activity;sid:83927728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064626)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.232.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064626/; classtype:trojan-activity;sid:83927726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.247.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064627/; classtype:trojan-activity;sid:83927727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.103.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064624/; classtype:trojan-activity;sid:83927724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.13.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064625/; classtype:trojan-activity;sid:83927725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.2.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064623/; classtype:trojan-activity;sid:83927723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.29.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064622/; classtype:trojan-activity;sid:83927722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.84.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064621/; classtype:trojan-activity;sid:83927721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064620)"; flow:established,from_client; content:"GET"; http_method; content:"/selectex-file-host/lobo.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.196.10.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064620/; classtype:trojan-activity;sid:83927720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.142.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064619/; classtype:trojan-activity;sid:83927719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.32.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064618/; classtype:trojan-activity;sid:83927718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.197.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064617/; classtype:trojan-activity;sid:83927717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.165.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064616/; classtype:trojan-activity;sid:83927716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.248.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064615/; classtype:trojan-activity;sid:83927715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.142.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064614/; classtype:trojan-activity;sid:83927714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.44.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064613/; classtype:trojan-activity;sid:83927713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.149.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064612/; classtype:trojan-activity;sid:83927712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.70.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064611/; classtype:trojan-activity;sid:83927711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.50.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064610/; classtype:trojan-activity;sid:83927710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.199.110.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064609/; classtype:trojan-activity;sid:83927709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.109.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064608/; classtype:trojan-activity;sid:83927708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.165.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064607/; classtype:trojan-activity;sid:83927707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.18.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064606/; classtype:trojan-activity;sid:83927706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.176.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064605/; classtype:trojan-activity;sid:83927705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.95.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064604/; classtype:trojan-activity;sid:83927704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.21.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064603/; classtype:trojan-activity;sid:83927703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.80.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064602/; classtype:trojan-activity;sid:83927702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.181.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064601/; classtype:trojan-activity;sid:83927701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.22.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064600/; classtype:trojan-activity;sid:83927700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.67.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064599/; classtype:trojan-activity;sid:83927699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064598)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/883251305496317956/1265247046185779231/plgo.txt|3f|ex=66a0d0a2|7c|26|7c|is=669f7f22|7c|26|7c|hm=5bcedc02ce3cb37a1005b429d23216580c42607833cb487bab4a4e2bf50bbfec"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064598/; classtype:trojan-activity;sid:83927698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.163.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064597/; classtype:trojan-activity;sid:83927697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.245.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064596/; classtype:trojan-activity;sid:83927696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.103.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064595/; classtype:trojan-activity;sid:83927695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064594)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/4dcsc0uk/paste1.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pastecode.dev"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064594/; classtype:trojan-activity;sid:83927694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.24.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064593/; classtype:trojan-activity;sid:83927693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.208.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064592/; classtype:trojan-activity;sid:83927692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.6.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064591/; classtype:trojan-activity;sid:83927691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064589)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.123.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064589/; classtype:trojan-activity;sid:83927689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064590)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.12.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064590/; classtype:trojan-activity;sid:83927690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.232.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064588/; classtype:trojan-activity;sid:83927688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.247.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064587/; classtype:trojan-activity;sid:83927687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.124.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064586/; classtype:trojan-activity;sid:83927686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.117.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064585/; classtype:trojan-activity;sid:83927685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.152.9.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064584/; classtype:trojan-activity;sid:83927684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064583)"; flow:established,from_client; content:"GET"; http_method; content:"/wrcbyaz24.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.246.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064583/; classtype:trojan-activity;sid:83927683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.84.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064582/; classtype:trojan-activity;sid:83927682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.180.164.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064581/; classtype:trojan-activity;sid:83927681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.221.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064580/; classtype:trojan-activity;sid:83927680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.164.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064579/; classtype:trojan-activity;sid:83927679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.223.143.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064578/; classtype:trojan-activity;sid:83927678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.58.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064577/; classtype:trojan-activity;sid:83927677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.19.69.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064576/; classtype:trojan-activity;sid:83927676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.39.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064575/; classtype:trojan-activity;sid:83927675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.29.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064574/; classtype:trojan-activity;sid:83927674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.1.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064573/; classtype:trojan-activity;sid:83927673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.166.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064572/; classtype:trojan-activity;sid:83927672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.162.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064571/; classtype:trojan-activity;sid:83927671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.218.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064570/; classtype:trojan-activity;sid:83927670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.164.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064567/; classtype:trojan-activity;sid:83927667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.180.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064568/; classtype:trojan-activity;sid:83927668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.197.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064569/; classtype:trojan-activity;sid:83927669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064566)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.242.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064566/; classtype:trojan-activity;sid:83927666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064565)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.223.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064565/; classtype:trojan-activity;sid:83927665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064563)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064563/; classtype:trojan-activity;sid:83927663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.169.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064564/; classtype:trojan-activity;sid:83927664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064562/; classtype:trojan-activity;sid:83927662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.181.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064560/; classtype:trojan-activity;sid:83927660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.215.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064561/; classtype:trojan-activity;sid:83927661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.95.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064559/; classtype:trojan-activity;sid:83927659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.109.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064558/; classtype:trojan-activity;sid:83927658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.80.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064557/; classtype:trojan-activity;sid:83927657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.42.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064556/; classtype:trojan-activity;sid:83927656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.249.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064555/; classtype:trojan-activity;sid:83927655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.213.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064553/; classtype:trojan-activity;sid:83927653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.85.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064554/; classtype:trojan-activity;sid:83927654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.116.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064551/; classtype:trojan-activity;sid:83927651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.22.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064552/; classtype:trojan-activity;sid:83927652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.234.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064549/; classtype:trojan-activity;sid:83927649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.36.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064550/; classtype:trojan-activity;sid:83927650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064544)"; flow:established,from_client; content:"GET"; http_method; content:"/update/office365crowndstrike.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"crowndstrikeoffice365.blob.core.windows.net"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064544/; classtype:trojan-activity;sid:83927644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064545)"; flow:established,from_client; content:"GET"; http_method; content:"/faile/msoffice365update.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"office365updatter.blob.core.windows.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064545/; classtype:trojan-activity;sid:83927645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064546)"; flow:established,from_client; content:"GET"; http_method; content:"/portal/msoffice365update.rar"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"systemwidowsupdate.blob.core.windows.net"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064546/; classtype:trojan-activity;sid:83927646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064547)"; flow:established,from_client; content:"GET"; http_method; content:"/safe/office365crowndstrike.rar"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"msoffice365updater.blob.core.windows.net"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064547/; classtype:trojan-activity;sid:83927647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064548)"; flow:established,from_client; content:"GET"; http_method; content:"/local/widowssystem-update.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"updatemsoffice365.blob.core.windows.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064548/; classtype:trojan-activity;sid:83927648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064542)"; flow:established,from_client; content:"GET"; http_method; content:"/bolt/msoffice365update.msi"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"updatemsoffice.blob.core.windows.net"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064542/; classtype:trojan-activity;sid:83927642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064543)"; flow:established,from_client; content:"GET"; http_method; content:"/overview/office365crowndstrike.msi"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"msofflce365ypdate.blob.core.windows.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064543/; classtype:trojan-activity;sid:83927643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.86.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064541/; classtype:trojan-activity;sid:83927641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064540)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.119.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064540/; classtype:trojan-activity;sid:83927640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064539)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.140.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064539/; classtype:trojan-activity;sid:83927639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064538)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.226.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064538/; classtype:trojan-activity;sid:83927638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064536)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.71.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064536/; classtype:trojan-activity;sid:83927636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.162.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064537/; classtype:trojan-activity;sid:83927637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.4.183.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064535/; classtype:trojan-activity;sid:83927635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.150.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064534/; classtype:trojan-activity;sid:83927634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.24.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064533/; classtype:trojan-activity;sid:83927633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.117.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064532/; classtype:trojan-activity;sid:83927632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.168.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064531/; classtype:trojan-activity;sid:83927631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.180.164.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064530/; classtype:trojan-activity;sid:83927630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.54.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064529/; classtype:trojan-activity;sid:83927629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.223.143.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064528/; classtype:trojan-activity;sid:83927628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.67.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064527/; classtype:trojan-activity;sid:83927627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064526/; classtype:trojan-activity;sid:83927626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.163.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064525/; classtype:trojan-activity;sid:83927625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.100.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064523/; classtype:trojan-activity;sid:83927623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064524/; classtype:trojan-activity;sid:83927624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.30.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064522/; classtype:trojan-activity;sid:83927622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064521)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.232.104.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064521/; classtype:trojan-activity;sid:83927621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.34.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064520/; classtype:trojan-activity;sid:83927620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064519/; classtype:trojan-activity;sid:83927619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.26.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064518/; classtype:trojan-activity;sid:83927618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064517)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.195.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064517/; classtype:trojan-activity;sid:83927617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.197.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064516/; classtype:trojan-activity;sid:83927616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.88.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064515/; classtype:trojan-activity;sid:83927615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.85.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064514/; classtype:trojan-activity;sid:83927614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.213.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064513/; classtype:trojan-activity;sid:83927613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064512)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.78.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064512/; classtype:trojan-activity;sid:83927612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.174.155.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064510/; classtype:trojan-activity;sid:83927610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.174.155.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064511/; classtype:trojan-activity;sid:83927611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064509)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.220.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064509/; classtype:trojan-activity;sid:83927609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064508)"; flow:established,from_client; content:"GET"; http_method; content:"/oonneseevenfiiveeefillz.jpg"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"104.243.47.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064508/; classtype:trojan-activity;sid:83927608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064507)"; flow:established,from_client; content:"GET"; http_method; content:"/oonneseevenfiiveeefillz.txt"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"104.243.47.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064507/; classtype:trojan-activity;sid:83927607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.49.102.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064505/; classtype:trojan-activity;sid:83927605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.116.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064506/; classtype:trojan-activity;sid:83927606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.234.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064504/; classtype:trojan-activity;sid:83927604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064503)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.86.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064503/; classtype:trojan-activity;sid:83927603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.9.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064502/; classtype:trojan-activity;sid:83927602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.92.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064501/; classtype:trojan-activity;sid:83927601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.182.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064500/; classtype:trojan-activity;sid:83927600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064499)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.9.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064499/; classtype:trojan-activity;sid:83927599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064498/; classtype:trojan-activity;sid:83927598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064497)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.64.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064497/; classtype:trojan-activity;sid:83927597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.32.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064496/; classtype:trojan-activity;sid:83927596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.166.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064495/; classtype:trojan-activity;sid:83927595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064493)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.181.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064493/; classtype:trojan-activity;sid:83927593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064494)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.52.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064494/; classtype:trojan-activity;sid:83927594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.99.226"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064491/; classtype:trojan-activity;sid:83927591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064492)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.114.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064492/; classtype:trojan-activity;sid:83927592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064486)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.118.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064486/; classtype:trojan-activity;sid:83927586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064487)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.98.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064487/; classtype:trojan-activity;sid:83927587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.164.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064488/; classtype:trojan-activity;sid:83927588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064489)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.56.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064489/; classtype:trojan-activity;sid:83927589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.86.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064490/; classtype:trojan-activity;sid:83927590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064485)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.197.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064485/; classtype:trojan-activity;sid:83927585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064483)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064483/; classtype:trojan-activity;sid:83927583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064484)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.120.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064484/; classtype:trojan-activity;sid:83927584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.103.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064482/; classtype:trojan-activity;sid:83927582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.13.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064480/; classtype:trojan-activity;sid:83927580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.80.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064481/; classtype:trojan-activity;sid:83927581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.52.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064479/; classtype:trojan-activity;sid:83927579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.202.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064478/; classtype:trojan-activity;sid:83927578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064477)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.66.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064477/; classtype:trojan-activity;sid:83927577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.216.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064476/; classtype:trojan-activity;sid:83927576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.253.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064474/; classtype:trojan-activity;sid:83927574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064475)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.85.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064475/; classtype:trojan-activity;sid:83927575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.172.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064472/; classtype:trojan-activity;sid:83927572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.150.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064473/; classtype:trojan-activity;sid:83927573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.85.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064471/; classtype:trojan-activity;sid:83927571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.1.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064470/; classtype:trojan-activity;sid:83927570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.73.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064469/; classtype:trojan-activity;sid:83927569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.77.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064468/; classtype:trojan-activity;sid:83927568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.4.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064467/; classtype:trojan-activity;sid:83927567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.50.100"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064465/; classtype:trojan-activity;sid:83927565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.168.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064466/; classtype:trojan-activity;sid:83927566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.149.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064464/; classtype:trojan-activity;sid:83927564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.119.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064463/; classtype:trojan-activity;sid:83927563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064462)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.68.130.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064462/; classtype:trojan-activity;sid:83927562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064459)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.10.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064459/; classtype:trojan-activity;sid:83927559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.88.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064460/; classtype:trojan-activity;sid:83927560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.168.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064461/; classtype:trojan-activity;sid:83927561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064458)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.57.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064458/; classtype:trojan-activity;sid:83927558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.96.25.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064456/; classtype:trojan-activity;sid:83927556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.100.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064457/; classtype:trojan-activity;sid:83927557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.189.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064455/; classtype:trojan-activity;sid:83927555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.165.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064453/; classtype:trojan-activity;sid:83927553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.253.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064454/; classtype:trojan-activity;sid:83927554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.150.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064452/; classtype:trojan-activity;sid:83927552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.2.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064450/; classtype:trojan-activity;sid:83927550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.242.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064451/; classtype:trojan-activity;sid:83927551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.25.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064449/; classtype:trojan-activity;sid:83927549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.26.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064448/; classtype:trojan-activity;sid:83927548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.99.226"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064447/; classtype:trojan-activity;sid:83927547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.116.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064445/; classtype:trojan-activity;sid:83927545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.183.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064446/; classtype:trojan-activity;sid:83927546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.202.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064444/; classtype:trojan-activity;sid:83927544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.41.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064443/; classtype:trojan-activity;sid:83927543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064442)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.25.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064442/; classtype:trojan-activity;sid:83927542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.13.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064441/; classtype:trojan-activity;sid:83927541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.103.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064437/; classtype:trojan-activity;sid:83927537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.52.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064438/; classtype:trojan-activity;sid:83927538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064439)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.78.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064439/; classtype:trojan-activity;sid:83927539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064440)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.121.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064440/; classtype:trojan-activity;sid:83927540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.172.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064436/; classtype:trojan-activity;sid:83927536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.85.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064434/; classtype:trojan-activity;sid:83927534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.165.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064435/; classtype:trojan-activity;sid:83927535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.69.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064433/; classtype:trojan-activity;sid:83927533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.173.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064432/; classtype:trojan-activity;sid:83927532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.3.71"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064431/; classtype:trojan-activity;sid:83927531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.168.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064430/; classtype:trojan-activity;sid:83927530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.50.100"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064429/; classtype:trojan-activity;sid:83927529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.86.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064428/; classtype:trojan-activity;sid:83927528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.126.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064427/; classtype:trojan-activity;sid:83927527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.119.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064426/; classtype:trojan-activity;sid:83927526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.92.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064425/; classtype:trojan-activity;sid:83927525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.216.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064424/; classtype:trojan-activity;sid:83927524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064423)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.120.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064423/; classtype:trojan-activity;sid:83927523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064422)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.185.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064422/; classtype:trojan-activity;sid:83927522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.125.113.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064421/; classtype:trojan-activity;sid:83927521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.218.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064420/; classtype:trojan-activity;sid:83927520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064419/; classtype:trojan-activity;sid:83927519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.218.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064418/; classtype:trojan-activity;sid:83927518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.116.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064417/; classtype:trojan-activity;sid:83927517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.202.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064415/; classtype:trojan-activity;sid:83927515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.147.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064416/; classtype:trojan-activity;sid:83927516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.162.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064414/; classtype:trojan-activity;sid:83927514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.11.138"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064413/; classtype:trojan-activity;sid:83927513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.41.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064412/; classtype:trojan-activity;sid:83927512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.17.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064411/; classtype:trojan-activity;sid:83927511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064410)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic1.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"mussangroup.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064410/; classtype:trojan-activity;sid:83927510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.183.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064409/; classtype:trojan-activity;sid:83927509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.100.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064408/; classtype:trojan-activity;sid:83927508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064407)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.197.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064407/; classtype:trojan-activity;sid:83927507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.194.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064405/; classtype:trojan-activity;sid:83927505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064406)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.38.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064406/; classtype:trojan-activity;sid:83927506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.165.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064404/; classtype:trojan-activity;sid:83927504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.69.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064403/; classtype:trojan-activity;sid:83927503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.173.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064402/; classtype:trojan-activity;sid:83927502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.249.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064401/; classtype:trojan-activity;sid:83927501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064400)"; flow:established,from_client; content:"GET"; http_method; content:"/selectex-file-host/authenticator.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"185.196.10.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064400/; classtype:trojan-activity;sid:83927500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064399)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.165.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064399/; classtype:trojan-activity;sid:83927499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.184.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064397/; classtype:trojan-activity;sid:83927497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.40.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064398/; classtype:trojan-activity;sid:83927498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.31.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064396/; classtype:trojan-activity;sid:83927496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.36.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064395/; classtype:trojan-activity;sid:83927495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.219.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064394/; classtype:trojan-activity;sid:83927494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.242.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064393/; classtype:trojan-activity;sid:83927493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.221.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064392/; classtype:trojan-activity;sid:83927492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.141.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064390/; classtype:trojan-activity;sid:83927490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.48.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064391/; classtype:trojan-activity;sid:83927491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.60.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064388/; classtype:trojan-activity;sid:83927488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.4.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064389/; classtype:trojan-activity;sid:83927489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.147.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064386/; classtype:trojan-activity;sid:83927486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.0.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064387/; classtype:trojan-activity;sid:83927487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064383)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.177.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064383/; classtype:trojan-activity;sid:83927483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064384)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.88.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064384/; classtype:trojan-activity;sid:83927484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064385)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.215.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064385/; classtype:trojan-activity;sid:83927485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.218.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064382/; classtype:trojan-activity;sid:83927482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064381)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.163.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064381/; classtype:trojan-activity;sid:83927481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064380)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.78.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064380/; classtype:trojan-activity;sid:83927480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064379)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.197.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064379/; classtype:trojan-activity;sid:83927479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.131.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064378/; classtype:trojan-activity;sid:83927478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.113.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064377/; classtype:trojan-activity;sid:83927477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.239.77.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064376/; classtype:trojan-activity;sid:83927476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.17.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064375/; classtype:trojan-activity;sid:83927475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.7.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064374/; classtype:trojan-activity;sid:83927474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.93.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064373/; classtype:trojan-activity;sid:83927473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.210.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064372/; classtype:trojan-activity;sid:83927472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.249.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064371/; classtype:trojan-activity;sid:83927471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.213.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064370/; classtype:trojan-activity;sid:83927470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.129.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064369/; classtype:trojan-activity;sid:83927469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.183.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064367/; classtype:trojan-activity;sid:83927467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.68.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064368/; classtype:trojan-activity;sid:83927468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.37.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064366/; classtype:trojan-activity;sid:83927466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064365)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.54.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064365/; classtype:trojan-activity;sid:83927465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.202.217.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064364/; classtype:trojan-activity;sid:83927464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.196.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064363/; classtype:trojan-activity;sid:83927463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.64.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064362/; classtype:trojan-activity;sid:83927462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.88.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064360/; classtype:trojan-activity;sid:83927460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.184.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064361/; classtype:trojan-activity;sid:83927461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.175.161.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064359/; classtype:trojan-activity;sid:83927459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.239.77.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064358/; classtype:trojan-activity;sid:83927458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.31.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064357/; classtype:trojan-activity;sid:83927457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.248.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064356/; classtype:trojan-activity;sid:83927456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.126.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064352/; classtype:trojan-activity;sid:83927452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064353)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.231.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064353/; classtype:trojan-activity;sid:83927453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.43.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064354/; classtype:trojan-activity;sid:83927454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.99.18.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064355/; classtype:trojan-activity;sid:83927455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.20.139.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064351/; classtype:trojan-activity;sid:83927451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.40.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064350/; classtype:trojan-activity;sid:83927450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064349)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.131.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064349/; classtype:trojan-activity;sid:83927449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.48.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064348/; classtype:trojan-activity;sid:83927448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.217.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064347/; classtype:trojan-activity;sid:83927447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.36.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064346/; classtype:trojan-activity;sid:83927446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064344)"; flow:established,from_client; content:"GET"; http_method; content:"/937/gcc/iamverysimplemanwhowanttobecomealoyalpersonbutnotknowwhyeverythingsoofargoingwrongway____unexpectedmovementhappeningaround.doc"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"46.183.222.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064344/; classtype:trojan-activity;sid:83927444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064345)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/bnc/bn/verygoodthingstobegreatadvancesystemtakecareofyourthingstobebackwithnewthingsgetback____________sweeetthingshappenegirl.doc"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"198.46.174.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064345/; classtype:trojan-activity;sid:83927445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.147.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064343/; classtype:trojan-activity;sid:83927443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.32.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064342/; classtype:trojan-activity;sid:83927442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.215.172.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064341/; classtype:trojan-activity;sid:83927441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.129.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064340/; classtype:trojan-activity;sid:83927440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.253.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064339/; classtype:trojan-activity;sid:83927439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.7.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064338/; classtype:trojan-activity;sid:83927438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.68.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064337/; classtype:trojan-activity;sid:83927437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.173.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064336/; classtype:trojan-activity;sid:83927436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.52.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064335/; classtype:trojan-activity;sid:83927435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.47.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064334/; classtype:trojan-activity;sid:83927434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.190.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064333/; classtype:trojan-activity;sid:83927433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.235.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064332/; classtype:trojan-activity;sid:83927432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.210.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064331/; classtype:trojan-activity;sid:83927431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.228.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064330/; classtype:trojan-activity;sid:83927430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064329)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.142.253.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064329/; classtype:trojan-activity;sid:83927429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.175.161.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064328/; classtype:trojan-activity;sid:83927428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064327)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.228.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064327/; classtype:trojan-activity;sid:83927427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.99.18.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064326/; classtype:trojan-activity;sid:83927426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064325)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.93.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064325/; classtype:trojan-activity;sid:83927425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.88.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064324/; classtype:trojan-activity;sid:83927424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064323)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.180.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064323/; classtype:trojan-activity;sid:83927423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.196.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064322/; classtype:trojan-activity;sid:83927422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.183.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064320/; classtype:trojan-activity;sid:83927420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.221.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064321/; classtype:trojan-activity;sid:83927421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.231.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064319/; classtype:trojan-activity;sid:83927419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.16.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064318/; classtype:trojan-activity;sid:83927418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.47.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064317/; classtype:trojan-activity;sid:83927417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.163.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064316/; classtype:trojan-activity;sid:83927416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.82.114.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064315/; classtype:trojan-activity;sid:83927415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.97.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064313/; classtype:trojan-activity;sid:83927413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.43.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064314/; classtype:trojan-activity;sid:83927414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.96.25.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064312/; classtype:trojan-activity;sid:83927412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.219.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064311/; classtype:trojan-activity;sid:83927411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.167.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064309/; classtype:trojan-activity;sid:83927409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.91.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064310/; classtype:trojan-activity;sid:83927410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064307)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.211.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064307/; classtype:trojan-activity;sid:83927407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.215.172.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064308/; classtype:trojan-activity;sid:83927408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.141.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064306/; classtype:trojan-activity;sid:83927406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.146.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064305/; classtype:trojan-activity;sid:83927405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.60.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064304/; classtype:trojan-activity;sid:83927404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064303)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.19.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064303/; classtype:trojan-activity;sid:83927403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.90.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064301/; classtype:trojan-activity;sid:83927401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.184.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064302/; classtype:trojan-activity;sid:83927402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.0.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064299/; classtype:trojan-activity;sid:83927399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.89.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064300/; classtype:trojan-activity;sid:83927400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.47.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064298/; classtype:trojan-activity;sid:83927398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.74.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064297/; classtype:trojan-activity;sid:83927397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.172.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064296/; classtype:trojan-activity;sid:83927396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.221.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064295/; classtype:trojan-activity;sid:83927395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.235.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064294/; classtype:trojan-activity;sid:83927394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.92.194.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064293/; classtype:trojan-activity;sid:83927393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.170.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064292/; classtype:trojan-activity;sid:83927392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.228.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064291/; classtype:trojan-activity;sid:83927391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.202.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064290/; classtype:trojan-activity;sid:83927390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.161.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064289/; classtype:trojan-activity;sid:83927389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064288)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.86.217"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064288/; classtype:trojan-activity;sid:83927388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064286)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.182.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064286/; classtype:trojan-activity;sid:83927386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064287)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.88.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064287/; classtype:trojan-activity;sid:83927387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.93.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064285/; classtype:trojan-activity;sid:83927385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.183.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064284/; classtype:trojan-activity;sid:83927384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.92.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064282/; classtype:trojan-activity;sid:83927382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.221.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064283/; classtype:trojan-activity;sid:83927383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.82.114.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064281/; classtype:trojan-activity;sid:83927381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.33.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064280/; classtype:trojan-activity;sid:83927380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.16.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064278/; classtype:trojan-activity;sid:83927378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.67.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064279/; classtype:trojan-activity;sid:83927379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.211.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064277/; classtype:trojan-activity;sid:83927377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.204.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064276/; classtype:trojan-activity;sid:83927376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.146.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064275/; classtype:trojan-activity;sid:83927375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.219.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064274/; classtype:trojan-activity;sid:83927374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.89.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064273/; classtype:trojan-activity;sid:83927373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.129.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064272/; classtype:trojan-activity;sid:83927372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.0.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064271/; classtype:trojan-activity;sid:83927371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.188.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064270/; classtype:trojan-activity;sid:83927370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.31.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064269/; classtype:trojan-activity;sid:83927369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.184.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064268/; classtype:trojan-activity;sid:83927368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064267)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.31.203.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064267/; classtype:trojan-activity;sid:83927367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.185.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064266/; classtype:trojan-activity;sid:83927366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.92.194.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064265/; classtype:trojan-activity;sid:83927365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.169.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064263/; classtype:trojan-activity;sid:83927363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.221.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064264/; classtype:trojan-activity;sid:83927364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.74.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064262/; classtype:trojan-activity;sid:83927362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.172.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064261/; classtype:trojan-activity;sid:83927361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.176.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064260/; classtype:trojan-activity;sid:83927360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.215.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064259/; classtype:trojan-activity;sid:83927359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.216.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064258/; classtype:trojan-activity;sid:83927358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.161.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064257/; classtype:trojan-activity;sid:83927357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.212.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064255/; classtype:trojan-activity;sid:83927355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.161.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064256/; classtype:trojan-activity;sid:83927356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064253)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.202.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064253/; classtype:trojan-activity;sid:83927353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064254)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.95.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064254/; classtype:trojan-activity;sid:83927354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064252)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.95.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064252/; classtype:trojan-activity;sid:83927352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064251)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.87.224.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064251/; classtype:trojan-activity;sid:83927351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064250)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.185.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064250/; classtype:trojan-activity;sid:83927350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064249)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.130.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064249/; classtype:trojan-activity;sid:83927349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064248)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.70.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064248/; classtype:trojan-activity;sid:83927348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064244)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.142.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064244/; classtype:trojan-activity;sid:83927344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064245)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.176.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064245/; classtype:trojan-activity;sid:83927345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064246)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.94.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064246/; classtype:trojan-activity;sid:83927346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064247)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.51.148.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064247/; classtype:trojan-activity;sid:83927347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064243)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.112.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064243/; classtype:trojan-activity;sid:83927343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064242)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.17.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064242/; classtype:trojan-activity;sid:83927342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064239)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.143.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064239/; classtype:trojan-activity;sid:83927339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064240)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.174.238.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064240/; classtype:trojan-activity;sid:83927340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064241)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.239.38.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064241/; classtype:trojan-activity;sid:83927341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064238)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.36.53.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064238/; classtype:trojan-activity;sid:83927338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.150.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064237/; classtype:trojan-activity;sid:83927337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064236)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.198.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064236/; classtype:trojan-activity;sid:83927336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.80.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064234/; classtype:trojan-activity;sid:83927334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.92.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064235/; classtype:trojan-activity;sid:83927335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.184.135.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064233/; classtype:trojan-activity;sid:83927333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.167.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064232/; classtype:trojan-activity;sid:83927332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.2.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064230/; classtype:trojan-activity;sid:83927330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.93.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064231/; classtype:trojan-activity;sid:83927331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.210.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064229/; classtype:trojan-activity;sid:83927329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.25.195"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064228/; classtype:trojan-activity;sid:83927328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.215.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064226/; classtype:trojan-activity;sid:83927326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.188.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064227/; classtype:trojan-activity;sid:83927327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.67.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064224/; classtype:trojan-activity;sid:83927324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.27.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064225/; classtype:trojan-activity;sid:83927325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.169.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064223/; classtype:trojan-activity;sid:83927323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.93.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064222/; classtype:trojan-activity;sid:83927322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.69.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064221/; classtype:trojan-activity;sid:83927321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.173.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064220/; classtype:trojan-activity;sid:83927320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064218)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.71.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064218/; classtype:trojan-activity;sid:83927318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.102.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064219/; classtype:trojan-activity;sid:83927319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.117.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064217/; classtype:trojan-activity;sid:83927317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.225.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064215/; classtype:trojan-activity;sid:83927315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.222.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064216/; classtype:trojan-activity;sid:83927316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.100.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064214/; classtype:trojan-activity;sid:83927314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064213)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.155.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064213/; classtype:trojan-activity;sid:83927313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.210.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064212/; classtype:trojan-activity;sid:83927312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.251.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064211/; classtype:trojan-activity;sid:83927311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.216.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064210/; classtype:trojan-activity;sid:83927310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.120.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064209/; classtype:trojan-activity;sid:83927309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.242.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064208/; classtype:trojan-activity;sid:83927308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.212.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064207/; classtype:trojan-activity;sid:83927307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.161.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064205/; classtype:trojan-activity;sid:83927305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.80.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064206/; classtype:trojan-activity;sid:83927306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064204)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.180.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064204/; classtype:trojan-activity;sid:83927304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.161.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064203/; classtype:trojan-activity;sid:83927303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064202)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.8.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064202/; classtype:trojan-activity;sid:83927302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064201)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.34.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064201/; classtype:trojan-activity;sid:83927301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.2.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064200/; classtype:trojan-activity;sid:83927300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.184.135.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064198/; classtype:trojan-activity;sid:83927298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.163.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064199/; classtype:trojan-activity;sid:83927299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.93.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064197/; classtype:trojan-activity;sid:83927297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.182.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064196/; classtype:trojan-activity;sid:83927296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.27.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064195/; classtype:trojan-activity;sid:83927295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.215.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064194/; classtype:trojan-activity;sid:83927294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.188.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064193/; classtype:trojan-activity;sid:83927293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.169.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064192/; classtype:trojan-activity;sid:83927292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.173.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064191/; classtype:trojan-activity;sid:83927291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.1.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064190/; classtype:trojan-activity;sid:83927290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.71.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064189/; classtype:trojan-activity;sid:83927289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.225.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064188/; classtype:trojan-activity;sid:83927288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.210.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064187/; classtype:trojan-activity;sid:83927287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.93.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064185/; classtype:trojan-activity;sid:83927285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.102.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064186/; classtype:trojan-activity;sid:83927286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.222.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064184/; classtype:trojan-activity;sid:83927284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.82.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064183/; classtype:trojan-activity;sid:83927283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064182)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.117.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064182/; classtype:trojan-activity;sid:83927282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.69.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064181/; classtype:trojan-activity;sid:83927281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064180)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.188.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064180/; classtype:trojan-activity;sid:83927280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064179)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.177.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064179/; classtype:trojan-activity;sid:83927279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064178)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.150.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064178/; classtype:trojan-activity;sid:83927278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.120.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064177/; classtype:trojan-activity;sid:83927277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064175/; classtype:trojan-activity;sid:83927275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.12.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064176/; classtype:trojan-activity;sid:83927276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.14.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064174/; classtype:trojan-activity;sid:83927274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.27.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064173/; classtype:trojan-activity;sid:83927273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.225.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064172/; classtype:trojan-activity;sid:83927272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.21.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064171/; classtype:trojan-activity;sid:83927271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.161.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064170/; classtype:trojan-activity;sid:83927270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.227.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064169/; classtype:trojan-activity;sid:83927269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.100.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064168/; classtype:trojan-activity;sid:83927268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.202.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064167/; classtype:trojan-activity;sid:83927267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.81.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064166/; classtype:trojan-activity;sid:83927266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.161.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064165/; classtype:trojan-activity;sid:83927265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064164)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.151.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064164/; classtype:trojan-activity;sid:83927264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064163)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.160.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064163/; classtype:trojan-activity;sid:83927263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064162)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.56.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064162/; classtype:trojan-activity;sid:83927262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064161)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.190.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064161/; classtype:trojan-activity;sid:83927261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064160)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.55.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064160/; classtype:trojan-activity;sid:83927260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.101.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064159/; classtype:trojan-activity;sid:83927259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.188.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064158/; classtype:trojan-activity;sid:83927258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.182.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064157/; classtype:trojan-activity;sid:83927257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.12.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064156/; classtype:trojan-activity;sid:83927256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.9.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064155/; classtype:trojan-activity;sid:83927255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.182.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064154/; classtype:trojan-activity;sid:83927254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.27.217.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064153/; classtype:trojan-activity;sid:83927253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.101.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064152/; classtype:trojan-activity;sid:83927252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.190.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064150/; classtype:trojan-activity;sid:83927250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.14.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064151/; classtype:trojan-activity;sid:83927251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.82.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064149/; classtype:trojan-activity;sid:83927249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.185.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064145/; classtype:trojan-activity;sid:83927245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.114.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064146/; classtype:trojan-activity;sid:83927246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.136.39.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064147/; classtype:trojan-activity;sid:83927247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.240.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064148/; classtype:trojan-activity;sid:83927248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064144)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.134.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064144/; classtype:trojan-activity;sid:83927244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064143)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.27.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064143/; classtype:trojan-activity;sid:83927243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064141)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.168.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064141/; classtype:trojan-activity;sid:83927241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064142)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.25.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064142/; classtype:trojan-activity;sid:83927242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.27.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064140/; classtype:trojan-activity;sid:83927240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.164.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064139/; classtype:trojan-activity;sid:83927239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.191.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064138/; classtype:trojan-activity;sid:83927238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.100.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064137/; classtype:trojan-activity;sid:83927237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.85.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064136/; classtype:trojan-activity;sid:83927236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.227.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064135/; classtype:trojan-activity;sid:83927235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.204.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064134/; classtype:trojan-activity;sid:83927234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.17.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064133/; classtype:trojan-activity;sid:83927233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.150.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064132/; classtype:trojan-activity;sid:83927232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.180.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064131/; classtype:trojan-activity;sid:83927231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.109.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064130/; classtype:trojan-activity;sid:83927230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.182.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064129/; classtype:trojan-activity;sid:83927229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.188.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064128/; classtype:trojan-activity;sid:83927228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.9.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064127/; classtype:trojan-activity;sid:83927227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.3.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064126/; classtype:trojan-activity;sid:83927226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.190.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064125/; classtype:trojan-activity;sid:83927225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.137.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064124/; classtype:trojan-activity;sid:83927224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.84.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064123/; classtype:trojan-activity;sid:83927223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.185.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064122/; classtype:trojan-activity;sid:83927222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.114.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064120/; classtype:trojan-activity;sid:83927220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.191.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064121/; classtype:trojan-activity;sid:83927221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.136.39.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064119/; classtype:trojan-activity;sid:83927219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.230.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064118/; classtype:trojan-activity;sid:83927218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064117)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.189.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064117/; classtype:trojan-activity;sid:83927217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064116)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.129.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064116/; classtype:trojan-activity;sid:83927216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064114)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.76.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064114/; classtype:trojan-activity;sid:83927214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064115)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.203.94.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064115/; classtype:trojan-activity;sid:83927215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.164.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064113/; classtype:trojan-activity;sid:83927213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.133.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064112/; classtype:trojan-activity;sid:83927212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.126.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064110/; classtype:trojan-activity;sid:83927210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.168.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064111/; classtype:trojan-activity;sid:83927211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.102.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064109/; classtype:trojan-activity;sid:83927209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.204.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064108/; classtype:trojan-activity;sid:83927208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.17.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064107/; classtype:trojan-activity;sid:83927207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.116.124.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064106/; classtype:trojan-activity;sid:83927206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.204.197.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064105/; classtype:trojan-activity;sid:83927205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.180.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064104/; classtype:trojan-activity;sid:83927204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064103)"; flow:established,from_client; content:"GET"; http_method; content:"/1.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"15.235.61.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064103/; classtype:trojan-activity;sid:83927203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064102)"; flow:established,from_client; content:"GET"; http_method; content:"/1.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"15.235.61.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064102/; classtype:trojan-activity;sid:83927202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064099)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/eg2ggyha/paste1.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pastecode.dev"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064099/; classtype:trojan-activity;sid:83927199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064100)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/npveesj8"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064100/; classtype:trojan-activity;sid:83927200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064101)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/gk5zdwdg"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064101/; classtype:trojan-activity;sid:83927201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064096)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/j7x7xpj4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064096/; classtype:trojan-activity;sid:83927196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064097)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/pqq0n3ea"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064097/; classtype:trojan-activity;sid:83927197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064098)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/vesn2nsp/paste1.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pastecode.dev"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064098/; classtype:trojan-activity;sid:83927198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064095)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bik1cdhx/paste1.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pastecode.dev"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064095/; classtype:trojan-activity;sid:83927195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064094)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.24.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064094/; classtype:trojan-activity;sid:83927194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064090)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"15.235.61.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064090/; classtype:trojan-activity;sid:83927190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064091)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"15.235.61.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064091/; classtype:trojan-activity;sid:83927191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064092)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"ip212.ip-15-235-61.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064092/; classtype:trojan-activity;sid:83927192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064093)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"ip212.ip-15-235-61.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064093/; classtype:trojan-activity;sid:83927193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.3.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064089/; classtype:trojan-activity;sid:83927189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.45.235"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064088/; classtype:trojan-activity;sid:83927188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.206.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064087/; classtype:trojan-activity;sid:83927187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.195.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064085/; classtype:trojan-activity;sid:83927185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.142.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064086/; classtype:trojan-activity;sid:83927186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064083)"; flow:established,from_client; content:"GET"; http_method; content:"/img/prox.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"191.96.79.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064083/; classtype:trojan-activity;sid:83927183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064084)"; flow:established,from_client; content:"GET"; http_method; content:"/img/prox.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"191.96.79.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064084/; classtype:trojan-activity;sid:83927184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064080)"; flow:established,from_client; content:"GET"; http_method; content:"/dashboard/"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"191.96.79.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064080/; classtype:trojan-activity;sid:83927180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.230.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064081/; classtype:trojan-activity;sid:83927181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064082)"; flow:established,from_client; content:"GET"; http_method; content:"/dashboard/"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"191.96.79.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064082/; classtype:trojan-activity;sid:83927182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.172.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064079/; classtype:trojan-activity;sid:83927179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.211.137.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064078/; classtype:trojan-activity;sid:83927178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.87.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064077/; classtype:trojan-activity;sid:83927177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064076)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.205.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064076/; classtype:trojan-activity;sid:83927176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064074)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.170.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064074/; classtype:trojan-activity;sid:83927174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064075)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.196.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064075/; classtype:trojan-activity;sid:83927175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064072)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.129.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064072/; classtype:trojan-activity;sid:83927172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.202.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064073/; classtype:trojan-activity;sid:83927173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.214.12.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064071/; classtype:trojan-activity;sid:83927171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.133.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064070/; classtype:trojan-activity;sid:83927170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.120.230.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064068/; classtype:trojan-activity;sid:83927168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.45.235"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064069/; classtype:trojan-activity;sid:83927169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.181.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064067/; classtype:trojan-activity;sid:83927167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.43.54.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064066/; classtype:trojan-activity;sid:83927166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.116.124.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064065/; classtype:trojan-activity;sid:83927165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064064)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.197.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064064/; classtype:trojan-activity;sid:83927164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.157.50.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064062/; classtype:trojan-activity;sid:83927162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.52.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064063/; classtype:trojan-activity;sid:83927163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.50.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064061/; classtype:trojan-activity;sid:83927161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.184.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064060/; classtype:trojan-activity;sid:83927160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064059)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.70.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064059/; classtype:trojan-activity;sid:83927159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.150.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064058/; classtype:trojan-activity;sid:83927158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.216.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064056/; classtype:trojan-activity;sid:83927156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.118.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064057/; classtype:trojan-activity;sid:83927157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064055)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.201.134.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064055/; classtype:trojan-activity;sid:83927155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064054)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.162.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064054/; classtype:trojan-activity;sid:83927154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064053)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.89.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064053/; classtype:trojan-activity;sid:83927153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.103.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064052/; classtype:trojan-activity;sid:83927152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.119.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064051/; classtype:trojan-activity;sid:83927151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.68.142.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064050/; classtype:trojan-activity;sid:83927150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.60.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064049/; classtype:trojan-activity;sid:83927149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.168.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064048/; classtype:trojan-activity;sid:83927148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.195.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064047/; classtype:trojan-activity;sid:83927147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.114.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064046/; classtype:trojan-activity;sid:83927146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.144.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064045/; classtype:trojan-activity;sid:83927145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.12.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064044/; classtype:trojan-activity;sid:83927144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.137.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064043/; classtype:trojan-activity;sid:83927143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.52.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064042/; classtype:trojan-activity;sid:83927142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064041)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.234.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064041/; classtype:trojan-activity;sid:83927141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.231.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064040/; classtype:trojan-activity;sid:83927140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.202.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064039/; classtype:trojan-activity;sid:83927139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064038)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.251.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064038/; classtype:trojan-activity;sid:83927138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.120.230.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064037/; classtype:trojan-activity;sid:83927137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.217.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064036/; classtype:trojan-activity;sid:83927136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.168.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064035/; classtype:trojan-activity;sid:83927135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.157.50.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064034/; classtype:trojan-activity;sid:83927134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.134.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064033/; classtype:trojan-activity;sid:83927133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.214.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064032/; classtype:trojan-activity;sid:83927132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.209.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064031/; classtype:trojan-activity;sid:83927131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.201.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064030/; classtype:trojan-activity;sid:83927130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.21.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064029/; classtype:trojan-activity;sid:83927129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.216.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064028/; classtype:trojan-activity;sid:83927128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.112.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064027/; classtype:trojan-activity;sid:83927127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.186.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064026/; classtype:trojan-activity;sid:83927126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064025)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.121.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064025/; classtype:trojan-activity;sid:83927125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.125.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064023/; classtype:trojan-activity;sid:83927123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.55.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064024/; classtype:trojan-activity;sid:83927124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064022)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.181.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064022/; classtype:trojan-activity;sid:83927122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.119.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064019/; classtype:trojan-activity;sid:83927119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.22.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064020/; classtype:trojan-activity;sid:83927120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.103.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064021/; classtype:trojan-activity;sid:83927121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.245.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_24; reference:url, urlhaus.abuse.ch/url/3064018/; classtype:trojan-activity;sid:83927118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.168.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3064017/; classtype:trojan-activity;sid:83927117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.168.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3064016/; classtype:trojan-activity;sid:83927116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.44.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3064015/; classtype:trojan-activity;sid:83927115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.39.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3064014/; classtype:trojan-activity;sid:83927114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.4.119"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3064013/; classtype:trojan-activity;sid:83927113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.161.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3064012/; classtype:trojan-activity;sid:83927112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.245.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3064011/; classtype:trojan-activity;sid:83927111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064010)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.167.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3064010/; classtype:trojan-activity;sid:83927110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.254.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3064008/; classtype:trojan-activity;sid:83927108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.52.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3064009/; classtype:trojan-activity;sid:83927109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.134.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3064007/; classtype:trojan-activity;sid:83927107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.171.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3064006/; classtype:trojan-activity;sid:83927106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.60.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3064005/; classtype:trojan-activity;sid:83927105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.39.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3064004/; classtype:trojan-activity;sid:83927104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.179.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3064003/; classtype:trojan-activity;sid:83927103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.245.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3064002/; classtype:trojan-activity;sid:83927102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.149.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3064001/; classtype:trojan-activity;sid:83927101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.194.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063999/; classtype:trojan-activity;sid:83927099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3064000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.87.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3064000/; classtype:trojan-activity;sid:83927100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.225.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063998/; classtype:trojan-activity;sid:83927098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.34.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063997/; classtype:trojan-activity;sid:83927097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.22.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063996/; classtype:trojan-activity;sid:83927096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.245.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063995/; classtype:trojan-activity;sid:83927095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.59.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063994/; classtype:trojan-activity;sid:83927094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.44.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063993/; classtype:trojan-activity;sid:83927093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.31.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063992/; classtype:trojan-activity;sid:83927092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.161.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063991/; classtype:trojan-activity;sid:83927091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.92.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063990/; classtype:trojan-activity;sid:83927090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.183.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063989/; classtype:trojan-activity;sid:83927089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.160.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063988/; classtype:trojan-activity;sid:83927088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063987)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.93.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063987/; classtype:trojan-activity;sid:83927087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.182.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063986/; classtype:trojan-activity;sid:83927086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063985)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.31.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063985/; classtype:trojan-activity;sid:83927085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.194.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063984/; classtype:trojan-activity;sid:83927084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.254.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063983/; classtype:trojan-activity;sid:83927083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.6.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063981/; classtype:trojan-activity;sid:83927081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.31.168.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063982/; classtype:trojan-activity;sid:83927082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.144.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063980/; classtype:trojan-activity;sid:83927080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.179.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063979/; classtype:trojan-activity;sid:83927079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.46.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063978/; classtype:trojan-activity;sid:83927078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.124.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063977/; classtype:trojan-activity;sid:83927077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.168.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063976/; classtype:trojan-activity;sid:83927076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.127.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063974/; classtype:trojan-activity;sid:83927074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.87.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063975/; classtype:trojan-activity;sid:83927075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063973)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.67.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063973/; classtype:trojan-activity;sid:83927073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063972)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.7.230.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063972/; classtype:trojan-activity;sid:83927072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.80.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063971/; classtype:trojan-activity;sid:83927071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063970)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.145.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063970/; classtype:trojan-activity;sid:83927070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.178.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063969/; classtype:trojan-activity;sid:83927069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.192.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063968/; classtype:trojan-activity;sid:83927068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.96.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063967/; classtype:trojan-activity;sid:83927067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.31.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063966/; classtype:trojan-activity;sid:83927066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.183.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063965/; classtype:trojan-activity;sid:83927065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063951)"; flow:established,from_client; content:"GET"; http_method; content:"/5336150120480.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063951/; classtype:trojan-activity;sid:83927051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063952)"; flow:established,from_client; content:"GET"; http_method; content:"/28208068589.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063952/; classtype:trojan-activity;sid:83927052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063953)"; flow:established,from_client; content:"GET"; http_method; content:"/3418233547651.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063953/; classtype:trojan-activity;sid:83927053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063954)"; flow:established,from_client; content:"GET"; http_method; content:"/904513631560.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063954/; classtype:trojan-activity;sid:83927054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063955)"; flow:established,from_client; content:"GET"; http_method; content:"/3714240625358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063955/; classtype:trojan-activity;sid:83927055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063956)"; flow:established,from_client; content:"GET"; http_method; content:"/6254308077500.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063956/; classtype:trojan-activity;sid:83927056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063957)"; flow:established,from_client; content:"GET"; http_method; content:"/95541017927181.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063957/; classtype:trojan-activity;sid:83927057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063958)"; flow:established,from_client; content:"GET"; http_method; content:"/3572246549187.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063958/; classtype:trojan-activity;sid:83927058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063959)"; flow:established,from_client; content:"GET"; http_method; content:"/31852834330664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063959/; classtype:trojan-activity;sid:83927059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063960)"; flow:established,from_client; content:"GET"; http_method; content:"/7570552717192.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063960/; classtype:trojan-activity;sid:83927060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063961)"; flow:established,from_client; content:"GET"; http_method; content:"/85112116625809.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063961/; classtype:trojan-activity;sid:83927061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063962)"; flow:established,from_client; content:"GET"; http_method; content:"/320611076628622.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063962/; classtype:trojan-activity;sid:83927062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063963)"; flow:established,from_client; content:"GET"; http_method; content:"/2939869728525.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063963/; classtype:trojan-activity;sid:83927063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063964)"; flow:established,from_client; content:"GET"; http_method; content:"/74612999010658.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063964/; classtype:trojan-activity;sid:83927064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063940)"; flow:established,from_client; content:"GET"; http_method; content:"/295711304116423.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063940/; classtype:trojan-activity;sid:83927040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063941)"; flow:established,from_client; content:"GET"; http_method; content:"/9106210789637.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063941/; classtype:trojan-activity;sid:83927041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063942)"; flow:established,from_client; content:"GET"; http_method; content:"/4942163781639.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063942/; classtype:trojan-activity;sid:83927042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063943)"; flow:established,from_client; content:"GET"; http_method; content:"/303632922821244.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063943/; classtype:trojan-activity;sid:83927043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063944)"; flow:established,from_client; content:"GET"; http_method; content:"/289341765223497.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063944/; classtype:trojan-activity;sid:83927044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063945)"; flow:established,from_client; content:"GET"; http_method; content:"/293581802922445.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063945/; classtype:trojan-activity;sid:83927045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063946)"; flow:established,from_client; content:"GET"; http_method; content:"/95491831519039.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063946/; classtype:trojan-activity;sid:83927046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063947)"; flow:established,from_client; content:"GET"; http_method; content:"/28792574431684.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063947/; classtype:trojan-activity;sid:83927047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063948)"; flow:established,from_client; content:"GET"; http_method; content:"/5685636510042.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063948/; classtype:trojan-activity;sid:83927048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063949)"; flow:established,from_client; content:"GET"; http_method; content:"/31933320695402.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063949/; classtype:trojan-activity;sid:83927049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063950)"; flow:established,from_client; content:"GET"; http_method; content:"/297331327429949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063950/; classtype:trojan-activity;sid:83927050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063900)"; flow:established,from_client; content:"GET"; http_method; content:"/710162113845.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063900/; classtype:trojan-activity;sid:83927000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063901)"; flow:established,from_client; content:"GET"; http_method; content:"/271422574128375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063901/; classtype:trojan-activity;sid:83927001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063902)"; flow:established,from_client; content:"GET"; http_method; content:"/62693180814501.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063902/; classtype:trojan-activity;sid:83927002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063903)"; flow:established,from_client; content:"GET"; http_method; content:"/86781133818144.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063903/; classtype:trojan-activity;sid:83927003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063904)"; flow:established,from_client; content:"GET"; http_method; content:"/27732302912131.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063904/; classtype:trojan-activity;sid:83927004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063905)"; flow:established,from_client; content:"GET"; http_method; content:"/48111999325022.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063905/; classtype:trojan-activity;sid:83927005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063906)"; flow:established,from_client; content:"GET"; http_method; content:"/7450468614233.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063906/; classtype:trojan-activity;sid:83927006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063907)"; flow:established,from_client; content:"GET"; http_method; content:"/721256141486.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063907/; classtype:trojan-activity;sid:83927007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063908)"; flow:established,from_client; content:"GET"; http_method; content:"/3173488889198.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063908/; classtype:trojan-activity;sid:83927008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063909)"; flow:established,from_client; content:"GET"; http_method; content:"/7285986021605.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063909/; classtype:trojan-activity;sid:83927009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063910)"; flow:established,from_client; content:"GET"; http_method; content:"/9074271717066.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063910/; classtype:trojan-activity;sid:83927010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063911)"; flow:established,from_client; content:"GET"; http_method; content:"/48121709111246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063911/; classtype:trojan-activity;sid:83927011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063912)"; flow:established,from_client; content:"GET"; http_method; content:"/28622300615912.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063912/; classtype:trojan-activity;sid:83927012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063913)"; flow:established,from_client; content:"GET"; http_method; content:"/293453925026.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063913/; classtype:trojan-activity;sid:83927013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063914)"; flow:established,from_client; content:"GET"; http_method; content:"/6840784313807.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063914/; classtype:trojan-activity;sid:83927014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063915)"; flow:established,from_client; content:"GET"; http_method; content:"/49201342017208.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063915/; classtype:trojan-activity;sid:83927015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063916)"; flow:established,from_client; content:"GET"; http_method; content:"/282882462825858.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063916/; classtype:trojan-activity;sid:83927016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063917)"; flow:established,from_client; content:"GET"; http_method; content:"/7607213729806.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063917/; classtype:trojan-activity;sid:83927017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063918)"; flow:established,from_client; content:"GET"; http_method; content:"/78102414516540.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063918/; classtype:trojan-activity;sid:83927018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063919)"; flow:established,from_client; content:"GET"; http_method; content:"/47312627127348.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063919/; classtype:trojan-activity;sid:83927019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063920)"; flow:established,from_client; content:"GET"; http_method; content:"/275602608018447.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063920/; classtype:trojan-activity;sid:83927020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063921)"; flow:established,from_client; content:"GET"; http_method; content:"/8578413221070.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063921/; classtype:trojan-activity;sid:83927021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063922)"; flow:established,from_client; content:"GET"; http_method; content:"/3099531828214.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063922/; classtype:trojan-activity;sid:83927022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063923)"; flow:established,from_client; content:"GET"; http_method; content:"/58121393721311.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063923/; classtype:trojan-activity;sid:83927023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063924)"; flow:established,from_client; content:"GET"; http_method; content:"/65192552717977.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063924/; classtype:trojan-activity;sid:83927024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063925)"; flow:established,from_client; content:"GET"; http_method; content:"/29044870917193.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063925/; classtype:trojan-activity;sid:83927025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063926)"; flow:established,from_client; content:"GET"; http_method; content:"/320312909623919.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063926/; classtype:trojan-activity;sid:83927026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063927)"; flow:established,from_client; content:"GET"; http_method; content:"/80311668531588.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063927/; classtype:trojan-activity;sid:83927027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063928)"; flow:established,from_client; content:"GET"; http_method; content:"/47141987620729.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063928/; classtype:trojan-activity;sid:83927028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063929)"; flow:established,from_client; content:"GET"; http_method; content:"/30742057426029.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063929/; classtype:trojan-activity;sid:83927029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063930)"; flow:established,from_client; content:"GET"; http_method; content:"/8623717231350.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063930/; classtype:trojan-activity;sid:83927030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063931)"; flow:established,from_client; content:"GET"; http_method; content:"/6691249755586.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063931/; classtype:trojan-activity;sid:83927031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063932)"; flow:established,from_client; content:"GET"; http_method; content:"/9753910413140.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063932/; classtype:trojan-activity;sid:83927032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063933)"; flow:established,from_client; content:"GET"; http_method; content:"/270253008428631.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063933/; classtype:trojan-activity;sid:83927033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063934)"; flow:established,from_client; content:"GET"; http_method; content:"/2799097265884.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063934/; classtype:trojan-activity;sid:83927034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063935)"; flow:established,from_client; content:"GET"; http_method; content:"/3144435225931.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063935/; classtype:trojan-activity;sid:83927035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063936)"; flow:established,from_client; content:"GET"; http_method; content:"/7662560923358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063936/; classtype:trojan-activity;sid:83927036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063937)"; flow:established,from_client; content:"GET"; http_method; content:"/294231561923485.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063937/; classtype:trojan-activity;sid:83927037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063938)"; flow:established,from_client; content:"GET"; http_method; content:"/70133027720297.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063938/; classtype:trojan-activity;sid:83927038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063939)"; flow:established,from_client; content:"GET"; http_method; content:"/28258172047292.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063939/; classtype:trojan-activity;sid:83927039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063889)"; flow:established,from_client; content:"GET"; http_method; content:"/185382785731260.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063889/; classtype:trojan-activity;sid:83926989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063890)"; flow:established,from_client; content:"GET"; http_method; content:"/219162541119066.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063890/; classtype:trojan-activity;sid:83926990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063891)"; flow:established,from_client; content:"GET"; http_method; content:"/19786138996700.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063891/; classtype:trojan-activity;sid:83926991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063892)"; flow:established,from_client; content:"GET"; http_method; content:"/238881753218283.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063892/; classtype:trojan-activity;sid:83926992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063893)"; flow:established,from_client; content:"GET"; http_method; content:"/2433346094121.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063893/; classtype:trojan-activity;sid:83926993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063894)"; flow:established,from_client; content:"GET"; http_method; content:"/162173226519808.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063894/; classtype:trojan-activity;sid:83926994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063895)"; flow:established,from_client; content:"GET"; http_method; content:"/160551844320505.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063895/; classtype:trojan-activity;sid:83926995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063896)"; flow:established,from_client; content:"GET"; http_method; content:"/11401304018275.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063896/; classtype:trojan-activity;sid:83926996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063897)"; flow:established,from_client; content:"GET"; http_method; content:"/196452519319596.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063897/; classtype:trojan-activity;sid:83926997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063898)"; flow:established,from_client; content:"GET"; http_method; content:"/134881886712041.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063898/; classtype:trojan-activity;sid:83926998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.6.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063899/; classtype:trojan-activity;sid:83926999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063872)"; flow:established,from_client; content:"GET"; http_method; content:"/21218949518664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063872/; classtype:trojan-activity;sid:83926972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063873)"; flow:established,from_client; content:"GET"; http_method; content:"/13228279724004.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063873/; classtype:trojan-activity;sid:83926973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063874)"; flow:established,from_client; content:"GET"; http_method; content:"/179732851022052.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063874/; classtype:trojan-activity;sid:83926974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063875)"; flow:established,from_client; content:"GET"; http_method; content:"/235713873942.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063875/; classtype:trojan-activity;sid:83926975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063876)"; flow:established,from_client; content:"GET"; http_method; content:"/183222740917008.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063876/; classtype:trojan-activity;sid:83926976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063877)"; flow:established,from_client; content:"GET"; http_method; content:"/14240320923345.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063877/; classtype:trojan-activity;sid:83926977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063878)"; flow:established,from_client; content:"GET"; http_method; content:"/11971114317060.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063878/; classtype:trojan-activity;sid:83926978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063879)"; flow:established,from_client; content:"GET"; http_method; content:"/2517831756038.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063879/; classtype:trojan-activity;sid:83926979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063880)"; flow:established,from_client; content:"GET"; http_method; content:"/20831255771415.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063880/; classtype:trojan-activity;sid:83926980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063881)"; flow:established,from_client; content:"GET"; http_method; content:"/159642403518699.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063881/; classtype:trojan-activity;sid:83926981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063882)"; flow:established,from_client; content:"GET"; http_method; content:"/1905070293923.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063882/; classtype:trojan-activity;sid:83926982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063883)"; flow:established,from_client; content:"GET"; http_method; content:"/235132567015030.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063883/; classtype:trojan-activity;sid:83926983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063884)"; flow:established,from_client; content:"GET"; http_method; content:"/14117938220213.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063884/; classtype:trojan-activity;sid:83926984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063885)"; flow:established,from_client; content:"GET"; http_method; content:"/209012524319550.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063885/; classtype:trojan-activity;sid:83926985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063886)"; flow:established,from_client; content:"GET"; http_method; content:"/15582296527056.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063886/; classtype:trojan-activity;sid:83926986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063887)"; flow:established,from_client; content:"GET"; http_method; content:"/26334159312437.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063887/; classtype:trojan-activity;sid:83926987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063888)"; flow:established,from_client; content:"GET"; http_method; content:"/16512111009916.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063888/; classtype:trojan-activity;sid:83926988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063866)"; flow:established,from_client; content:"GET"; http_method; content:"/141626646422.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063866/; classtype:trojan-activity;sid:83926966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063867)"; flow:established,from_client; content:"GET"; http_method; content:"/163412250512119.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063867/; classtype:trojan-activity;sid:83926967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063868)"; flow:established,from_client; content:"GET"; http_method; content:"/14045293869401.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063868/; classtype:trojan-activity;sid:83926968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063869)"; flow:established,from_client; content:"GET"; http_method; content:"/13505279848351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063869/; classtype:trojan-activity;sid:83926969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063870)"; flow:established,from_client; content:"GET"; http_method; content:"/10021225958516.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063870/; classtype:trojan-activity;sid:83926970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063871)"; flow:established,from_client; content:"GET"; http_method; content:"/14217940225195.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063871/; classtype:trojan-activity;sid:83926971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063830)"; flow:established,from_client; content:"GET"; http_method; content:"/2442990412424.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063830/; classtype:trojan-activity;sid:83926930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063831)"; flow:established,from_client; content:"GET"; http_method; content:"/143163224613766.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063831/; classtype:trojan-activity;sid:83926931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063832)"; flow:established,from_client; content:"GET"; http_method; content:"/18291699432196.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063832/; classtype:trojan-activity;sid:83926932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063833)"; flow:established,from_client; content:"GET"; http_method; content:"/116963157065.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063833/; classtype:trojan-activity;sid:83926933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063834)"; flow:established,from_client; content:"GET"; http_method; content:"/18301343424544.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063834/; classtype:trojan-activity;sid:83926934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063835)"; flow:established,from_client; content:"GET"; http_method; content:"/17959616912130.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063835/; classtype:trojan-activity;sid:83926935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063836)"; flow:established,from_client; content:"GET"; http_method; content:"/196371523423251.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063836/; classtype:trojan-activity;sid:83926936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063837)"; flow:established,from_client; content:"GET"; http_method; content:"/248221549524710.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063837/; classtype:trojan-activity;sid:83926937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063838)"; flow:established,from_client; content:"GET"; http_method; content:"/202811428928372.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063838/; classtype:trojan-activity;sid:83926938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063839)"; flow:established,from_client; content:"GET"; http_method; content:"/20772434815351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063839/; classtype:trojan-activity;sid:83926939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063840)"; flow:established,from_client; content:"GET"; http_method; content:"/11279194465698.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063840/; classtype:trojan-activity;sid:83926940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063841)"; flow:established,from_client; content:"GET"; http_method; content:"/22509121009108.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063841/; classtype:trojan-activity;sid:83926941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063842)"; flow:established,from_client; content:"GET"; http_method; content:"/239382109316501.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063842/; classtype:trojan-activity;sid:83926942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063843)"; flow:established,from_client; content:"GET"; http_method; content:"/100382520127498.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063843/; classtype:trojan-activity;sid:83926943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063844)"; flow:established,from_client; content:"GET"; http_method; content:"/195151343324643.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063844/; classtype:trojan-activity;sid:83926944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063845)"; flow:established,from_client; content:"GET"; http_method; content:"/234647089425.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063845/; classtype:trojan-activity;sid:83926945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063846)"; flow:established,from_client; content:"GET"; http_method; content:"/21209181316742.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063846/; classtype:trojan-activity;sid:83926946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063847)"; flow:established,from_client; content:"GET"; http_method; content:"/186683159919091.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063847/; classtype:trojan-activity;sid:83926947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063848)"; flow:established,from_client; content:"GET"; http_method; content:"/113883084112122.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063848/; classtype:trojan-activity;sid:83926948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063849)"; flow:established,from_client; content:"GET"; http_method; content:"/133743007529826.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063849/; classtype:trojan-activity;sid:83926949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063850)"; flow:established,from_client; content:"GET"; http_method; content:"/194642919326010.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063850/; classtype:trojan-activity;sid:83926950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063851)"; flow:established,from_client; content:"GET"; http_method; content:"/16433258548766.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063851/; classtype:trojan-activity;sid:83926951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063852)"; flow:established,from_client; content:"GET"; http_method; content:"/18010673024546.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063852/; classtype:trojan-activity;sid:83926952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063853)"; flow:established,from_client; content:"GET"; http_method; content:"/23602228684844.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063853/; classtype:trojan-activity;sid:83926953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063854)"; flow:established,from_client; content:"GET"; http_method; content:"/1494025679229.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063854/; classtype:trojan-activity;sid:83926954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063855)"; flow:established,from_client; content:"GET"; http_method; content:"/259802001812467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063855/; classtype:trojan-activity;sid:83926955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063856)"; flow:established,from_client; content:"GET"; http_method; content:"/269270317692.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063856/; classtype:trojan-activity;sid:83926956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063857)"; flow:established,from_client; content:"GET"; http_method; content:"/17777753213985.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063857/; classtype:trojan-activity;sid:83926957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063858)"; flow:established,from_client; content:"GET"; http_method; content:"/1527830137078.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063858/; classtype:trojan-activity;sid:83926958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063859)"; flow:established,from_client; content:"GET"; http_method; content:"/20371580615655.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063859/; classtype:trojan-activity;sid:83926959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063860)"; flow:established,from_client; content:"GET"; http_method; content:"/122302714028311.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063860/; classtype:trojan-activity;sid:83926960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063861)"; flow:established,from_client; content:"GET"; http_method; content:"/1301325520379.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063861/; classtype:trojan-activity;sid:83926961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063862)"; flow:established,from_client; content:"GET"; http_method; content:"/23712160411586.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063862/; classtype:trojan-activity;sid:83926962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063863)"; flow:established,from_client; content:"GET"; http_method; content:"/157732148715945.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063863/; classtype:trojan-activity;sid:83926963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063864)"; flow:established,from_client; content:"GET"; http_method; content:"/16407240006521.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063864/; classtype:trojan-activity;sid:83926964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063865)"; flow:established,from_client; content:"GET"; http_method; content:"/258321656031949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063865/; classtype:trojan-activity;sid:83926965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063828)"; flow:established,from_client; content:"GET"; http_method; content:"/1047698831771.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063828/; classtype:trojan-activity;sid:83926928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063829)"; flow:established,from_client; content:"GET"; http_method; content:"/13645730022686.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063829/; classtype:trojan-activity;sid:83926929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063789)"; flow:established,from_client; content:"GET"; http_method; content:"/26205218665271.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063789/; classtype:trojan-activity;sid:83926889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063790)"; flow:established,from_client; content:"GET"; http_method; content:"/21210513926246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063790/; classtype:trojan-activity;sid:83926890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063791)"; flow:established,from_client; content:"GET"; http_method; content:"/24036109961094.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063791/; classtype:trojan-activity;sid:83926891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063792)"; flow:established,from_client; content:"GET"; http_method; content:"/25035723513366.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063792/; classtype:trojan-activity;sid:83926892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063793)"; flow:established,from_client; content:"GET"; http_method; content:"/2425236266541.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063793/; classtype:trojan-activity;sid:83926893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063794)"; flow:established,from_client; content:"GET"; http_method; content:"/241082772725462.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063794/; classtype:trojan-activity;sid:83926894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063795)"; flow:established,from_client; content:"GET"; http_method; content:"/25123256582352.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063795/; classtype:trojan-activity;sid:83926895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063796)"; flow:established,from_client; content:"GET"; http_method; content:"/21791436929945.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063796/; classtype:trojan-activity;sid:83926896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063797)"; flow:established,from_client; content:"GET"; http_method; content:"/247102099110965.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063797/; classtype:trojan-activity;sid:83926897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063798)"; flow:established,from_client; content:"GET"; http_method; content:"/26203177426594.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063798/; classtype:trojan-activity;sid:83926898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063799)"; flow:established,from_client; content:"GET"; http_method; content:"/1493680295905.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063799/; classtype:trojan-activity;sid:83926899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063800)"; flow:established,from_client; content:"GET"; http_method; content:"/21526169013219.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063800/; classtype:trojan-activity;sid:83926900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063801)"; flow:established,from_client; content:"GET"; http_method; content:"/154121319421467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063801/; classtype:trojan-activity;sid:83926901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063802)"; flow:established,from_client; content:"GET"; http_method; content:"/208202596920014.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063802/; classtype:trojan-activity;sid:83926902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063803)"; flow:established,from_client; content:"GET"; http_method; content:"/160191646713871.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063803/; classtype:trojan-activity;sid:83926903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063804)"; flow:established,from_client; content:"GET"; http_method; content:"/112762799311874.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063804/; classtype:trojan-activity;sid:83926904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063805)"; flow:established,from_client; content:"GET"; http_method; content:"/240702223723210.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063805/; classtype:trojan-activity;sid:83926905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063806)"; flow:established,from_client; content:"GET"; http_method; content:"/126951871630094.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063806/; classtype:trojan-activity;sid:83926906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063807)"; flow:established,from_client; content:"GET"; http_method; content:"/126402128422578.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063807/; classtype:trojan-activity;sid:83926907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063808)"; flow:established,from_client; content:"GET"; http_method; content:"/21854102773609.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063808/; classtype:trojan-activity;sid:83926908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063809)"; flow:established,from_client; content:"GET"; http_method; content:"/242191824627282.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063809/; classtype:trojan-activity;sid:83926909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063810)"; flow:established,from_client; content:"GET"; http_method; content:"/2645972026200.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063810/; classtype:trojan-activity;sid:83926910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063811)"; flow:established,from_client; content:"GET"; http_method; content:"/16134278330185.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063811/; classtype:trojan-activity;sid:83926911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063812)"; flow:established,from_client; content:"GET"; http_method; content:"/1871393130833.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063812/; classtype:trojan-activity;sid:83926912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063813)"; flow:established,from_client; content:"GET"; http_method; content:"/25909643110239.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063813/; classtype:trojan-activity;sid:83926913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063814)"; flow:established,from_client; content:"GET"; http_method; content:"/1111263555411.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063814/; classtype:trojan-activity;sid:83926914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063815)"; flow:established,from_client; content:"GET"; http_method; content:"/2230877325584.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063815/; classtype:trojan-activity;sid:83926915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063816)"; flow:established,from_client; content:"GET"; http_method; content:"/221176234056.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063816/; classtype:trojan-activity;sid:83926916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063817)"; flow:established,from_client; content:"GET"; http_method; content:"/25028894717122.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063817/; classtype:trojan-activity;sid:83926917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063818)"; flow:established,from_client; content:"GET"; http_method; content:"/17283221221217.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063818/; classtype:trojan-activity;sid:83926918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063819)"; flow:established,from_client; content:"GET"; http_method; content:"/162312656229872.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063819/; classtype:trojan-activity;sid:83926919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063820)"; flow:established,from_client; content:"GET"; http_method; content:"/161101029419095.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063820/; classtype:trojan-activity;sid:83926920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063821)"; flow:established,from_client; content:"GET"; http_method; content:"/225742142723127.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063821/; classtype:trojan-activity;sid:83926921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063822)"; flow:established,from_client; content:"GET"; http_method; content:"/261082872331996.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063822/; classtype:trojan-activity;sid:83926922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063823)"; flow:established,from_client; content:"GET"; http_method; content:"/199273075630702.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063823/; classtype:trojan-activity;sid:83926923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063824)"; flow:established,from_client; content:"GET"; http_method; content:"/160672328012973.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063824/; classtype:trojan-activity;sid:83926924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063825)"; flow:established,from_client; content:"GET"; http_method; content:"/140471797424079.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063825/; classtype:trojan-activity;sid:83926925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063826)"; flow:established,from_client; content:"GET"; http_method; content:"/219952090612375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063826/; classtype:trojan-activity;sid:83926926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063827)"; flow:established,from_client; content:"GET"; http_method; content:"/186711723522606.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dailywebstats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063827/; classtype:trojan-activity;sid:83926927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.18.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063788/; classtype:trojan-activity;sid:83926888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063773)"; flow:established,from_client; content:"GET"; http_method; content:"/289341765223497.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063773/; classtype:trojan-activity;sid:83926873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063774)"; flow:established,from_client; content:"GET"; http_method; content:"/7450468614233.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063774/; classtype:trojan-activity;sid:83926874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063775)"; flow:established,from_client; content:"GET"; http_method; content:"/320611076628622.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063775/; classtype:trojan-activity;sid:83926875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063776)"; flow:established,from_client; content:"GET"; http_method; content:"/74612999010658.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063776/; classtype:trojan-activity;sid:83926876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063777)"; flow:established,from_client; content:"GET"; http_method; content:"/15582296527056.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063777/; classtype:trojan-activity;sid:83926877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063778)"; flow:established,from_client; content:"GET"; http_method; content:"/235132567015030.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063778/; classtype:trojan-activity;sid:83926878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063779)"; flow:established,from_client; content:"GET"; http_method; content:"/195151343324643.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063779/; classtype:trojan-activity;sid:83926879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063780)"; flow:established,from_client; content:"GET"; http_method; content:"/49201342017208.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063780/; classtype:trojan-activity;sid:83926880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063781)"; flow:established,from_client; content:"GET"; http_method; content:"/234647089425.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063781/; classtype:trojan-activity;sid:83926881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063782)"; flow:established,from_client; content:"GET"; http_method; content:"/2517831756038.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063782/; classtype:trojan-activity;sid:83926882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063783)"; flow:established,from_client; content:"GET"; http_method; content:"/95491831519039.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063783/; classtype:trojan-activity;sid:83926883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063784)"; flow:established,from_client; content:"GET"; http_method; content:"/21791436929945.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063784/; classtype:trojan-activity;sid:83926884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063785)"; flow:established,from_client; content:"GET"; http_method; content:"/11279194465698.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063785/; classtype:trojan-activity;sid:83926885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063786)"; flow:established,from_client; content:"GET"; http_method; content:"/208202596920014.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063786/; classtype:trojan-activity;sid:83926886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063787)"; flow:established,from_client; content:"GET"; http_method; content:"/294231561923485.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063787/; classtype:trojan-activity;sid:83926887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063770)"; flow:established,from_client; content:"GET"; http_method; content:"/141626646422.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063770/; classtype:trojan-activity;sid:83926870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063771)"; flow:established,from_client; content:"GET"; http_method; content:"/31933320695402.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063771/; classtype:trojan-activity;sid:83926871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063772)"; flow:established,from_client; content:"GET"; http_method; content:"/186711723522606.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063772/; classtype:trojan-activity;sid:83926872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063733)"; flow:established,from_client; content:"GET"; http_method; content:"/95541017927181.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063733/; classtype:trojan-activity;sid:83926833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063734)"; flow:established,from_client; content:"GET"; http_method; content:"/199273075630702.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063734/; classtype:trojan-activity;sid:83926834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063735)"; flow:established,from_client; content:"GET"; http_method; content:"/24036109961094.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063735/; classtype:trojan-activity;sid:83926835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063736)"; flow:established,from_client; content:"GET"; http_method; content:"/31852834330664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063736/; classtype:trojan-activity;sid:83926836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063737)"; flow:established,from_client; content:"GET"; http_method; content:"/18301343424544.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063737/; classtype:trojan-activity;sid:83926837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063738)"; flow:established,from_client; content:"GET"; http_method; content:"/140471797424079.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063738/; classtype:trojan-activity;sid:83926838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063739)"; flow:established,from_client; content:"GET"; http_method; content:"/247102099110965.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063739/; classtype:trojan-activity;sid:83926839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063740)"; flow:established,from_client; content:"GET"; http_method; content:"/20772434815351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063740/; classtype:trojan-activity;sid:83926840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063741)"; flow:established,from_client; content:"GET"; http_method; content:"/7285986021605.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063741/; classtype:trojan-activity;sid:83926841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063742)"; flow:established,from_client; content:"GET"; http_method; content:"/186683159919091.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063742/; classtype:trojan-activity;sid:83926842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063743)"; flow:established,from_client; content:"GET"; http_method; content:"/295711304116423.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063743/; classtype:trojan-activity;sid:83926843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063744)"; flow:established,from_client; content:"GET"; http_method; content:"/4942163781639.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063744/; classtype:trojan-activity;sid:83926844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063745)"; flow:established,from_client; content:"GET"; http_method; content:"/86781133818144.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063745/; classtype:trojan-activity;sid:83926845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063746)"; flow:established,from_client; content:"GET"; http_method; content:"/13228279724004.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063746/; classtype:trojan-activity;sid:83926846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063747)"; flow:established,from_client; content:"GET"; http_method; content:"/122302714028311.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063747/; classtype:trojan-activity;sid:83926847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063748)"; flow:established,from_client; content:"GET"; http_method; content:"/1494025679229.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063748/; classtype:trojan-activity;sid:83926848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063749)"; flow:established,from_client; content:"GET"; http_method; content:"/18291699432196.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063749/; classtype:trojan-activity;sid:83926849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063750)"; flow:established,from_client; content:"GET"; http_method; content:"/239382109316501.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063750/; classtype:trojan-activity;sid:83926850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063751)"; flow:established,from_client; content:"GET"; http_method; content:"/8623717231350.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063751/; classtype:trojan-activity;sid:83926851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063752)"; flow:established,from_client; content:"GET"; http_method; content:"/221176234056.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063752/; classtype:trojan-activity;sid:83926852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063753)"; flow:established,from_client; content:"GET"; http_method; content:"/270253008428631.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063753/; classtype:trojan-activity;sid:83926853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063754)"; flow:established,from_client; content:"GET"; http_method; content:"/1527830137078.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063754/; classtype:trojan-activity;sid:83926854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063755)"; flow:established,from_client; content:"GET"; http_method; content:"/29044870917193.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063755/; classtype:trojan-activity;sid:83926855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063756)"; flow:established,from_client; content:"GET"; http_method; content:"/18010673024546.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063756/; classtype:trojan-activity;sid:83926856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063757)"; flow:established,from_client; content:"GET"; http_method; content:"/9106210789637.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063757/; classtype:trojan-activity;sid:83926857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063758)"; flow:established,from_client; content:"GET"; http_method; content:"/11401304018275.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063758/; classtype:trojan-activity;sid:83926858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063759)"; flow:established,from_client; content:"GET"; http_method; content:"/2799097265884.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063759/; classtype:trojan-activity;sid:83926859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063760)"; flow:established,from_client; content:"GET"; http_method; content:"/219162541119066.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063760/; classtype:trojan-activity;sid:83926860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063761)"; flow:established,from_client; content:"GET"; http_method; content:"/1905070293923.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063761/; classtype:trojan-activity;sid:83926861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063762)"; flow:established,from_client; content:"GET"; http_method; content:"/160672328012973.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063762/; classtype:trojan-activity;sid:83926862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063763)"; flow:established,from_client; content:"GET"; http_method; content:"/26205218665271.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063763/; classtype:trojan-activity;sid:83926863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063764)"; flow:established,from_client; content:"GET"; http_method; content:"/133743007529826.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063764/; classtype:trojan-activity;sid:83926864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063765)"; flow:established,from_client; content:"GET"; http_method; content:"/23712160411586.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063765/; classtype:trojan-activity;sid:83926865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063766)"; flow:established,from_client; content:"GET"; http_method; content:"/2425236266541.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063766/; classtype:trojan-activity;sid:83926866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063767)"; flow:established,from_client; content:"GET"; http_method; content:"/259802001812467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063767/; classtype:trojan-activity;sid:83926867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063768)"; flow:established,from_client; content:"GET"; http_method; content:"/241082772725462.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063768/; classtype:trojan-activity;sid:83926868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063769)"; flow:established,from_client; content:"GET"; http_method; content:"/1301325520379.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063769/; classtype:trojan-activity;sid:83926869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.64.96"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063731/; classtype:trojan-activity;sid:83926831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063732)"; flow:established,from_client; content:"GET"; http_method; content:"/248221549524710.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063732/; classtype:trojan-activity;sid:83926832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063715)"; flow:established,from_client; content:"GET"; http_method; content:"/238881753218283.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063715/; classtype:trojan-activity;sid:83926815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063716)"; flow:established,from_client; content:"GET"; http_method; content:"/27732302912131.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063716/; classtype:trojan-activity;sid:83926816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063717)"; flow:established,from_client; content:"GET"; http_method; content:"/183222740917008.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063717/; classtype:trojan-activity;sid:83926817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063718)"; flow:established,from_client; content:"GET"; http_method; content:"/240702223723210.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063718/; classtype:trojan-activity;sid:83926818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063719)"; flow:established,from_client; content:"GET"; http_method; content:"/293453925026.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063719/; classtype:trojan-activity;sid:83926819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063720)"; flow:established,from_client; content:"GET"; http_method; content:"/48121709111246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063720/; classtype:trojan-activity;sid:83926820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063721)"; flow:established,from_client; content:"GET"; http_method; content:"/185382785731260.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063721/; classtype:trojan-activity;sid:83926821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063722)"; flow:established,from_client; content:"GET"; http_method; content:"/28622300615912.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063722/; classtype:trojan-activity;sid:83926822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063723)"; flow:established,from_client; content:"GET"; http_method; content:"/17959616912130.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063723/; classtype:trojan-activity;sid:83926823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063724)"; flow:established,from_client; content:"GET"; http_method; content:"/196452519319596.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063724/; classtype:trojan-activity;sid:83926824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063725)"; flow:established,from_client; content:"GET"; http_method; content:"/7662560923358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063725/; classtype:trojan-activity;sid:83926825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063726)"; flow:established,from_client; content:"GET"; http_method; content:"/710162113845.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063726/; classtype:trojan-activity;sid:83926826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063727)"; flow:established,from_client; content:"GET"; http_method; content:"/1871393130833.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063727/; classtype:trojan-activity;sid:83926827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063728)"; flow:established,from_client; content:"GET"; http_method; content:"/721256141486.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063728/; classtype:trojan-activity;sid:83926828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063729)"; flow:established,from_client; content:"GET"; http_method; content:"/1493680295905.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063729/; classtype:trojan-activity;sid:83926829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063730)"; flow:established,from_client; content:"GET"; http_method; content:"/3714240625358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063730/; classtype:trojan-activity;sid:83926830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063693)"; flow:established,from_client; content:"GET"; http_method; content:"/47141987620729.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063693/; classtype:trojan-activity;sid:83926793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063694)"; flow:established,from_client; content:"GET"; http_method; content:"/85112116625809.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063694/; classtype:trojan-activity;sid:83926794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063695)"; flow:established,from_client; content:"GET"; http_method; content:"/1111263555411.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063695/; classtype:trojan-activity;sid:83926795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063696)"; flow:established,from_client; content:"GET"; http_method; content:"/282882462825858.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063696/; classtype:trojan-activity;sid:83926796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063697)"; flow:established,from_client; content:"GET"; http_method; content:"/159642403518699.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063697/; classtype:trojan-activity;sid:83926797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063698)"; flow:established,from_client; content:"GET"; http_method; content:"/16512111009916.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063698/; classtype:trojan-activity;sid:83926798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063699)"; flow:established,from_client; content:"GET"; http_method; content:"/70133027720297.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063699/; classtype:trojan-activity;sid:83926799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063700)"; flow:established,from_client; content:"GET"; http_method; content:"/112762799311874.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063700/; classtype:trojan-activity;sid:83926800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063701)"; flow:established,from_client; content:"GET"; http_method; content:"/3418233547651.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063701/; classtype:trojan-activity;sid:83926801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063702)"; flow:established,from_client; content:"GET"; http_method; content:"/28792574431684.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063702/; classtype:trojan-activity;sid:83926802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063703)"; flow:established,from_client; content:"GET"; http_method; content:"/9074271717066.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063703/; classtype:trojan-activity;sid:83926803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063704)"; flow:established,from_client; content:"GET"; http_method; content:"/258321656031949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063704/; classtype:trojan-activity;sid:83926804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063705)"; flow:established,from_client; content:"GET"; http_method; content:"/225742142723127.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063705/; classtype:trojan-activity;sid:83926805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063706)"; flow:established,from_client; content:"GET"; http_method; content:"/65192552717977.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063706/; classtype:trojan-activity;sid:83926806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063707)"; flow:established,from_client; content:"GET"; http_method; content:"/271422574128375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063707/; classtype:trojan-activity;sid:83926807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063708)"; flow:established,from_client; content:"GET"; http_method; content:"/113883084112122.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063708/; classtype:trojan-activity;sid:83926808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063709)"; flow:established,from_client; content:"GET"; http_method; content:"/6840784313807.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063709/; classtype:trojan-activity;sid:83926809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063710)"; flow:established,from_client; content:"GET"; http_method; content:"/179732851022052.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063710/; classtype:trojan-activity;sid:83926810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063711)"; flow:established,from_client; content:"GET"; http_method; content:"/16134278330185.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063711/; classtype:trojan-activity;sid:83926811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063712)"; flow:established,from_client; content:"GET"; http_method; content:"/6691249755586.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063712/; classtype:trojan-activity;sid:83926812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063713)"; flow:established,from_client; content:"GET"; http_method; content:"/261082872331996.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063713/; classtype:trojan-activity;sid:83926813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063714)"; flow:established,from_client; content:"GET"; http_method; content:"/30742057426029.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063714/; classtype:trojan-activity;sid:83926814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063690)"; flow:established,from_client; content:"GET"; http_method; content:"/11971114317060.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063690/; classtype:trojan-activity;sid:83926790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063691)"; flow:established,from_client; content:"GET"; http_method; content:"/14045293869401.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063691/; classtype:trojan-activity;sid:83926791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063692)"; flow:established,from_client; content:"GET"; http_method; content:"/26334159312437.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063692/; classtype:trojan-activity;sid:83926792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063664)"; flow:established,from_client; content:"GET"; http_method; content:"/202811428928372.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063664/; classtype:trojan-activity;sid:83926764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063665)"; flow:established,from_client; content:"GET"; http_method; content:"/303632922821244.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063665/; classtype:trojan-activity;sid:83926765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063666)"; flow:established,from_client; content:"GET"; http_method; content:"/10021225958516.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063666/; classtype:trojan-activity;sid:83926766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063667)"; flow:established,from_client; content:"GET"; http_method; content:"/157732148715945.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063667/; classtype:trojan-activity;sid:83926767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063668)"; flow:established,from_client; content:"GET"; http_method; content:"/7607213729806.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063668/; classtype:trojan-activity;sid:83926768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063669)"; flow:established,from_client; content:"GET"; http_method; content:"/9753910413140.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063669/; classtype:trojan-activity;sid:83926769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063670)"; flow:established,from_client; content:"GET"; http_method; content:"/21854102773609.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063670/; classtype:trojan-activity;sid:83926770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063671)"; flow:established,from_client; content:"GET"; http_method; content:"/297331327429949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063671/; classtype:trojan-activity;sid:83926771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063672)"; flow:established,from_client; content:"GET"; http_method; content:"/209012524319550.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063672/; classtype:trojan-activity;sid:83926772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063673)"; flow:established,from_client; content:"GET"; http_method; content:"/3099531828214.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063673/; classtype:trojan-activity;sid:83926773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063674)"; flow:established,from_client; content:"GET"; http_method; content:"/20831255771415.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063674/; classtype:trojan-activity;sid:83926774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063675)"; flow:established,from_client; content:"GET"; http_method; content:"/62693180814501.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063675/; classtype:trojan-activity;sid:83926775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063676)"; flow:established,from_client; content:"GET"; http_method; content:"/2433346094121.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063676/; classtype:trojan-activity;sid:83926776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063677)"; flow:established,from_client; content:"GET"; http_method; content:"/5336150120480.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063677/; classtype:trojan-activity;sid:83926777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063678)"; flow:established,from_client; content:"GET"; http_method; content:"/23602228684844.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063678/; classtype:trojan-activity;sid:83926778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063679)"; flow:established,from_client; content:"GET"; http_method; content:"/134881886712041.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063679/; classtype:trojan-activity;sid:83926779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063680)"; flow:established,from_client; content:"GET"; http_method; content:"/14217940225195.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063680/; classtype:trojan-activity;sid:83926780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063681)"; flow:established,from_client; content:"GET"; http_method; content:"/143163224613766.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063681/; classtype:trojan-activity;sid:83926781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063682)"; flow:established,from_client; content:"GET"; http_method; content:"/5685636510042.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063682/; classtype:trojan-activity;sid:83926782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063683)"; flow:established,from_client; content:"GET"; http_method; content:"/126951871630094.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063683/; classtype:trojan-activity;sid:83926783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063684)"; flow:established,from_client; content:"GET"; http_method; content:"/13645730022686.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063684/; classtype:trojan-activity;sid:83926784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063685)"; flow:established,from_client; content:"GET"; http_method; content:"/8578413221070.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063685/; classtype:trojan-activity;sid:83926785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063686)"; flow:established,from_client; content:"GET"; http_method; content:"/242191824627282.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063686/; classtype:trojan-activity;sid:83926786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063687)"; flow:established,from_client; content:"GET"; http_method; content:"/78102414516540.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063687/; classtype:trojan-activity;sid:83926787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063688)"; flow:established,from_client; content:"GET"; http_method; content:"/160551844320505.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063688/; classtype:trojan-activity;sid:83926788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063689)"; flow:established,from_client; content:"GET"; http_method; content:"/25909643110239.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063689/; classtype:trojan-activity;sid:83926789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063651)"; flow:established,from_client; content:"GET"; http_method; content:"/28258172047292.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063651/; classtype:trojan-activity;sid:83926751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063652)"; flow:established,from_client; content:"GET"; http_method; content:"/275602608018447.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063652/; classtype:trojan-activity;sid:83926752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063653)"; flow:established,from_client; content:"GET"; http_method; content:"/235713873942.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063653/; classtype:trojan-activity;sid:83926753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063654)"; flow:established,from_client; content:"GET"; http_method; content:"/22509121009108.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063654/; classtype:trojan-activity;sid:83926754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063655)"; flow:established,from_client; content:"GET"; http_method; content:"/219952090612375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063655/; classtype:trojan-activity;sid:83926755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063656)"; flow:established,from_client; content:"GET"; http_method; content:"/161101029419095.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063656/; classtype:trojan-activity;sid:83926756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063657)"; flow:established,from_client; content:"GET"; http_method; content:"/2230877325584.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063657/; classtype:trojan-activity;sid:83926757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063658)"; flow:established,from_client; content:"GET"; http_method; content:"/7570552717192.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063658/; classtype:trojan-activity;sid:83926758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063659)"; flow:established,from_client; content:"GET"; http_method; content:"/14117938220213.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063659/; classtype:trojan-activity;sid:83926759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063660)"; flow:established,from_client; content:"GET"; http_method; content:"/19786138996700.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063660/; classtype:trojan-activity;sid:83926760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063661)"; flow:established,from_client; content:"GET"; http_method; content:"/16433258548766.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063661/; classtype:trojan-activity;sid:83926761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063662)"; flow:established,from_client; content:"GET"; http_method; content:"/100382520127498.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063662/; classtype:trojan-activity;sid:83926762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063663)"; flow:established,from_client; content:"GET"; http_method; content:"/17777753213985.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063663/; classtype:trojan-activity;sid:83926763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063612)"; flow:established,from_client; content:"GET"; http_method; content:"/2442990412424.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063612/; classtype:trojan-activity;sid:83926712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063613)"; flow:established,from_client; content:"GET"; http_method; content:"/269270317692.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063613/; classtype:trojan-activity;sid:83926713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063614)"; flow:established,from_client; content:"GET"; http_method; content:"/17283221221217.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063614/; classtype:trojan-activity;sid:83926714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063615)"; flow:established,from_client; content:"GET"; http_method; content:"/162173226519808.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063615/; classtype:trojan-activity;sid:83926715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063616)"; flow:established,from_client; content:"GET"; http_method; content:"/116963157065.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063616/; classtype:trojan-activity;sid:83926716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063617)"; flow:established,from_client; content:"GET"; http_method; content:"/48111999325022.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063617/; classtype:trojan-activity;sid:83926717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063618)"; flow:established,from_client; content:"GET"; http_method; content:"/160191646713871.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063618/; classtype:trojan-activity;sid:83926718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063619)"; flow:established,from_client; content:"GET"; http_method; content:"/126402128422578.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063619/; classtype:trojan-activity;sid:83926719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063620)"; flow:established,from_client; content:"GET"; http_method; content:"/3173488889198.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063620/; classtype:trojan-activity;sid:83926720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063621)"; flow:established,from_client; content:"GET"; http_method; content:"/320312909623919.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063621/; classtype:trojan-activity;sid:83926721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063622)"; flow:established,from_client; content:"GET"; http_method; content:"/16407240006521.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063622/; classtype:trojan-activity;sid:83926722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063623)"; flow:established,from_client; content:"GET"; http_method; content:"/3144435225931.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063623/; classtype:trojan-activity;sid:83926723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063624)"; flow:established,from_client; content:"GET"; http_method; content:"/21210513926246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063624/; classtype:trojan-activity;sid:83926724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063625)"; flow:established,from_client; content:"GET"; http_method; content:"/21526169013219.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063625/; classtype:trojan-activity;sid:83926725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063626)"; flow:established,from_client; content:"GET"; http_method; content:"/6254308077500.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063626/; classtype:trojan-activity;sid:83926726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063627)"; flow:established,from_client; content:"GET"; http_method; content:"/293581802922445.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063627/; classtype:trojan-activity;sid:83926727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063628)"; flow:established,from_client; content:"GET"; http_method; content:"/14240320923345.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063628/; classtype:trojan-activity;sid:83926728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063629)"; flow:established,from_client; content:"GET"; http_method; content:"/2939869728525.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063629/; classtype:trojan-activity;sid:83926729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063630)"; flow:established,from_client; content:"GET"; http_method; content:"/25028894717122.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063630/; classtype:trojan-activity;sid:83926730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063631)"; flow:established,from_client; content:"GET"; http_method; content:"/28208068589.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063631/; classtype:trojan-activity;sid:83926731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063632)"; flow:established,from_client; content:"GET"; http_method; content:"/904513631560.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063632/; classtype:trojan-activity;sid:83926732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063633)"; flow:established,from_client; content:"GET"; http_method; content:"/25123256582352.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063633/; classtype:trojan-activity;sid:83926733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063634)"; flow:established,from_client; content:"GET"; http_method; content:"/80311668531588.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063634/; classtype:trojan-activity;sid:83926734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063635)"; flow:established,from_client; content:"GET"; http_method; content:"/3572246549187.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063635/; classtype:trojan-activity;sid:83926735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063636)"; flow:established,from_client; content:"GET"; http_method; content:"/196371523423251.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063636/; classtype:trojan-activity;sid:83926736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063637)"; flow:established,from_client; content:"GET"; http_method; content:"/21218949518664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063637/; classtype:trojan-activity;sid:83926737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063638)"; flow:established,from_client; content:"GET"; http_method; content:"/194642919326010.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063638/; classtype:trojan-activity;sid:83926738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063639)"; flow:established,from_client; content:"GET"; http_method; content:"/154121319421467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063639/; classtype:trojan-activity;sid:83926739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063640)"; flow:established,from_client; content:"GET"; http_method; content:"/1047698831771.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063640/; classtype:trojan-activity;sid:83926740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063641)"; flow:established,from_client; content:"GET"; http_method; content:"/13505279848351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063641/; classtype:trojan-activity;sid:83926741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063642)"; flow:established,from_client; content:"GET"; http_method; content:"/21209181316742.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063642/; classtype:trojan-activity;sid:83926742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063643)"; flow:established,from_client; content:"GET"; http_method; content:"/2645972026200.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063643/; classtype:trojan-activity;sid:83926743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063644)"; flow:established,from_client; content:"GET"; http_method; content:"/47312627127348.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063644/; classtype:trojan-activity;sid:83926744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063645)"; flow:established,from_client; content:"GET"; http_method; content:"/58121393721311.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063645/; classtype:trojan-activity;sid:83926745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063646)"; flow:established,from_client; content:"GET"; http_method; content:"/26203177426594.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063646/; classtype:trojan-activity;sid:83926746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063647)"; flow:established,from_client; content:"GET"; http_method; content:"/25035723513366.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063647/; classtype:trojan-activity;sid:83926747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063648)"; flow:established,from_client; content:"GET"; http_method; content:"/162312656229872.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063648/; classtype:trojan-activity;sid:83926748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063649)"; flow:established,from_client; content:"GET"; http_method; content:"/20371580615655.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063649/; classtype:trojan-activity;sid:83926749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063650)"; flow:established,from_client; content:"GET"; http_method; content:"/163412250512119.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudslimit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063650/; classtype:trojan-activity;sid:83926750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.23.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063611/; classtype:trojan-activity;sid:83926711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063609)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.82.85"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063609/; classtype:trojan-activity;sid:83926709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063610)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.186.45.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063610/; classtype:trojan-activity;sid:83926710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.81.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063607/; classtype:trojan-activity;sid:83926707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.225.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063608/; classtype:trojan-activity;sid:83926708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.31.168.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063606/; classtype:trojan-activity;sid:83926706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.212.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063605/; classtype:trojan-activity;sid:83926705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.129.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063604/; classtype:trojan-activity;sid:83926704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.144.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063603/; classtype:trojan-activity;sid:83926703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.227.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063602/; classtype:trojan-activity;sid:83926702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.24.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063601/; classtype:trojan-activity;sid:83926701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.46.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063600/; classtype:trojan-activity;sid:83926700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.127.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063599/; classtype:trojan-activity;sid:83926699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063598)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.8.36.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063598/; classtype:trojan-activity;sid:83926698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063597)"; flow:established,from_client; content:"GET"; http_method; content:"/ldvb/0105"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"visualizer.website"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063597/; classtype:trojan-activity;sid:83926697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063596)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/ld2207-88703.appspot.com/o/ldmx2207|3f|alt=media|7c|26|7c|token=ea4d3172-9ea9-4c03-96a7-2174419c6a1e"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063596/; classtype:trojan-activity;sid:83926696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.168.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063595/; classtype:trojan-activity;sid:83926695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063593)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.132.76.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063593/; classtype:trojan-activity;sid:83926693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063594)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.206.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063594/; classtype:trojan-activity;sid:83926694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063592)"; flow:established,from_client; content:"GET"; http_method; content:"/ldvb/pw"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.131.117.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063592/; classtype:trojan-activity;sid:83926692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.249.60.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063591/; classtype:trojan-activity;sid:83926691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063590)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.130.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063590/; classtype:trojan-activity;sid:83926690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.192.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063589/; classtype:trojan-activity;sid:83926689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.253.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063588/; classtype:trojan-activity;sid:83926688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.10.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063587/; classtype:trojan-activity;sid:83926687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.187.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063586/; classtype:trojan-activity;sid:83926686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.27.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063585/; classtype:trojan-activity;sid:83926685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.4.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063584/; classtype:trojan-activity;sid:83926684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.212.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063583/; classtype:trojan-activity;sid:83926683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.225.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063582/; classtype:trojan-activity;sid:83926682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.222.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063581/; classtype:trojan-activity;sid:83926681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.44.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063580/; classtype:trojan-activity;sid:83926680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.155.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063579/; classtype:trojan-activity;sid:83926679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.214.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063578/; classtype:trojan-activity;sid:83926678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.85.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063577/; classtype:trojan-activity;sid:83926677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.103.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063576/; classtype:trojan-activity;sid:83926676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.6.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063575/; classtype:trojan-activity;sid:83926675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.226.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063574/; classtype:trojan-activity;sid:83926674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.187.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063573/; classtype:trojan-activity;sid:83926673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.45.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063572/; classtype:trojan-activity;sid:83926672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063571)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.185.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063571/; classtype:trojan-activity;sid:83926671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.253.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063570/; classtype:trojan-activity;sid:83926670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063568)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.172.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063568/; classtype:trojan-activity;sid:83926668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.62.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063569/; classtype:trojan-activity;sid:83926669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.10.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063566/; classtype:trojan-activity;sid:83926666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.63.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063567/; classtype:trojan-activity;sid:83926667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.97.184.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063565/; classtype:trojan-activity;sid:83926665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.81.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063564/; classtype:trojan-activity;sid:83926664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.92.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063563/; classtype:trojan-activity;sid:83926663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.166.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063562/; classtype:trojan-activity;sid:83926662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.167.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063561/; classtype:trojan-activity;sid:83926661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.174.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063560/; classtype:trojan-activity;sid:83926660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063558)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.52.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063558/; classtype:trojan-activity;sid:83926658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.92.160"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063559/; classtype:trojan-activity;sid:83926659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063557)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.216.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063557/; classtype:trojan-activity;sid:83926657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063556)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.120.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063556/; classtype:trojan-activity;sid:83926656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.155.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063555/; classtype:trojan-activity;sid:83926655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.44.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063554/; classtype:trojan-activity;sid:83926654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.227.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063553/; classtype:trojan-activity;sid:83926653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.214.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063552/; classtype:trojan-activity;sid:83926652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.6.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063551/; classtype:trojan-activity;sid:83926651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.226.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063550/; classtype:trojan-activity;sid:83926650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.147.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063549/; classtype:trojan-activity;sid:83926649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.147.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063548/; classtype:trojan-activity;sid:83926648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.97.184.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063547/; classtype:trojan-activity;sid:83926647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063546)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.254.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063546/; classtype:trojan-activity;sid:83926646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063544)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.137.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063544/; classtype:trojan-activity;sid:83926644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.24.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063545/; classtype:trojan-activity;sid:83926645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063543)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.22.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063543/; classtype:trojan-activity;sid:83926643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.113.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063542/; classtype:trojan-activity;sid:83926642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.2.3"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063541/; classtype:trojan-activity;sid:83926641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.81.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063540/; classtype:trojan-activity;sid:83926640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063539)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.199.110.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063539/; classtype:trojan-activity;sid:83926639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.166.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063538/; classtype:trojan-activity;sid:83926638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.79.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063537/; classtype:trojan-activity;sid:83926637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.214.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063536/; classtype:trojan-activity;sid:83926636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.191.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063535/; classtype:trojan-activity;sid:83926635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.9.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063534/; classtype:trojan-activity;sid:83926634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.57.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063533/; classtype:trojan-activity;sid:83926633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063530)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.63.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063530/; classtype:trojan-activity;sid:83926630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.113.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063531/; classtype:trojan-activity;sid:83926631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063532/; classtype:trojan-activity;sid:83926632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.81.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063529/; classtype:trojan-activity;sid:83926629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.194.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063528/; classtype:trojan-activity;sid:83926628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063527)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063527/; classtype:trojan-activity;sid:83926627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063525)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.132.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063525/; classtype:trojan-activity;sid:83926625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.31.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063526/; classtype:trojan-activity;sid:83926626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.163.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063524/; classtype:trojan-activity;sid:83926624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.112.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063523/; classtype:trojan-activity;sid:83926623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.110.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063522/; classtype:trojan-activity;sid:83926622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.235.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063521/; classtype:trojan-activity;sid:83926621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.182.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063519/; classtype:trojan-activity;sid:83926619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.117.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063520/; classtype:trojan-activity;sid:83926620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.9.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063518/; classtype:trojan-activity;sid:83926618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.243.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063517/; classtype:trojan-activity;sid:83926617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.206.84.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063516/; classtype:trojan-activity;sid:83926616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063514)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.184.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063514/; classtype:trojan-activity;sid:83926614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063515)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.180.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063515/; classtype:trojan-activity;sid:83926615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063513)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.16.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063513/; classtype:trojan-activity;sid:83926613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063512)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063512/; classtype:trojan-activity;sid:83926612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.136.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063511/; classtype:trojan-activity;sid:83926611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063510)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.209.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063510/; classtype:trojan-activity;sid:83926610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.33.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063509/; classtype:trojan-activity;sid:83926609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063507)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.16.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063507/; classtype:trojan-activity;sid:83926607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063508)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063508/; classtype:trojan-activity;sid:83926608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063506)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.162.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063506/; classtype:trojan-activity;sid:83926606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063505)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.208.3.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063505/; classtype:trojan-activity;sid:83926605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.2.3"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063504/; classtype:trojan-activity;sid:83926604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.65.157"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063503/; classtype:trojan-activity;sid:83926603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.125.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063502/; classtype:trojan-activity;sid:83926602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.226.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063501/; classtype:trojan-activity;sid:83926601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.79.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063500/; classtype:trojan-activity;sid:83926600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.194.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063499/; classtype:trojan-activity;sid:83926599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.75.208.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063498/; classtype:trojan-activity;sid:83926598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.143.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063497/; classtype:trojan-activity;sid:83926597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.118.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063496/; classtype:trojan-activity;sid:83926596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063495)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.98.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063495/; classtype:trojan-activity;sid:83926595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.235.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063494/; classtype:trojan-activity;sid:83926594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.110.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063493/; classtype:trojan-activity;sid:83926593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.243.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063492/; classtype:trojan-activity;sid:83926592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.191.66.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063491/; classtype:trojan-activity;sid:83926591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.112.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063490/; classtype:trojan-activity;sid:83926590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.117.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063489/; classtype:trojan-activity;sid:83926589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063488)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.125.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063488/; classtype:trojan-activity;sid:83926588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.34.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063487/; classtype:trojan-activity;sid:83926587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.34.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063486/; classtype:trojan-activity;sid:83926586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.133.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063485/; classtype:trojan-activity;sid:83926585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063484)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.50.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063484/; classtype:trojan-activity;sid:83926584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063483)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.226.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063483/; classtype:trojan-activity;sid:83926583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.9.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063482/; classtype:trojan-activity;sid:83926582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.75.208.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063481/; classtype:trojan-activity;sid:83926581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.169.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063480/; classtype:trojan-activity;sid:83926580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.132.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063479/; classtype:trojan-activity;sid:83926579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.152.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063478/; classtype:trojan-activity;sid:83926578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063477)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.94.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063477/; classtype:trojan-activity;sid:83926577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063476)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.40.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063476/; classtype:trojan-activity;sid:83926576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063475)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.174.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063475/; classtype:trojan-activity;sid:83926575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063474)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.21.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063474/; classtype:trojan-activity;sid:83926574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.33.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063473/; classtype:trojan-activity;sid:83926573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.66.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063472/; classtype:trojan-activity;sid:83926572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.184.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063471/; classtype:trojan-activity;sid:83926571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.248.123.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063470/; classtype:trojan-activity;sid:83926570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063469)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"117.235.103.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063469/; classtype:trojan-activity;sid:83926569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063468)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.170.201.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063468/; classtype:trojan-activity;sid:83926568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.226.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063467/; classtype:trojan-activity;sid:83926567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.102.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063466/; classtype:trojan-activity;sid:83926566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.14.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063465/; classtype:trojan-activity;sid:83926565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063464)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.209.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063464/; classtype:trojan-activity;sid:83926564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063462)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.79.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063462/; classtype:trojan-activity;sid:83926562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.145.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063463/; classtype:trojan-activity;sid:83926563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.218.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063461/; classtype:trojan-activity;sid:83926561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.238.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063460/; classtype:trojan-activity;sid:83926560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.100.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063459/; classtype:trojan-activity;sid:83926559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063458)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.54.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063458/; classtype:trojan-activity;sid:83926558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.6.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063457/; classtype:trojan-activity;sid:83926557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.248.123.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063456/; classtype:trojan-activity;sid:83926556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.168.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063454/; classtype:trojan-activity;sid:83926554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.184.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063455/; classtype:trojan-activity;sid:83926555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063453)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.21.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063453/; classtype:trojan-activity;sid:83926553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063451)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.93.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063451/; classtype:trojan-activity;sid:83926551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063452)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.124.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063452/; classtype:trojan-activity;sid:83926552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.152.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063450/; classtype:trojan-activity;sid:83926550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.124.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063449/; classtype:trojan-activity;sid:83926549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.226.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063448/; classtype:trojan-activity;sid:83926548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.5.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063447/; classtype:trojan-activity;sid:83926547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.9.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063446/; classtype:trojan-activity;sid:83926546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063445)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.94.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063445/; classtype:trojan-activity;sid:83926545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.108.67.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063444/; classtype:trojan-activity;sid:83926544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.115.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063443/; classtype:trojan-activity;sid:83926543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.0.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063442/; classtype:trojan-activity;sid:83926542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.249.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063441/; classtype:trojan-activity;sid:83926541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.90.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063440/; classtype:trojan-activity;sid:83926540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.241.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063439/; classtype:trojan-activity;sid:83926539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063438)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.2.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063438/; classtype:trojan-activity;sid:83926538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063437)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.129.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063437/; classtype:trojan-activity;sid:83926537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.184.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063436/; classtype:trojan-activity;sid:83926536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.249.60.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063435/; classtype:trojan-activity;sid:83926535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.6.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063434/; classtype:trojan-activity;sid:83926534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.218.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063433/; classtype:trojan-activity;sid:83926533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063432)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.100.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063432/; classtype:trojan-activity;sid:83926532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.242.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063431/; classtype:trojan-activity;sid:83926531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.90.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063430/; classtype:trojan-activity;sid:83926530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.168.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063429/; classtype:trojan-activity;sid:83926529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063428)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.92.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063428/; classtype:trojan-activity;sid:83926528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063427)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.233.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063427/; classtype:trojan-activity;sid:83926527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063426)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.35.160.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063426/; classtype:trojan-activity;sid:83926526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063424)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.8.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063424/; classtype:trojan-activity;sid:83926524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.5.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063425/; classtype:trojan-activity;sid:83926525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.175.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063423/; classtype:trojan-activity;sid:83926523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063419)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.8.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063419/; classtype:trojan-activity;sid:83926519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063420)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.8.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063420/; classtype:trojan-activity;sid:83926520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063421)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.8.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063421/; classtype:trojan-activity;sid:83926521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063422)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.8.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063422/; classtype:trojan-activity;sid:83926522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063418)"; flow:established,from_client; content:"GET"; http_method; content:"/d6212e86883d3906/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.92.244.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063418/; classtype:trojan-activity;sid:83926518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063417)"; flow:established,from_client; content:"GET"; http_method; content:"/d6212e86883d3906/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.92.244.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063417/; classtype:trojan-activity;sid:83926517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063415)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.174.155.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063415/; classtype:trojan-activity;sid:83926515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063416)"; flow:established,from_client; content:"GET"; http_method; content:"/d6212e86883d3906/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.92.244.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063416/; classtype:trojan-activity;sid:83926516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063412)"; flow:established,from_client; content:"GET"; http_method; content:"/d6212e86883d3906/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.92.244.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063412/; classtype:trojan-activity;sid:83926512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063413)"; flow:established,from_client; content:"GET"; http_method; content:"/d6212e86883d3906/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"91.92.244.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063413/; classtype:trojan-activity;sid:83926513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063414)"; flow:established,from_client; content:"GET"; http_method; content:"/d6212e86883d3906/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"91.92.244.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063414/; classtype:trojan-activity;sid:83926514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063411)"; flow:established,from_client; content:"GET"; http_method; content:"/d6212e86883d3906/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"91.92.244.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063411/; classtype:trojan-activity;sid:83926511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063407)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/filemikko.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"77.91.77.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063407/; classtype:trojan-activity;sid:83926507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063408)"; flow:established,from_client; content:"GET"; http_method; content:"/uploaded/jxtcjm84e3nbgp4mm.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"libyaalahrar.co"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063408/; classtype:trojan-activity;sid:83926508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063409)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.8.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063409/; classtype:trojan-activity;sid:83926509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063410)"; flow:established,from_client; content:"GET"; http_method; content:"/wercjeo/robo.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.196.10.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063410/; classtype:trojan-activity;sid:83926510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.249.60.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063406/; classtype:trojan-activity;sid:83926506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.47.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063405/; classtype:trojan-activity;sid:83926505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063404)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"yimvm.pages.microcloud360.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063404/; classtype:trojan-activity;sid:83926504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.233.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063403/; classtype:trojan-activity;sid:83926503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.115.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063402/; classtype:trojan-activity;sid:83926502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.249.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063401/; classtype:trojan-activity;sid:83926501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.4.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063400/; classtype:trojan-activity;sid:83926500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.4.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063399/; classtype:trojan-activity;sid:83926499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.217.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063398/; classtype:trojan-activity;sid:83926498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.214.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063397/; classtype:trojan-activity;sid:83926497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063396)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.182.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063396/; classtype:trojan-activity;sid:83926496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063395)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.235.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063395/; classtype:trojan-activity;sid:83926495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063394)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.250.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063394/; classtype:trojan-activity;sid:83926494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.43.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063393/; classtype:trojan-activity;sid:83926493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.170.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063392/; classtype:trojan-activity;sid:83926492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.242.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063391/; classtype:trojan-activity;sid:83926491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063389)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.160.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063389/; classtype:trojan-activity;sid:83926489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063390)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.94.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063390/; classtype:trojan-activity;sid:83926490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063386)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.14.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063386/; classtype:trojan-activity;sid:83926486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063387)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.56.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063387/; classtype:trojan-activity;sid:83926487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063388)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.62.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063388/; classtype:trojan-activity;sid:83926488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063385)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.103.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063385/; classtype:trojan-activity;sid:83926485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.67.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063384/; classtype:trojan-activity;sid:83926484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.214.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063383/; classtype:trojan-activity;sid:83926483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.165.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063382/; classtype:trojan-activity;sid:83926482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.164.178.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063381/; classtype:trojan-activity;sid:83926481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.234.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063380/; classtype:trojan-activity;sid:83926480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.252.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063379/; classtype:trojan-activity;sid:83926479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.84.78"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063378/; classtype:trojan-activity;sid:83926478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063377)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.35.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063377/; classtype:trojan-activity;sid:83926477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.93.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063376/; classtype:trojan-activity;sid:83926476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063375)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.93.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063375/; classtype:trojan-activity;sid:83926475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.246.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063374/; classtype:trojan-activity;sid:83926474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063373)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.209.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063373/; classtype:trojan-activity;sid:83926473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.170.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063372/; classtype:trojan-activity;sid:83926472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.163.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063371/; classtype:trojan-activity;sid:83926471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.179.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063370/; classtype:trojan-activity;sid:83926470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.56.207.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063369/; classtype:trojan-activity;sid:83926469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.40.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063368/; classtype:trojan-activity;sid:83926468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.248.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063367/; classtype:trojan-activity;sid:83926467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.204.126.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063366/; classtype:trojan-activity;sid:83926466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.248.75.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063365/; classtype:trojan-activity;sid:83926465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063364)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.229.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063364/; classtype:trojan-activity;sid:83926464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.43.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063363/; classtype:trojan-activity;sid:83926463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.178.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063362/; classtype:trojan-activity;sid:83926462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063361/; classtype:trojan-activity;sid:83926461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.51.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063360/; classtype:trojan-activity;sid:83926460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.56.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063358/; classtype:trojan-activity;sid:83926458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.252.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063359/; classtype:trojan-activity;sid:83926459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.13.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063357/; classtype:trojan-activity;sid:83926457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.234.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063356/; classtype:trojan-activity;sid:83926456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.9.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063355/; classtype:trojan-activity;sid:83926455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.93.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063354/; classtype:trojan-activity;sid:83926454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063352)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.10.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063352/; classtype:trojan-activity;sid:83926452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063353)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.176.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063353/; classtype:trojan-activity;sid:83926453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063351)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.23.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063351/; classtype:trojan-activity;sid:83926451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063349)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.175.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063349/; classtype:trojan-activity;sid:83926449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063350)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.180.187.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063350/; classtype:trojan-activity;sid:83926450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063348)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.97.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063348/; classtype:trojan-activity;sid:83926448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063345)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.53.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063345/; classtype:trojan-activity;sid:83926445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063346)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.32.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063346/; classtype:trojan-activity;sid:83926446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063347)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.6.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063347/; classtype:trojan-activity;sid:83926447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063344)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.17.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063344/; classtype:trojan-activity;sid:83926444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063342)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.43.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063342/; classtype:trojan-activity;sid:83926442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063343)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.165.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063343/; classtype:trojan-activity;sid:83926443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.214.157.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063341/; classtype:trojan-activity;sid:83926441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.59.65.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063340/; classtype:trojan-activity;sid:83926440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.126.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063337/; classtype:trojan-activity;sid:83926437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.40.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063338/; classtype:trojan-activity;sid:83926438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.51.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063339/; classtype:trojan-activity;sid:83926439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.111.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063336/; classtype:trojan-activity;sid:83926436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.248.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063335/; classtype:trojan-activity;sid:83926435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.61.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063334/; classtype:trojan-activity;sid:83926434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.204.126.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063333/; classtype:trojan-activity;sid:83926433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.169.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063332/; classtype:trojan-activity;sid:83926432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.248.75.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063331/; classtype:trojan-activity;sid:83926431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063330)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.208.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063330/; classtype:trojan-activity;sid:83926430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063329)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.225.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063329/; classtype:trojan-activity;sid:83926429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.185.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063328/; classtype:trojan-activity;sid:83926428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.95.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063327/; classtype:trojan-activity;sid:83926427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063326/; classtype:trojan-activity;sid:83926426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063325)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.190.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063325/; classtype:trojan-activity;sid:83926425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.150.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063324/; classtype:trojan-activity;sid:83926424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063323)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.56.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063323/; classtype:trojan-activity;sid:83926423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.170.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063322/; classtype:trojan-activity;sid:83926422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.59.65.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063321/; classtype:trojan-activity;sid:83926421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.45.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063320/; classtype:trojan-activity;sid:83926420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063319)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.59.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063319/; classtype:trojan-activity;sid:83926419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063318)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.52.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063318/; classtype:trojan-activity;sid:83926418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.214.157.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063317/; classtype:trojan-activity;sid:83926417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.9.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063316/; classtype:trojan-activity;sid:83926416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.61.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063315/; classtype:trojan-activity;sid:83926415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.169.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063314/; classtype:trojan-activity;sid:83926414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.203.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063313/; classtype:trojan-activity;sid:83926413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.1.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063312/; classtype:trojan-activity;sid:83926412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.77.69.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063311/; classtype:trojan-activity;sid:83926411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.185.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063310/; classtype:trojan-activity;sid:83926410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.181.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063309/; classtype:trojan-activity;sid:83926409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063307)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.170.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063307/; classtype:trojan-activity;sid:83926407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063308)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.33.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063308/; classtype:trojan-activity;sid:83926408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.190.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063306/; classtype:trojan-activity;sid:83926406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063305)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.27.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063305/; classtype:trojan-activity;sid:83926405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.95.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063304/; classtype:trojan-activity;sid:83926404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.162.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063302/; classtype:trojan-activity;sid:83926402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.86.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063303/; classtype:trojan-activity;sid:83926403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.81.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063301/; classtype:trojan-activity;sid:83926401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.45.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063300/; classtype:trojan-activity;sid:83926400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.45.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063299/; classtype:trojan-activity;sid:83926399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.129.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063298/; classtype:trojan-activity;sid:83926398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.251.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063297/; classtype:trojan-activity;sid:83926397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063296)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.125.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063296/; classtype:trojan-activity;sid:83926396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063294)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.100.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063294/; classtype:trojan-activity;sid:83926394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063295)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.196.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063295/; classtype:trojan-activity;sid:83926395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.92.160"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063293/; classtype:trojan-activity;sid:83926393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.7.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063292/; classtype:trojan-activity;sid:83926392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.77.69.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063291/; classtype:trojan-activity;sid:83926391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063290)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.123.89.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063290/; classtype:trojan-activity;sid:83926390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.162.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063289/; classtype:trojan-activity;sid:83926389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.181.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063287/; classtype:trojan-activity;sid:83926387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.203.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063288/; classtype:trojan-activity;sid:83926388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063285)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.228.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063285/; classtype:trojan-activity;sid:83926385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.99.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063286/; classtype:trojan-activity;sid:83926386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.86.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063284/; classtype:trojan-activity;sid:83926384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.27.217.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063283/; classtype:trojan-activity;sid:83926383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.150.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063279/; classtype:trojan-activity;sid:83926379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063280)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.141.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063280/; classtype:trojan-activity;sid:83926380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.162.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063281/; classtype:trojan-activity;sid:83926381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063282)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.243.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063282/; classtype:trojan-activity;sid:83926382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.126.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063278/; classtype:trojan-activity;sid:83926378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.114.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063276/; classtype:trojan-activity;sid:83926376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.81.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063277/; classtype:trojan-activity;sid:83926377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.171.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063274/; classtype:trojan-activity;sid:83926374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.10.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063275/; classtype:trojan-activity;sid:83926375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.123.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063272/; classtype:trojan-activity;sid:83926372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.129.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063273/; classtype:trojan-activity;sid:83926373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.187.83.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063271/; classtype:trojan-activity;sid:83926371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.214.47.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063270/; classtype:trojan-activity;sid:83926370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063269)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.9.122.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063269/; classtype:trojan-activity;sid:83926369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063268)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.126.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063268/; classtype:trojan-activity;sid:83926368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.0.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063266/; classtype:trojan-activity;sid:83926366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.162.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063264/; classtype:trojan-activity;sid:83926364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.181.116.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063263/; classtype:trojan-activity;sid:83926363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.228.0.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063262/; classtype:trojan-activity;sid:83926362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063261)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.215.202.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063261/; classtype:trojan-activity;sid:83926361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063253)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.8.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063253/; classtype:trojan-activity;sid:83926353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063254)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.156.8.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063254/; classtype:trojan-activity;sid:83926354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.214.13.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063255/; classtype:trojan-activity;sid:83926355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.59.191.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063256/; classtype:trojan-activity;sid:83926356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063257)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.121.3.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063257/; classtype:trojan-activity;sid:83926357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063258)"; flow:established,from_client; content:"GET"; http_method; content:"/41/winiti.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"198.46.174.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063258/; classtype:trojan-activity;sid:83926358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063259)"; flow:established,from_client; content:"GET"; http_method; content:"/66066/winiti.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"198.46.174.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063259/; classtype:trojan-activity;sid:83926359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063260)"; flow:established,from_client; content:"GET"; http_method; content:"/wasabi.msi"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"filespot.is"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063260/; classtype:trojan-activity;sid:83926360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063251)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.8.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063251/; classtype:trojan-activity;sid:83926351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063252)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.8.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063252/; classtype:trojan-activity;sid:83926352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.165.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063250/; classtype:trojan-activity;sid:83926350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063249)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.10.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063249/; classtype:trojan-activity;sid:83926349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063248)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.99.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063248/; classtype:trojan-activity;sid:83926348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063247)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.141.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063247/; classtype:trojan-activity;sid:83926347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063246)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.171.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063246/; classtype:trojan-activity;sid:83926346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.114.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063245/; classtype:trojan-activity;sid:83926345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.171.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063244/; classtype:trojan-activity;sid:83926344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.10.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063243/; classtype:trojan-activity;sid:83926343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.187.83.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063242/; classtype:trojan-activity;sid:83926342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.123.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063241/; classtype:trojan-activity;sid:83926341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.99.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063240/; classtype:trojan-activity;sid:83926340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.13.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063239/; classtype:trojan-activity;sid:83926339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.47.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063238/; classtype:trojan-activity;sid:83926338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.181.116.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063237/; classtype:trojan-activity;sid:83926337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.165.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063236/; classtype:trojan-activity;sid:83926336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063235)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.143.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063235/; classtype:trojan-activity;sid:83926335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063234)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.85.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063234/; classtype:trojan-activity;sid:83926334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.132.162.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063233/; classtype:trojan-activity;sid:83926333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.0.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063232/; classtype:trojan-activity;sid:83926332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063230)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.160.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063230/; classtype:trojan-activity;sid:83926330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063231)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.220.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063231/; classtype:trojan-activity;sid:83926331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063229)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.175.161.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063229/; classtype:trojan-activity;sid:83926329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.130.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063228/; classtype:trojan-activity;sid:83926328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.199.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063227/; classtype:trojan-activity;sid:83926327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.182.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063226/; classtype:trojan-activity;sid:83926326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.59.191.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063225/; classtype:trojan-activity;sid:83926325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.52.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063224/; classtype:trojan-activity;sid:83926324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.78.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063223/; classtype:trojan-activity;sid:83926323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063221)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.163.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063221/; classtype:trojan-activity;sid:83926321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063222)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.213.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063222/; classtype:trojan-activity;sid:83926322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063219)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063219/; classtype:trojan-activity;sid:83926319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063220)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.43.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063220/; classtype:trojan-activity;sid:83926320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063218)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.87.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063218/; classtype:trojan-activity;sid:83926318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.113.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063217/; classtype:trojan-activity;sid:83926317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.250.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063216/; classtype:trojan-activity;sid:83926316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.75.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063215/; classtype:trojan-activity;sid:83926315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.195.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063214/; classtype:trojan-activity;sid:83926314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.240.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063213/; classtype:trojan-activity;sid:83926313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.87.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063211/; classtype:trojan-activity;sid:83926311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.12.206.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063212/; classtype:trojan-activity;sid:83926312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063210)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.117.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063210/; classtype:trojan-activity;sid:83926310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.60.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063209/; classtype:trojan-activity;sid:83926309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063208)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.25.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063208/; classtype:trojan-activity;sid:83926308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063207)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.151.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063207/; classtype:trojan-activity;sid:83926307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063206)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.65.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063206/; classtype:trojan-activity;sid:83926306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.131.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063205/; classtype:trojan-activity;sid:83926305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.48.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063204/; classtype:trojan-activity;sid:83926304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.199.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063203/; classtype:trojan-activity;sid:83926303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.206.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063202/; classtype:trojan-activity;sid:83926302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.180.149.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063201/; classtype:trojan-activity;sid:83926301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.66.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063200/; classtype:trojan-activity;sid:83926300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.117.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063199/; classtype:trojan-activity;sid:83926299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.107.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063198/; classtype:trojan-activity;sid:83926298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.1.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063197/; classtype:trojan-activity;sid:83926297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063196)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i486"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"154.9.249.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063196/; classtype:trojan-activity;sid:83926296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063195)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.66.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063195/; classtype:trojan-activity;sid:83926295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063194)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.84.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063194/; classtype:trojan-activity;sid:83926294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063193)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.244.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063193/; classtype:trojan-activity;sid:83926293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.122.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063192/; classtype:trojan-activity;sid:83926292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063191)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.223.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063191/; classtype:trojan-activity;sid:83926291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.113.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063190/; classtype:trojan-activity;sid:83926290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.75.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063189/; classtype:trojan-activity;sid:83926289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.48.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063188/; classtype:trojan-activity;sid:83926288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.240.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063187/; classtype:trojan-activity;sid:83926287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.179.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063186/; classtype:trojan-activity;sid:83926286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.163.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063184/; classtype:trojan-activity;sid:83926284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.103.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063185/; classtype:trojan-activity;sid:83926285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063182)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"sssfheyuyu.bond"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063182/; classtype:trojan-activity;sid:83926282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063183)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"4837.aisb.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063183/; classtype:trojan-activity;sid:83926283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.48.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063181/; classtype:trojan-activity;sid:83926281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063180)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.165.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063180/; classtype:trojan-activity;sid:83926280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.51.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063178/; classtype:trojan-activity;sid:83926278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063179)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.234.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063179/; classtype:trojan-activity;sid:83926279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063177)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.180.32.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063177/; classtype:trojan-activity;sid:83926277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063176)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.177.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063176/; classtype:trojan-activity;sid:83926276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063175)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.190.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063175/; classtype:trojan-activity;sid:83926275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063174)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.220.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063174/; classtype:trojan-activity;sid:83926274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.166.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063173/; classtype:trojan-activity;sid:83926273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.25.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063172/; classtype:trojan-activity;sid:83926272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.195.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063171/; classtype:trojan-activity;sid:83926271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.32.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063170/; classtype:trojan-activity;sid:83926270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.223.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063169/; classtype:trojan-activity;sid:83926269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.66.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063168/; classtype:trojan-activity;sid:83926268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.131.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063167/; classtype:trojan-activity;sid:83926267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.1.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063166/; classtype:trojan-activity;sid:83926266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.122.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063165/; classtype:trojan-activity;sid:83926265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.0.43"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063164/; classtype:trojan-activity;sid:83926264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063161)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.227.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063161/; classtype:trojan-activity;sid:83926261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063162)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.117.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063162/; classtype:trojan-activity;sid:83926262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.181.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063163/; classtype:trojan-activity;sid:83926263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063160)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.10.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063160/; classtype:trojan-activity;sid:83926260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063158)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.105.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063158/; classtype:trojan-activity;sid:83926258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063159)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.173.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063159/; classtype:trojan-activity;sid:83926259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.160.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063157/; classtype:trojan-activity;sid:83926257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.48.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063156/; classtype:trojan-activity;sid:83926256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.15.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063154/; classtype:trojan-activity;sid:83926254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.52.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063155/; classtype:trojan-activity;sid:83926255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.8.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063153/; classtype:trojan-activity;sid:83926253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.179.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063152/; classtype:trojan-activity;sid:83926252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.163.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063151/; classtype:trojan-activity;sid:83926251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063150/; classtype:trojan-activity;sid:83926250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.127.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063149/; classtype:trojan-activity;sid:83926249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.237.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063147/; classtype:trojan-activity;sid:83926247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.51.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063148/; classtype:trojan-activity;sid:83926248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.144.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063146/; classtype:trojan-activity;sid:83926246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063145)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.91.153.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063145/; classtype:trojan-activity;sid:83926245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063144)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.181.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063144/; classtype:trojan-activity;sid:83926244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063143)"; flow:established,from_client; content:"GET"; http_method; content:"/rinqu.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.105.132.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063143/; classtype:trojan-activity;sid:83926243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063142)"; flow:established,from_client; content:"GET"; http_method; content:"/jrn10.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.105.132.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063142/; classtype:trojan-activity;sid:83926242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063141)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.229.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063141/; classtype:trojan-activity;sid:83926241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.234.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063140/; classtype:trojan-activity;sid:83926240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.127.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063139/; classtype:trojan-activity;sid:83926239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.222.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063138/; classtype:trojan-activity;sid:83926238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.1.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063137/; classtype:trojan-activity;sid:83926237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.68.142.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063135/; classtype:trojan-activity;sid:83926235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.192.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063136/; classtype:trojan-activity;sid:83926236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.25.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063134/; classtype:trojan-activity;sid:83926234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.108.67.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063133/; classtype:trojan-activity;sid:83926233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.181.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063132/; classtype:trojan-activity;sid:83926232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.127.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063131/; classtype:trojan-activity;sid:83926231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063130)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.239.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063130/; classtype:trojan-activity;sid:83926230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.160.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063129/; classtype:trojan-activity;sid:83926229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.69.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063128/; classtype:trojan-activity;sid:83926228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.11.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063127/; classtype:trojan-activity;sid:83926227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.228.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063126/; classtype:trojan-activity;sid:83926226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.237.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063125/; classtype:trojan-activity;sid:83926225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.113.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063124/; classtype:trojan-activity;sid:83926224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.166.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063123/; classtype:trojan-activity;sid:83926223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063122)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.99.227"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063122/; classtype:trojan-activity;sid:83926222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063121)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.11.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063121/; classtype:trojan-activity;sid:83926221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063119)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.237.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063119/; classtype:trojan-activity;sid:83926219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.15.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063120/; classtype:trojan-activity;sid:83926220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.127.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063118/; classtype:trojan-activity;sid:83926218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.88.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063117/; classtype:trojan-activity;sid:83926217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.0.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063116/; classtype:trojan-activity;sid:83926216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.203.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063115/; classtype:trojan-activity;sid:83926215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.15.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063114/; classtype:trojan-activity;sid:83926214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.28.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063112/; classtype:trojan-activity;sid:83926212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.189.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063113/; classtype:trojan-activity;sid:83926213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.52.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063111/; classtype:trojan-activity;sid:83926211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063110)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.230.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063110/; classtype:trojan-activity;sid:83926210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.114.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063108/; classtype:trojan-activity;sid:83926208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.180.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063109/; classtype:trojan-activity;sid:83926209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.125.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063107/; classtype:trojan-activity;sid:83926207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.11.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063105/; classtype:trojan-activity;sid:83926205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.197.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063104/; classtype:trojan-activity;sid:83926204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.238.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063103/; classtype:trojan-activity;sid:83926203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.35.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063102/; classtype:trojan-activity;sid:83926202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.69.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063101/; classtype:trojan-activity;sid:83926201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"67.214.245.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063100/; classtype:trojan-activity;sid:83926200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.138.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063099/; classtype:trojan-activity;sid:83926199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.4.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063097/; classtype:trojan-activity;sid:83926197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.24.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063098/; classtype:trojan-activity;sid:83926198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063096)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.0.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063096/; classtype:trojan-activity;sid:83926196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.15.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063095/; classtype:trojan-activity;sid:83926195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063094)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.39.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063094/; classtype:trojan-activity;sid:83926194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.25.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063093/; classtype:trojan-activity;sid:83926193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063092/; classtype:trojan-activity;sid:83926192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.97.145.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063091/; classtype:trojan-activity;sid:83926191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.42.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063090/; classtype:trojan-activity;sid:83926190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.5.17.47"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063089/; classtype:trojan-activity;sid:83926189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.189.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063088/; classtype:trojan-activity;sid:83926188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.252.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063087/; classtype:trojan-activity;sid:83926187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.131.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063086/; classtype:trojan-activity;sid:83926186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.91.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063085/; classtype:trojan-activity;sid:83926185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.177.28.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063084/; classtype:trojan-activity;sid:83926184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063083)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic6.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"mussangroup.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063083/; classtype:trojan-activity;sid:83926183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.88.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063082/; classtype:trojan-activity;sid:83926182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063081)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.30.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063081/; classtype:trojan-activity;sid:83926181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063080)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.238.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063080/; classtype:trojan-activity;sid:83926180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.214.245.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063079/; classtype:trojan-activity;sid:83926179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.4.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063078/; classtype:trojan-activity;sid:83926178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063077)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.117.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063077/; classtype:trojan-activity;sid:83926177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063076)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.93.109.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063076/; classtype:trojan-activity;sid:83926176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.252.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063075/; classtype:trojan-activity;sid:83926175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.24.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063074/; classtype:trojan-activity;sid:83926174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063071)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"4837.aisb.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063071/; classtype:trojan-activity;sid:83926171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063072)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"4837.aisb.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063072/; classtype:trojan-activity;sid:83926172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063073)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"4837.aisb.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063073/; classtype:trojan-activity;sid:83926173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063063)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"4837.aisb.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063063/; classtype:trojan-activity;sid:83926163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063064)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i486"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"4837.aisb.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063064/; classtype:trojan-activity;sid:83926164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063065)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"4837.aisb.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063065/; classtype:trojan-activity;sid:83926165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063066)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"4837.aisb.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063066/; classtype:trojan-activity;sid:83926166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063067)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"4837.aisb.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063067/; classtype:trojan-activity;sid:83926167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063068)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"4837.aisb.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063068/; classtype:trojan-activity;sid:83926168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063069)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"4837.aisb.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063069/; classtype:trojan-activity;sid:83926169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063070)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"4837.aisb.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063070/; classtype:trojan-activity;sid:83926170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063058)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"4837.aisb.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063058/; classtype:trojan-activity;sid:83926158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063059)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"4837.aisb.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063059/; classtype:trojan-activity;sid:83926159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063060)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"4837.aisb.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063060/; classtype:trojan-activity;sid:83926160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063061)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"4837.aisb.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063061/; classtype:trojan-activity;sid:83926161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063062)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"sssfheyuyu.bond"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063062/; classtype:trojan-activity;sid:83926162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063056)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"sssfheyuyu.bond"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063056/; classtype:trojan-activity;sid:83926156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063057)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"sssfheyuyu.bond"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063057/; classtype:trojan-activity;sid:83926157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063044)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"sssfheyuyu.bond"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063044/; classtype:trojan-activity;sid:83926144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063045)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"sssfheyuyu.bond"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063045/; classtype:trojan-activity;sid:83926145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063046)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"sssfheyuyu.bond"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063046/; classtype:trojan-activity;sid:83926146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063047)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"sssfheyuyu.bond"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063047/; classtype:trojan-activity;sid:83926147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063048)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"sssfheyuyu.bond"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063048/; classtype:trojan-activity;sid:83926148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063049)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"sssfheyuyu.bond"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063049/; classtype:trojan-activity;sid:83926149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063050)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"sssfheyuyu.bond"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063050/; classtype:trojan-activity;sid:83926150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063051)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"sssfheyuyu.bond"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063051/; classtype:trojan-activity;sid:83926151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063052)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"sssfheyuyu.bond"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063052/; classtype:trojan-activity;sid:83926152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063053)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i486"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"sssfheyuyu.bond"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063053/; classtype:trojan-activity;sid:83926153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063054)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"sssfheyuyu.bond"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063054/; classtype:trojan-activity;sid:83926154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063055)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"sssfheyuyu.bond"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063055/; classtype:trojan-activity;sid:83926155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.10.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063043/; classtype:trojan-activity;sid:83926143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.97.145.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063042/; classtype:trojan-activity;sid:83926142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.177.28.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063041/; classtype:trojan-activity;sid:83926141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.173.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063040/; classtype:trojan-activity;sid:83926140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063024)"; flow:established,from_client; content:"GET"; http_method; content:"/bins2/dlr.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"46.23.108.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063024/; classtype:trojan-activity;sid:83926124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063025)"; flow:established,from_client; content:"GET"; http_method; content:"/bins2/dlr.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"46.23.108.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063025/; classtype:trojan-activity;sid:83926125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063026)"; flow:established,from_client; content:"GET"; http_method; content:"/bins2/dlr.x586"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"46.23.108.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063026/; classtype:trojan-activity;sid:83926126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063027)"; flow:established,from_client; content:"GET"; http_method; content:"/bins2/dlr.i486"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"46.23.108.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063027/; classtype:trojan-activity;sid:83926127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063028)"; flow:established,from_client; content:"GET"; http_method; content:"/bins2/dlr.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"46.23.108.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063028/; classtype:trojan-activity;sid:83926128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063029)"; flow:established,from_client; content:"GET"; http_method; content:"/bins2/dlr.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"46.23.108.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063029/; classtype:trojan-activity;sid:83926129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063030)"; flow:established,from_client; content:"GET"; http_method; content:"/bins2/dlr.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"46.23.108.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063030/; classtype:trojan-activity;sid:83926130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063031)"; flow:established,from_client; content:"GET"; http_method; content:"/bins2/dlr.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"46.23.108.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063031/; classtype:trojan-activity;sid:83926131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063032)"; flow:established,from_client; content:"GET"; http_method; content:"/bins2/dlr.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"46.23.108.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063032/; classtype:trojan-activity;sid:83926132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063033)"; flow:established,from_client; content:"GET"; http_method; content:"/bins2/dlr.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"46.23.108.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063033/; classtype:trojan-activity;sid:83926133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063034)"; flow:established,from_client; content:"GET"; http_method; content:"/bins2/dlr.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"46.23.108.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063034/; classtype:trojan-activity;sid:83926134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063035)"; flow:established,from_client; content:"GET"; http_method; content:"/8usa.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.23.108.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063035/; classtype:trojan-activity;sid:83926135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063036)"; flow:established,from_client; content:"GET"; http_method; content:"/bins2/dlr.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"46.23.108.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063036/; classtype:trojan-activity;sid:83926136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063037)"; flow:established,from_client; content:"GET"; http_method; content:"/bins2/hoho-lugo7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"46.23.108.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063037/; classtype:trojan-activity;sid:83926137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.170.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063038/; classtype:trojan-activity;sid:83926138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063039)"; flow:established,from_client; content:"GET"; http_method; content:"/bins2/dlr.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"46.23.108.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063039/; classtype:trojan-activity;sid:83926139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.211.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063023/; classtype:trojan-activity;sid:83926123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.228.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063021/; classtype:trojan-activity;sid:83926121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063007)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"46.23.108.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063007/; classtype:trojan-activity;sid:83926107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063004)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"46.23.108.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063004/; classtype:trojan-activity;sid:83926104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063005)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"46.23.108.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063005/; classtype:trojan-activity;sid:83926105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063006)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"46.23.108.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063006/; classtype:trojan-activity;sid:83926106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.9.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063001/; classtype:trojan-activity;sid:83926101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063002)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"46.23.108.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063002/; classtype:trojan-activity;sid:83926102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063003)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.i486"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"46.23.108.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063003/; classtype:trojan-activity;sid:83926103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062995)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"46.23.108.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062995/; classtype:trojan-activity;sid:83926095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062996)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"46.23.108.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062996/; classtype:trojan-activity;sid:83926096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062997)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"46.23.108.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062997/; classtype:trojan-activity;sid:83926097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062998)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.i586"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"46.23.108.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062998/; classtype:trojan-activity;sid:83926098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062999)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"46.23.108.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062999/; classtype:trojan-activity;sid:83926099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063000)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"46.23.108.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063000/; classtype:trojan-activity;sid:83926100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062994)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"46.23.108.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062994/; classtype:trojan-activity;sid:83926094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062993)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.254.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062993/; classtype:trojan-activity;sid:83926093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.191.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062992/; classtype:trojan-activity;sid:83926092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.252.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062991/; classtype:trojan-activity;sid:83926091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.91.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062990/; classtype:trojan-activity;sid:83926090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.152.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062989/; classtype:trojan-activity;sid:83926089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.37.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062988/; classtype:trojan-activity;sid:83926088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.174.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062987/; classtype:trojan-activity;sid:83926087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062986)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.216.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062986/; classtype:trojan-activity;sid:83926086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.183.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062984/; classtype:trojan-activity;sid:83926084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.115.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062985/; classtype:trojan-activity;sid:83926085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062983)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/ed/wegivemebackwithentiresituationstogetmebackwithentireprocesswithmesheisverygreatfulgirlwith______________sheisbeautifulgirlalwaysforme.doc"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"198.46.178.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062983/; classtype:trojan-activity;sid:83926083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062982)"; flow:established,from_client; content:"GET"; http_method; content:"/uploaded/jxtcjm84e3nbgp4.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"libyaalahrar.co"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062982/; classtype:trojan-activity;sid:83926082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.245.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062981/; classtype:trojan-activity;sid:83926081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.170.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062980/; classtype:trojan-activity;sid:83926080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.252.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062979/; classtype:trojan-activity;sid:83926079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.63.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062978/; classtype:trojan-activity;sid:83926078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.136.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062977/; classtype:trojan-activity;sid:83926077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062976)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062976/; classtype:trojan-activity;sid:83926076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.161.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062975/; classtype:trojan-activity;sid:83926075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.118.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062974/; classtype:trojan-activity;sid:83926074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062973)"; flow:established,from_client; content:"GET"; http_method; content:"/88099/itsseemsgoodforeveryonetogetme.gif"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"167.99.204.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062973/; classtype:trojan-activity;sid:83926073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.183.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062971/; classtype:trojan-activity;sid:83926071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062972)"; flow:established,from_client; content:"GET"; http_method; content:"/88099/mnb/itslooklikeverythingfinebutunluckyiamnotfindedanygirlforfuckingitseemsreallygreatgirlalways_______sheisreallynicetolooklikefinegirls.doc"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"167.99.204.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062972/; classtype:trojan-activity;sid:83926072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062970)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.11.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062970/; classtype:trojan-activity;sid:83926070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.175.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062969/; classtype:trojan-activity;sid:83926069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.173.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062968/; classtype:trojan-activity;sid:83926068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.10.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062967/; classtype:trojan-activity;sid:83926067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062966)"; flow:established,from_client; content:"GET"; http_method; content:"/purez/olololol/szcqryde.vdf"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062966/; classtype:trojan-activity;sid:83926066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062965)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"v77146.hosted-by-vdsina.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062965/; classtype:trojan-activity;sid:83926065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062964)"; flow:established,from_client; content:"GET"; http_method; content:"/yorksufg/233_lsxftylibdx"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062964/; classtype:trojan-activity;sid:83926064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062963)"; flow:established,from_client; content:"GET"; http_method; content:"/purez/olololol/szcqryde.vdf"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062963/; classtype:trojan-activity;sid:83926063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062962)"; flow:established,from_client; content:"GET"; http_method; content:"/joghhnsondgfgfd/233_ftutwmtphaz"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062962/; classtype:trojan-activity;sid:83926062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062944)"; flow:established,from_client; content:"GET"; http_method; content:"/mondyas/233_mtvyqixmgrd"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062944/; classtype:trojan-activity;sid:83926044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062945)"; flow:established,from_client; content:"GET"; http_method; content:"/mikesteven/233_zjbpgypzemt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062945/; classtype:trojan-activity;sid:83926045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062946)"; flow:established,from_client; content:"GET"; http_method; content:"/3456546543/233_ykuhrsmpynx"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062946/; classtype:trojan-activity;sid:83926046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062947)"; flow:established,from_client; content:"GET"; http_method; content:"/jack/233_qzvpholtlqa"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062947/; classtype:trojan-activity;sid:83926047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062948)"; flow:established,from_client; content:"GET"; http_method; content:"/johonwetk/233_ykmxjnnncim"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062948/; classtype:trojan-activity;sid:83926048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062949)"; flow:established,from_client; content:"GET"; http_method; content:"/jacksonwillams/233_mxryfxfaxxr"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062949/; classtype:trojan-activity;sid:83926049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062950)"; flow:established,from_client; content:"GET"; http_method; content:"/896i4fhjgojh/233_dpnshkcheye"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062950/; classtype:trojan-activity;sid:83926050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062951)"; flow:established,from_client; content:"GET"; http_method; content:"/johonwetk/233_ykmxjnnncim"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062951/; classtype:trojan-activity;sid:83926051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062952)"; flow:established,from_client; content:"GET"; http_method; content:"/mikela/233_xirnkxhvuzw"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062952/; classtype:trojan-activity;sid:83926052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062953)"; flow:established,from_client; content:"GET"; http_method; content:"/hojhkkgd/233_ivttedvulfz"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062953/; classtype:trojan-activity;sid:83926053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062954)"; flow:established,from_client; content:"GET"; http_method; content:"/yorksufg/233_lsxftylibdx"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062954/; classtype:trojan-activity;sid:83926054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062955)"; flow:established,from_client; content:"GET"; http_method; content:"/vicmjohnsone/233_tbfogcgrnhn"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062955/; classtype:trojan-activity;sid:83926055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062956)"; flow:established,from_client; content:"GET"; http_method; content:"/896i4fhjgojh/233_dpnshkcheye"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062956/; classtype:trojan-activity;sid:83926056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062957)"; flow:established,from_client; content:"GET"; http_method; content:"/ezinnejohnson/233_ziomvtbcyzn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062957/; classtype:trojan-activity;sid:83926057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062958)"; flow:established,from_client; content:"GET"; http_method; content:"/mikela/233_xirnkxhvuzw"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062958/; classtype:trojan-activity;sid:83926058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062959)"; flow:established,from_client; content:"GET"; http_method; content:"/mondyas/233_mtvyqixmgrd"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062959/; classtype:trojan-activity;sid:83926059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062960)"; flow:established,from_client; content:"GET"; http_method; content:"/vicmjohnsone/233_tbfogcgrnhn"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062960/; classtype:trojan-activity;sid:83926060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062961)"; flow:established,from_client; content:"GET"; http_method; content:"/ezinnejohnson/233_ziomvtbcyzn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062961/; classtype:trojan-activity;sid:83926061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062926)"; flow:established,from_client; content:"GET"; http_method; content:"/cikef/233_xfdkmtvqcor"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062926/; classtype:trojan-activity;sid:83926026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062927)"; flow:established,from_client; content:"GET"; http_method; content:"/johnson/233_akaglaeyyld"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062927/; classtype:trojan-activity;sid:83926027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062928)"; flow:established,from_client; content:"GET"; http_method; content:"/kojilef/233_wgzdgpswtnw"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062928/; classtype:trojan-activity;sid:83926028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062929)"; flow:established,from_client; content:"GET"; http_method; content:"/miketyrye/233_gmjkepalhsb"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062929/; classtype:trojan-activity;sid:83926029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062930)"; flow:established,from_client; content:"GET"; http_method; content:"/hjjkjhg/233_eofxtsyczpg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062930/; classtype:trojan-activity;sid:83926030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062931)"; flow:established,from_client; content:"GET"; http_method; content:"/jack/233_qzvpholtlqa"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062931/; classtype:trojan-activity;sid:83926031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062932)"; flow:established,from_client; content:"GET"; http_method; content:"/kojilef/233_wgzdgpswtnw"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062932/; classtype:trojan-activity;sid:83926032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062933)"; flow:established,from_client; content:"GET"; http_method; content:"/jacksonwillams/233_mxryfxfaxxr"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062933/; classtype:trojan-activity;sid:83926033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062934)"; flow:established,from_client; content:"GET"; http_method; content:"/johnson/233_akaglaeyyld"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062934/; classtype:trojan-activity;sid:83926034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062935)"; flow:established,from_client; content:"GET"; http_method; content:"/guiolmkhkkfkmgkf/233_rzuwsyluiia"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062935/; classtype:trojan-activity;sid:83926035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062936)"; flow:established,from_client; content:"GET"; http_method; content:"/mikesteven/233_zjbpgypzemt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062936/; classtype:trojan-activity;sid:83926036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062937)"; flow:established,from_client; content:"GET"; http_method; content:"/guiolmkhkkfkmgkf/233_rzuwsyluiia"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062937/; classtype:trojan-activity;sid:83926037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062938)"; flow:established,from_client; content:"GET"; http_method; content:"/miketyrye/233_gmjkepalhsb"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062938/; classtype:trojan-activity;sid:83926038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062939)"; flow:established,from_client; content:"GET"; http_method; content:"/3456546543/233_ykuhrsmpynx"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062939/; classtype:trojan-activity;sid:83926039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062940)"; flow:established,from_client; content:"GET"; http_method; content:"/hjjkjhg/233_eofxtsyczpg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062940/; classtype:trojan-activity;sid:83926040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062941)"; flow:established,from_client; content:"GET"; http_method; content:"/joghhnsondgfgfd/233_ftutwmtphaz"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062941/; classtype:trojan-activity;sid:83926041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062942)"; flow:established,from_client; content:"GET"; http_method; content:"/cikef/233_xfdkmtvqcor"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062942/; classtype:trojan-activity;sid:83926042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062943)"; flow:established,from_client; content:"GET"; http_method; content:"/hojhkkgd/233_ivttedvulfz"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"oluwavegasclassproject.net.in"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062943/; classtype:trojan-activity;sid:83926043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.99.223.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062925/; classtype:trojan-activity;sid:83926025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062922)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7|3f|ddos"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"109.107.166.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062922/; classtype:trojan-activity;sid:83926022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.93.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062920/; classtype:trojan-activity;sid:83926020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.215.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062921/; classtype:trojan-activity;sid:83926021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062918)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"109.107.166.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062918/; classtype:trojan-activity;sid:83926018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062919)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"109.107.166.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062919/; classtype:trojan-activity;sid:83926019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062917)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"109.107.166.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062917/; classtype:trojan-activity;sid:83926017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062916)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"109.107.166.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062916/; classtype:trojan-activity;sid:83926016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.170.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062915/; classtype:trojan-activity;sid:83926015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.37.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062914/; classtype:trojan-activity;sid:83926014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.211.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062913/; classtype:trojan-activity;sid:83926013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.115.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062912/; classtype:trojan-activity;sid:83926012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.170.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062911/; classtype:trojan-activity;sid:83926011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.152.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062910/; classtype:trojan-activity;sid:83926010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.0.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062909/; classtype:trojan-activity;sid:83926009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062908)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.4.62.105"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062908/; classtype:trojan-activity;sid:83926008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.91.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062906/; classtype:trojan-activity;sid:83926006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.124.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062907/; classtype:trojan-activity;sid:83926007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062904)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.204.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062904/; classtype:trojan-activity;sid:83926004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062905)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.80.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062905/; classtype:trojan-activity;sid:83926005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062903)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.16.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062903/; classtype:trojan-activity;sid:83926003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062902)"; flow:established,from_client; content:"GET"; http_method; content:"/yvaelqbemcpe176.bin"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"204.10.160.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062902/; classtype:trojan-activity;sid:83926002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062900)"; flow:established,from_client; content:"GET"; http_method; content:"/dkhsaugagjnrjg147.bin"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"204.10.160.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062900/; classtype:trojan-activity;sid:83926000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062901/; classtype:trojan-activity;sid:83926001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.219.13.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062899/; classtype:trojan-activity;sid:83925999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062898)"; flow:established,from_client; content:"GET"; http_method; content:"/qvjidnki74.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"172.93.222.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062898/; classtype:trojan-activity;sid:83925998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062897/; classtype:trojan-activity;sid:83925997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.183.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062896/; classtype:trojan-activity;sid:83925996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.22.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062895/; classtype:trojan-activity;sid:83925995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.2.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062894/; classtype:trojan-activity;sid:83925994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.225.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062893/; classtype:trojan-activity;sid:83925993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.112.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062892/; classtype:trojan-activity;sid:83925992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062891)"; flow:established,from_client; content:"GET"; http_method; content:"/blink"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"77.90.22.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062891/; classtype:trojan-activity;sid:83925991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.189.174.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062890/; classtype:trojan-activity;sid:83925990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062889)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.211.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062889/; classtype:trojan-activity;sid:83925989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062887)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.242.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062887/; classtype:trojan-activity;sid:83925987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062888)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.40.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062888/; classtype:trojan-activity;sid:83925988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062886)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.2.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062886/; classtype:trojan-activity;sid:83925986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062885)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.36.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062885/; classtype:trojan-activity;sid:83925985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062884)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.14.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062884/; classtype:trojan-activity;sid:83925984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.109.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062883/; classtype:trojan-activity;sid:83925983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062882)"; flow:established,from_client; content:"GET"; http_method; content:"/90290/somethingnewthingsareupmeforgirls.gif"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"172.245.123.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062882/; classtype:trojan-activity;sid:83925982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.141.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062881/; classtype:trojan-activity;sid:83925981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062880)"; flow:established,from_client; content:"GET"; http_method; content:"/90290/gdc/somethingnewthingsarecomingtomyhandwhichgivenmeagreatthingsintothehandsheis_________________verybeautiygirlwhoilovedmealotsheismygirl.doc"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"172.245.123.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062880/; classtype:trojan-activity;sid:83925980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062879)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.180.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062879/; classtype:trojan-activity;sid:83925979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.215.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062878/; classtype:trojan-activity;sid:83925978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062877)"; flow:established,from_client; content:"GET"; http_method; content:"/52/rgg/simplethingshappeningnewthingstobegetinbackmywordsintheworldthingstogetbackheresheisgreatthingstobeinline________________sheiswhattogetbacksheisgreat.doc"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"91.134.103.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062877/; classtype:trojan-activity;sid:83925977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062876)"; flow:established,from_client; content:"GET"; http_method; content:"/52/simplethingstohappenedarethings.gif"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"91.134.103.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062876/; classtype:trojan-activity;sid:83925976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062875)"; flow:established,from_client; content:"GET"; http_method; content:"/938/gu/simplethingseverywherehappeningwithgreatthingstobeonlinewithgreatattitudeandentirethingsgreat_______wenicetogetmebackwithnew.doc"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"46.183.222.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062875/; classtype:trojan-activity;sid:83925975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062874)"; flow:established,from_client; content:"GET"; http_method; content:"/938/simpleweightcreatednicething.gif"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"46.183.222.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062874/; classtype:trojan-activity;sid:83925974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062873)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.165.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062873/; classtype:trojan-activity;sid:83925973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062870)"; flow:established,from_client; content:"GET"; http_method; content:"/thissystemchangingentireprocessverygreattounderstandallthingsaregoodtohear___hehavingthegreatresultsbacktothegirlshand.doc"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"107.175.229.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062870/; classtype:trojan-activity;sid:83925970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062871)"; flow:established,from_client; content:"GET"; http_method; content:"/mydatinglifeissoggod.vbs"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"107.175.229.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062871/; classtype:trojan-activity;sid:83925971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.245.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062872/; classtype:trojan-activity;sid:83925972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062867)"; flow:established,from_client; content:"GET"; http_method; content:"/55255/newgetibbackweunderstandgreatnew.gif"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"54.38.139.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062867/; classtype:trojan-activity;sid:83925967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062868)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/sab5sspz/paste1.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pastecode.dev"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062868/; classtype:trojan-activity;sid:83925968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062869)"; flow:established,from_client; content:"GET"; http_method; content:"/55255/hbv/wewillgetitbackwithnewthingstounderstandwhatkindofthingsyoupeoplesaredoingwtihmeiamgetinbacktowithme________sheisverybeautifulgirlalwaysiknowwelll.doc"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"54.38.139.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062869/; classtype:trojan-activity;sid:83925969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062866)"; flow:established,from_client; content:"GET"; http_method; content:"/chrome.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.61.134.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062866/; classtype:trojan-activity;sid:83925966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.134.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062865/; classtype:trojan-activity;sid:83925965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.251.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062864/; classtype:trojan-activity;sid:83925964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.99.223.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062863/; classtype:trojan-activity;sid:83925963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.164.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062862/; classtype:trojan-activity;sid:83925962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.0.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062861/; classtype:trojan-activity;sid:83925961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062859)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.118.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062859/; classtype:trojan-activity;sid:83925959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.15.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062860/; classtype:trojan-activity;sid:83925960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.35.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062858/; classtype:trojan-activity;sid:83925958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.178.248.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062857/; classtype:trojan-activity;sid:83925957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.2.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062856/; classtype:trojan-activity;sid:83925956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.213.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062855/; classtype:trojan-activity;sid:83925955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.248.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062854/; classtype:trojan-activity;sid:83925954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062853)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.112.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062853/; classtype:trojan-activity;sid:83925953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.225.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062852/; classtype:trojan-activity;sid:83925952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.125.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062851/; classtype:trojan-activity;sid:83925951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.26.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062850/; classtype:trojan-activity;sid:83925950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.172.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062849/; classtype:trojan-activity;sid:83925949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062848)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.39.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062848/; classtype:trojan-activity;sid:83925948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.86.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062847/; classtype:trojan-activity;sid:83925947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062846)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.100.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062846/; classtype:trojan-activity;sid:83925946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.87.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062843/; classtype:trojan-activity;sid:83925943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.111.102.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062844/; classtype:trojan-activity;sid:83925944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.95.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062845/; classtype:trojan-activity;sid:83925945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.166.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062841/; classtype:trojan-activity;sid:83925941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062842)"; flow:established,from_client; content:"GET"; http_method; content:"/42/winiti.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"198.46.178.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062842/; classtype:trojan-activity;sid:83925942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.188.192.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062839/; classtype:trojan-activity;sid:83925939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.103.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062840/; classtype:trojan-activity;sid:83925940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.82.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062838/; classtype:trojan-activity;sid:83925938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.111.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062837/; classtype:trojan-activity;sid:83925937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.167.129.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062836/; classtype:trojan-activity;sid:83925936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.150.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062835/; classtype:trojan-activity;sid:83925935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062833)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.151.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062833/; classtype:trojan-activity;sid:83925933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062834/; classtype:trojan-activity;sid:83925934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.34.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062831/; classtype:trojan-activity;sid:83925931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.199.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062832/; classtype:trojan-activity;sid:83925932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.172.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062830/; classtype:trojan-activity;sid:83925930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.147.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062828/; classtype:trojan-activity;sid:83925928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.211.61"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062829/; classtype:trojan-activity;sid:83925929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062827)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.168.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062827/; classtype:trojan-activity;sid:83925927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062826)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.247.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062826/; classtype:trojan-activity;sid:83925926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.43.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062825/; classtype:trojan-activity;sid:83925925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.103.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062824/; classtype:trojan-activity;sid:83925924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.104.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062823/; classtype:trojan-activity;sid:83925923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.253.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062822/; classtype:trojan-activity;sid:83925922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.174.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062820/; classtype:trojan-activity;sid:83925920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.83.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062821/; classtype:trojan-activity;sid:83925921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.125.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062819/; classtype:trojan-activity;sid:83925919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062818)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.157.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062818/; classtype:trojan-activity;sid:83925918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.111.102.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062817/; classtype:trojan-activity;sid:83925917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062816)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.214.33.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062816/; classtype:trojan-activity;sid:83925916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.126.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062815/; classtype:trojan-activity;sid:83925915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.86.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062814/; classtype:trojan-activity;sid:83925914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062812)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.147.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062812/; classtype:trojan-activity;sid:83925912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.164.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062813/; classtype:trojan-activity;sid:83925913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.167.129.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062811/; classtype:trojan-activity;sid:83925911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.140.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062810/; classtype:trojan-activity;sid:83925910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.67.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062809/; classtype:trojan-activity;sid:83925909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.150.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062808/; classtype:trojan-activity;sid:83925908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.211.61"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062807/; classtype:trojan-activity;sid:83925907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.212.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062806/; classtype:trojan-activity;sid:83925906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.172.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062805/; classtype:trojan-activity;sid:83925905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.239.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062804/; classtype:trojan-activity;sid:83925904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.34.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062803/; classtype:trojan-activity;sid:83925903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062802/; classtype:trojan-activity;sid:83925902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062801)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.13.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062801/; classtype:trojan-activity;sid:83925901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062799)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062799/; classtype:trojan-activity;sid:83925899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062800)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.126.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062800/; classtype:trojan-activity;sid:83925900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.138.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062798/; classtype:trojan-activity;sid:83925898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062797)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.223.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062797/; classtype:trojan-activity;sid:83925897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.165.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062794/; classtype:trojan-activity;sid:83925894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.43.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062795/; classtype:trojan-activity;sid:83925895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062796)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.7.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062796/; classtype:trojan-activity;sid:83925896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.197.26.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062792/; classtype:trojan-activity;sid:83925892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.86.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062793/; classtype:trojan-activity;sid:83925893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.26.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062791/; classtype:trojan-activity;sid:83925891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.104.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062790/; classtype:trojan-activity;sid:83925890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.225.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062789/; classtype:trojan-activity;sid:83925889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.83.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062788/; classtype:trojan-activity;sid:83925888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.126.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062787/; classtype:trojan-activity;sid:83925887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.253.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062786/; classtype:trojan-activity;sid:83925886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.164.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062785/; classtype:trojan-activity;sid:83925885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062784/; classtype:trojan-activity;sid:83925884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.235.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062783/; classtype:trojan-activity;sid:83925883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.204.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062782/; classtype:trojan-activity;sid:83925882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.149.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062781/; classtype:trojan-activity;sid:83925881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062780)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.251.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062780/; classtype:trojan-activity;sid:83925880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062778)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.82.114.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062778/; classtype:trojan-activity;sid:83925878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062779)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.116.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062779/; classtype:trojan-activity;sid:83925879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062777)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.167.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062777/; classtype:trojan-activity;sid:83925877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062775)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.246.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062775/; classtype:trojan-activity;sid:83925875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.180.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062776/; classtype:trojan-activity;sid:83925876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062774)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.230.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062774/; classtype:trojan-activity;sid:83925874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062773/; classtype:trojan-activity;sid:83925873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.217.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062772/; classtype:trojan-activity;sid:83925872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.68.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062771/; classtype:trojan-activity;sid:83925871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.212.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062770/; classtype:trojan-activity;sid:83925870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.42.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062769/; classtype:trojan-activity;sid:83925869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.239.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062768/; classtype:trojan-activity;sid:83925868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.249.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062765/; classtype:trojan-activity;sid:83925865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.87.75.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062766/; classtype:trojan-activity;sid:83925866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.208.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062767/; classtype:trojan-activity;sid:83925867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"96.33.220.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062764/; classtype:trojan-activity;sid:83925864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.39.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062763/; classtype:trojan-activity;sid:83925863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.247.161.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062762/; classtype:trojan-activity;sid:83925862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.236.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062761/; classtype:trojan-activity;sid:83925861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.102.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062760/; classtype:trojan-activity;sid:83925860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.82.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062759/; classtype:trojan-activity;sid:83925859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.138.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062758/; classtype:trojan-activity;sid:83925858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062757)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.241.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062757/; classtype:trojan-activity;sid:83925857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062755/; classtype:trojan-activity;sid:83925855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062756)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.105.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062756/; classtype:trojan-activity;sid:83925856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.86.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062754/; classtype:trojan-activity;sid:83925854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062753)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.79.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062753/; classtype:trojan-activity;sid:83925853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.236.212.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062752/; classtype:trojan-activity;sid:83925852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.225.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062751/; classtype:trojan-activity;sid:83925851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.197.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062749/; classtype:trojan-activity;sid:83925849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062750/; classtype:trojan-activity;sid:83925850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.90.162.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062748/; classtype:trojan-activity;sid:83925848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.91.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062747/; classtype:trojan-activity;sid:83925847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.235.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062746/; classtype:trojan-activity;sid:83925846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.26.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062745/; classtype:trojan-activity;sid:83925845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.250.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062744/; classtype:trojan-activity;sid:83925844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.204.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062743/; classtype:trojan-activity;sid:83925843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062742)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.120.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062742/; classtype:trojan-activity;sid:83925842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062740)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.156.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062740/; classtype:trojan-activity;sid:83925840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062741)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.127.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062741/; classtype:trojan-activity;sid:83925841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.167.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062738/; classtype:trojan-activity;sid:83925838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.0.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062739/; classtype:trojan-activity;sid:83925839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062737)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.195.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062737/; classtype:trojan-activity;sid:83925837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.216.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062736/; classtype:trojan-activity;sid:83925836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.86.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062735/; classtype:trojan-activity;sid:83925835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062734)"; flow:established,from_client; content:"GET"; http_method; content:"/auto/b4ce62dc9494a376fcfd914dd9b637a3/201.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"116.203.8.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062734/; classtype:trojan-activity;sid:83925834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.2.46.7"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062733/; classtype:trojan-activity;sid:83925833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.32.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062732/; classtype:trojan-activity;sid:83925832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"96.33.220.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062730/; classtype:trojan-activity;sid:83925830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.149.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062731/; classtype:trojan-activity;sid:83925831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.11.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062728/; classtype:trojan-activity;sid:83925828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.249.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062729/; classtype:trojan-activity;sid:83925829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.82.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062727/; classtype:trojan-activity;sid:83925827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.172.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062726/; classtype:trojan-activity;sid:83925826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.236.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062725/; classtype:trojan-activity;sid:83925825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.140.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062723/; classtype:trojan-activity;sid:83925823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.212.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062724/; classtype:trojan-activity;sid:83925824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062722)"; flow:established,from_client; content:"GET"; http_method; content:"/data/1.dat"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.215.85.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062722/; classtype:trojan-activity;sid:83925822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.185.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062721/; classtype:trojan-activity;sid:83925821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.74.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062720/; classtype:trojan-activity;sid:83925820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062719)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.44.151.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062719/; classtype:trojan-activity;sid:83925819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062718)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.65.222.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062718/; classtype:trojan-activity;sid:83925818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062717)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.239.77.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062717/; classtype:trojan-activity;sid:83925817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.231.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062715/; classtype:trojan-activity;sid:83925815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.247.161.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062716/; classtype:trojan-activity;sid:83925816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.91.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062714/; classtype:trojan-activity;sid:83925814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.0.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062713/; classtype:trojan-activity;sid:83925813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.90.162.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062712/; classtype:trojan-activity;sid:83925812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.207.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062711/; classtype:trojan-activity;sid:83925811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.78.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062710/; classtype:trojan-activity;sid:83925810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.184.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062709/; classtype:trojan-activity;sid:83925809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.197.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062708/; classtype:trojan-activity;sid:83925808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.101.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062707/; classtype:trojan-activity;sid:83925807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062706)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.187.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062706/; classtype:trojan-activity;sid:83925806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062705)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.178.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062705/; classtype:trojan-activity;sid:83925805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062704)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.198.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062704/; classtype:trojan-activity;sid:83925804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062703)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.170.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062703/; classtype:trojan-activity;sid:83925803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062702)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"184.186.101.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062702/; classtype:trojan-activity;sid:83925802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062695)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"219.155.208.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062695/; classtype:trojan-activity;sid:83925795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.11.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062696/; classtype:trojan-activity;sid:83925796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062697)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"42.230.57.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062697/; classtype:trojan-activity;sid:83925797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062698)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"80.202.217.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062698/; classtype:trojan-activity;sid:83925798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062699)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"115.61.14.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062699/; classtype:trojan-activity;sid:83925799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.89.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062700/; classtype:trojan-activity;sid:83925800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062701)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"98.167.84.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062701/; classtype:trojan-activity;sid:83925801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.218.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062694/; classtype:trojan-activity;sid:83925794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.214.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062693/; classtype:trojan-activity;sid:83925793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.143.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062692/; classtype:trojan-activity;sid:83925792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.169.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062691/; classtype:trojan-activity;sid:83925791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.112.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062690/; classtype:trojan-activity;sid:83925790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.238.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062688/; classtype:trojan-activity;sid:83925788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.131.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062689/; classtype:trojan-activity;sid:83925789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.185.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062687/; classtype:trojan-activity;sid:83925787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062686)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.197.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062686/; classtype:trojan-activity;sid:83925786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.124.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062685/; classtype:trojan-activity;sid:83925785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062684)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.229.174.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062684/; classtype:trojan-activity;sid:83925784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062683)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.179.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062683/; classtype:trojan-activity;sid:83925783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062682)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.2.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062682/; classtype:trojan-activity;sid:83925782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062681)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.129.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062681/; classtype:trojan-activity;sid:83925781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062678)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062678/; classtype:trojan-activity;sid:83925778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062679)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.50.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062679/; classtype:trojan-activity;sid:83925779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062680)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.209.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062680/; classtype:trojan-activity;sid:83925780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.184.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062677/; classtype:trojan-activity;sid:83925777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.84.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062676/; classtype:trojan-activity;sid:83925776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.215.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062675/; classtype:trojan-activity;sid:83925775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.29.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062674/; classtype:trojan-activity;sid:83925774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062672)"; flow:established,from_client; content:"GET"; http_method; content:"/55/winiti.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"23.254.211.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062672/; classtype:trojan-activity;sid:83925772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062673)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/bvg/simplethingstobegetbacktomewithentirethingsgoinggreatwithnewthingswhichgivenme___________shisgreatthingstobeongreatthingstobeone.doc"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"23.254.211.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062673/; classtype:trojan-activity;sid:83925773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.101.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062671/; classtype:trojan-activity;sid:83925771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.165.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062670/; classtype:trojan-activity;sid:83925770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.232.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062669/; classtype:trojan-activity;sid:83925769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.234.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062668/; classtype:trojan-activity;sid:83925768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.216.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062667/; classtype:trojan-activity;sid:83925767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.225.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062663/; classtype:trojan-activity;sid:83925763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062664)"; flow:established,from_client; content:"GET"; http_method; content:"/rj.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.156.25.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062664/; classtype:trojan-activity;sid:83925764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062665)"; flow:established,from_client; content:"GET"; http_method; content:"/1212.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.156.25.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062665/; classtype:trojan-activity;sid:83925765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062666)"; flow:established,from_client; content:"GET"; http_method; content:"/8.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.156.25.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062666/; classtype:trojan-activity;sid:83925766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.249.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062662/; classtype:trojan-activity;sid:83925762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.30.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062661/; classtype:trojan-activity;sid:83925761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062660)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.177.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062660/; classtype:trojan-activity;sid:83925760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062659)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.11.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062659/; classtype:trojan-activity;sid:83925759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062658)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.43.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062658/; classtype:trojan-activity;sid:83925758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.214.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062657/; classtype:trojan-activity;sid:83925757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062656)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.163.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062656/; classtype:trojan-activity;sid:83925756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.0.118"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062655/; classtype:trojan-activity;sid:83925755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.99.18.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062654/; classtype:trojan-activity;sid:83925754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.99.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062653/; classtype:trojan-activity;sid:83925753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.167.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062652/; classtype:trojan-activity;sid:83925752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.192.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062651/; classtype:trojan-activity;sid:83925751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062649)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.46.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062649/; classtype:trojan-activity;sid:83925749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062650)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.249.48.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062650/; classtype:trojan-activity;sid:83925750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062648)"; flow:established,from_client; content:"GET"; http_method; content:"/bc4253af8601a575/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"85.28.47.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062648/; classtype:trojan-activity;sid:83925748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.13.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062647/; classtype:trojan-activity;sid:83925747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062641)"; flow:established,from_client; content:"GET"; http_method; content:"/bc4253af8601a575/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"85.28.47.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062641/; classtype:trojan-activity;sid:83925741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062642)"; flow:established,from_client; content:"GET"; http_method; content:"/7939a6d45c749897/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"85.28.47.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062642/; classtype:trojan-activity;sid:83925742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062643)"; flow:established,from_client; content:"GET"; http_method; content:"/bc4253af8601a575/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"85.28.47.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062643/; classtype:trojan-activity;sid:83925743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062644)"; flow:established,from_client; content:"GET"; http_method; content:"/7939a6d45c749897/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"85.28.47.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062644/; classtype:trojan-activity;sid:83925744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062645)"; flow:established,from_client; content:"GET"; http_method; content:"/bc4253af8601a575/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"85.28.47.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062645/; classtype:trojan-activity;sid:83925745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062646)"; flow:established,from_client; content:"GET"; http_method; content:"/7939a6d45c749897/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"85.28.47.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062646/; classtype:trojan-activity;sid:83925746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062638)"; flow:established,from_client; content:"GET"; http_method; content:"/7939a6d45c749897/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"85.28.47.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062638/; classtype:trojan-activity;sid:83925738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062639)"; flow:established,from_client; content:"GET"; http_method; content:"/7939a6d45c749897/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"85.28.47.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062639/; classtype:trojan-activity;sid:83925739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.254.205.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062640/; classtype:trojan-activity;sid:83925740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062633)"; flow:established,from_client; content:"GET"; http_method; content:"/7939a6d45c749897/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"85.28.47.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062633/; classtype:trojan-activity;sid:83925733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062634)"; flow:established,from_client; content:"GET"; http_method; content:"/bc4253af8601a575/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"85.28.47.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062634/; classtype:trojan-activity;sid:83925734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062635)"; flow:established,from_client; content:"GET"; http_method; content:"/bc4253af8601a575/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"85.28.47.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062635/; classtype:trojan-activity;sid:83925735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062636)"; flow:established,from_client; content:"GET"; http_method; content:"/bc4253af8601a575/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"85.28.47.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062636/; classtype:trojan-activity;sid:83925736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062637)"; flow:established,from_client; content:"GET"; http_method; content:"/7939a6d45c749897/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"85.28.47.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062637/; classtype:trojan-activity;sid:83925737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.169.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062632/; classtype:trojan-activity;sid:83925732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.125.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062631/; classtype:trojan-activity;sid:83925731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.114.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062630/; classtype:trojan-activity;sid:83925730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.112.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062629/; classtype:trojan-activity;sid:83925729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.121.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062628/; classtype:trojan-activity;sid:83925728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.225.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062627/; classtype:trojan-activity;sid:83925727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062626)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.210.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062626/; classtype:trojan-activity;sid:83925726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062621)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/purchase%20_order_0000089.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"198.23.200.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062621/; classtype:trojan-activity;sid:83925721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.133.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062622/; classtype:trojan-activity;sid:83925722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062623)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/purchase%20_order_0000089.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"198.23.200.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062623/; classtype:trojan-activity;sid:83925723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062624)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/doc_00394039424.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"198.23.200.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062624/; classtype:trojan-activity;sid:83925724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062625)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/doc_00394039424.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"198.23.200.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062625/; classtype:trojan-activity;sid:83925725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.184.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062620/; classtype:trojan-activity;sid:83925720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.188.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062617/; classtype:trojan-activity;sid:83925717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062618)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.250.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062618/; classtype:trojan-activity;sid:83925718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.217.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062619/; classtype:trojan-activity;sid:83925719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062616)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.254.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062616/; classtype:trojan-activity;sid:83925716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.85.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062615/; classtype:trojan-activity;sid:83925715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.132.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062613/; classtype:trojan-activity;sid:83925713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.10.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062614/; classtype:trojan-activity;sid:83925714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.249.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062612/; classtype:trojan-activity;sid:83925712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.99.18.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062611/; classtype:trojan-activity;sid:83925711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.234.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062610/; classtype:trojan-activity;sid:83925710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.104.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062609/; classtype:trojan-activity;sid:83925709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.0.118"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062608/; classtype:trojan-activity;sid:83925708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.254.205.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062607/; classtype:trojan-activity;sid:83925707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.125.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062606/; classtype:trojan-activity;sid:83925706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.13.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062605/; classtype:trojan-activity;sid:83925705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062603)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.135.87"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062603/; classtype:trojan-activity;sid:83925703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062604)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.130.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062604/; classtype:trojan-activity;sid:83925704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062600)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.127.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062600/; classtype:trojan-activity;sid:83925700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.111.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062601/; classtype:trojan-activity;sid:83925701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062602)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062602/; classtype:trojan-activity;sid:83925702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.251.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062599/; classtype:trojan-activity;sid:83925699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.246.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062598/; classtype:trojan-activity;sid:83925698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062597)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062597/; classtype:trojan-activity;sid:83925697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.99.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062596/; classtype:trojan-activity;sid:83925696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.210.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062595/; classtype:trojan-activity;sid:83925695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.239.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062594/; classtype:trojan-activity;sid:83925694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.184.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062593/; classtype:trojan-activity;sid:83925693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.31.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062592/; classtype:trojan-activity;sid:83925692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.188.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062591/; classtype:trojan-activity;sid:83925691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.132.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062590/; classtype:trojan-activity;sid:83925690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.241.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062589/; classtype:trojan-activity;sid:83925689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.251.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062588/; classtype:trojan-activity;sid:83925688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.57.35.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062587/; classtype:trojan-activity;sid:83925687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062586)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.155.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062586/; classtype:trojan-activity;sid:83925686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062585)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.71.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062585/; classtype:trojan-activity;sid:83925685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.163.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062584/; classtype:trojan-activity;sid:83925684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.46.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062583/; classtype:trojan-activity;sid:83925683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062581)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.170.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062581/; classtype:trojan-activity;sid:83925681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.230.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062582/; classtype:trojan-activity;sid:83925682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.245.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062580/; classtype:trojan-activity;sid:83925680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.170.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062579/; classtype:trojan-activity;sid:83925679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.180.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062578/; classtype:trojan-activity;sid:83925678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.78.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062577/; classtype:trojan-activity;sid:83925677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.105.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062576/; classtype:trojan-activity;sid:83925676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.173.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062573/; classtype:trojan-activity;sid:83925673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.183.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062574/; classtype:trojan-activity;sid:83925674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.159.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062575/; classtype:trojan-activity;sid:83925675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.242.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062572/; classtype:trojan-activity;sid:83925672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.174.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062571/; classtype:trojan-activity;sid:83925671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.23.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062570/; classtype:trojan-activity;sid:83925670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062568)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.67.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062568/; classtype:trojan-activity;sid:83925668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.224.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062569/; classtype:trojan-activity;sid:83925669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062567)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.37.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062567/; classtype:trojan-activity;sid:83925667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.225.118.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062566/; classtype:trojan-activity;sid:83925666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.239.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062565/; classtype:trojan-activity;sid:83925665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.82.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062564/; classtype:trojan-activity;sid:83925664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.1.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062563/; classtype:trojan-activity;sid:83925663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.199.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062562/; classtype:trojan-activity;sid:83925662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062561/; classtype:trojan-activity;sid:83925661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.121.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062560/; classtype:trojan-activity;sid:83925660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.167.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062559/; classtype:trojan-activity;sid:83925659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.146.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062558/; classtype:trojan-activity;sid:83925658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.57.35.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062557/; classtype:trojan-activity;sid:83925657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.53.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062556/; classtype:trojan-activity;sid:83925656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.248.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062554/; classtype:trojan-activity;sid:83925654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062555)"; flow:established,from_client; content:"GET"; http_method; content:"/935/gb/hersomethingnewhaveforwintogetmebackthroughentirethingstounderstandgirlsheisverynice______________________girlloversseethistowindthematchtome.doc"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"46.183.222.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062555/; classtype:trojan-activity;sid:83925655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062553)"; flow:established,from_client; content:"GET"; http_method; content:"/935/crosscheckupdationsonhere.gif"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"46.183.222.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062553/; classtype:trojan-activity;sid:83925653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.164.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062552/; classtype:trojan-activity;sid:83925652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.175.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062551/; classtype:trojan-activity;sid:83925651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062550)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.109.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062550/; classtype:trojan-activity;sid:83925650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062549)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.176.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062549/; classtype:trojan-activity;sid:83925649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062548)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.116.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062548/; classtype:trojan-activity;sid:83925648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.230.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062547/; classtype:trojan-activity;sid:83925647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.125.113.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062546/; classtype:trojan-activity;sid:83925646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.200.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062545/; classtype:trojan-activity;sid:83925645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.170.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062544/; classtype:trojan-activity;sid:83925644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062543)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.120.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062543/; classtype:trojan-activity;sid:83925643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.202.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062542/; classtype:trojan-activity;sid:83925642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.160.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062541/; classtype:trojan-activity;sid:83925641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.173.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062540/; classtype:trojan-activity;sid:83925640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.64.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062539/; classtype:trojan-activity;sid:83925639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.74.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062538/; classtype:trojan-activity;sid:83925638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.159.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062537/; classtype:trojan-activity;sid:83925637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062536)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.169.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062536/; classtype:trojan-activity;sid:83925636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062535)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.237.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062535/; classtype:trojan-activity;sid:83925635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062533)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.91.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062533/; classtype:trojan-activity;sid:83925633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062534)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.225.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062534/; classtype:trojan-activity;sid:83925634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.183.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062531/; classtype:trojan-activity;sid:83925631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.23.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062532/; classtype:trojan-activity;sid:83925632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.99.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062530/; classtype:trojan-activity;sid:83925630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.53.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062529/; classtype:trojan-activity;sid:83925629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.239.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062528/; classtype:trojan-activity;sid:83925628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.112.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062527/; classtype:trojan-activity;sid:83925627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.225.118.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062526/; classtype:trojan-activity;sid:83925626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.194.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062525/; classtype:trojan-activity;sid:83925625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.248.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062524/; classtype:trojan-activity;sid:83925624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.104.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062523/; classtype:trojan-activity;sid:83925623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062522/; classtype:trojan-activity;sid:83925622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.115.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062521/; classtype:trojan-activity;sid:83925621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.120.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062520/; classtype:trojan-activity;sid:83925620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.59.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062519/; classtype:trojan-activity;sid:83925619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.200.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062518/; classtype:trojan-activity;sid:83925618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.218.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062517/; classtype:trojan-activity;sid:83925617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062516/; classtype:trojan-activity;sid:83925616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.74.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062515/; classtype:trojan-activity;sid:83925615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.64.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062514/; classtype:trojan-activity;sid:83925614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062513)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.68.130.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062513/; classtype:trojan-activity;sid:83925613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.6.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062512/; classtype:trojan-activity;sid:83925612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.56.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062511/; classtype:trojan-activity;sid:83925611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.166.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062510/; classtype:trojan-activity;sid:83925610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.103.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062509/; classtype:trojan-activity;sid:83925609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062508)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.120.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062508/; classtype:trojan-activity;sid:83925608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.209.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062507/; classtype:trojan-activity;sid:83925607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062506)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.28.1"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062506/; classtype:trojan-activity;sid:83925606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.206.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062505/; classtype:trojan-activity;sid:83925605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062504)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.16.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062504/; classtype:trojan-activity;sid:83925604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062503)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.74.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062503/; classtype:trojan-activity;sid:83925603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.239.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062502/; classtype:trojan-activity;sid:83925602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.173.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062500/; classtype:trojan-activity;sid:83925600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.112.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062501/; classtype:trojan-activity;sid:83925601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.92.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062499/; classtype:trojan-activity;sid:83925599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.197.169.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062496/; classtype:trojan-activity;sid:83925596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.82.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062497/; classtype:trojan-activity;sid:83925597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062498)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.23.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062498/; classtype:trojan-activity;sid:83925598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062495)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.133.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062495/; classtype:trojan-activity;sid:83925595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.165.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062494/; classtype:trojan-activity;sid:83925594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.237.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062493/; classtype:trojan-activity;sid:83925593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.194.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062492/; classtype:trojan-activity;sid:83925592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062491)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.mips"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"93.123.85.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062491/; classtype:trojan-activity;sid:83925591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.173.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062490/; classtype:trojan-activity;sid:83925590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.33.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062488/; classtype:trojan-activity;sid:83925588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.43.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062489/; classtype:trojan-activity;sid:83925589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.41.1"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062487/; classtype:trojan-activity;sid:83925587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062486)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.147.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062486/; classtype:trojan-activity;sid:83925586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.237.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062485/; classtype:trojan-activity;sid:83925585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062484)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.166.115.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062484/; classtype:trojan-activity;sid:83925584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062483)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.160.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062483/; classtype:trojan-activity;sid:83925583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.68.130.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062482/; classtype:trojan-activity;sid:83925582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.6.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062481/; classtype:trojan-activity;sid:83925581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.218.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062480/; classtype:trojan-activity;sid:83925580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.154.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062479/; classtype:trojan-activity;sid:83925579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.48.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062478/; classtype:trojan-activity;sid:83925578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062477)"; flow:established,from_client; content:"GET"; http_method; content:"/55433/winiti.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"198.46.178.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062477/; classtype:trojan-activity;sid:83925577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062474)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/me/megreatwithyourlovertothinkaboutthenewconceptgreaterthanbefore_________ireallylovingthisbewbeautytoinvolvethestructure.doc"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"198.46.178.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062474/; classtype:trojan-activity;sid:83925574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062475)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/uhb/uh/wethkingwearereallyamazingtogetmebackwithnewthingstounderstandbetterthingsforyou___________________sheisgreattounderstandwearego.doc"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"198.46.174.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062475/; classtype:trojan-activity;sid:83925575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062476)"; flow:established,from_client; content:"GET"; http_method; content:"/66077/winiti.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"198.46.174.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062476/; classtype:trojan-activity;sid:83925576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.92.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062473/; classtype:trojan-activity;sid:83925573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.56.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062472/; classtype:trojan-activity;sid:83925572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.238.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062471/; classtype:trojan-activity;sid:83925571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062470)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.92.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062470/; classtype:trojan-activity;sid:83925570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062468)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.173.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062468/; classtype:trojan-activity;sid:83925568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062469)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.50.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062469/; classtype:trojan-activity;sid:83925569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.73.186.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062466/; classtype:trojan-activity;sid:83925566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062467)"; flow:established,from_client; content:"GET"; http_method; content:"/ihjtsajvqtqrl48.bin"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"212.162.149.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062467/; classtype:trojan-activity;sid:83925567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.46.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062465/; classtype:trojan-activity;sid:83925565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062464/; classtype:trojan-activity;sid:83925564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062463/; classtype:trojan-activity;sid:83925563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.250.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062461/; classtype:trojan-activity;sid:83925561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.201.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062462/; classtype:trojan-activity;sid:83925562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.221.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062460/; classtype:trojan-activity;sid:83925560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.17.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062459/; classtype:trojan-activity;sid:83925559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062458)"; flow:established,from_client; content:"GET"; http_method; content:"/winassist32.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.131.3.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062458/; classtype:trojan-activity;sid:83925558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062456)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.95.169.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062456/; classtype:trojan-activity;sid:83925556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.237.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062457/; classtype:trojan-activity;sid:83925557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.173.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062455/; classtype:trojan-activity;sid:83925555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.92.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062454/; classtype:trojan-activity;sid:83925554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.253.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062453/; classtype:trojan-activity;sid:83925553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.33.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062452/; classtype:trojan-activity;sid:83925552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.237.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062451/; classtype:trojan-activity;sid:83925551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.91.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062450/; classtype:trojan-activity;sid:83925550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.234.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062449/; classtype:trojan-activity;sid:83925549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.210.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062448/; classtype:trojan-activity;sid:83925548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062447)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.106.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062447/; classtype:trojan-activity;sid:83925547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062446)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.45.109.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062446/; classtype:trojan-activity;sid:83925546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.164.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062445/; classtype:trojan-activity;sid:83925545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062443)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.234.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062443/; classtype:trojan-activity;sid:83925543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062444)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.41.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062444/; classtype:trojan-activity;sid:83925544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062442)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.62.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062442/; classtype:trojan-activity;sid:83925542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.154.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062441/; classtype:trojan-activity;sid:83925541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.186.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062440/; classtype:trojan-activity;sid:83925540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.92.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062437/; classtype:trojan-activity;sid:83925537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.58.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062438/; classtype:trojan-activity;sid:83925538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.193.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062439/; classtype:trojan-activity;sid:83925539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.76.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062436/; classtype:trojan-activity;sid:83925536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.136.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062435/; classtype:trojan-activity;sid:83925535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.92.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062434/; classtype:trojan-activity;sid:83925534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.164.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062433/; classtype:trojan-activity;sid:83925533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.46.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062431/; classtype:trojan-activity;sid:83925531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062432)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.162.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062432/; classtype:trojan-activity;sid:83925532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062430)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.175.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062430/; classtype:trojan-activity;sid:83925530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062429)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.161.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062429/; classtype:trojan-activity;sid:83925529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062426)"; flow:established,from_client; content:"GET"; http_method; content:"/auto/b4ce62dc9494a376fcfd914dd9b637a3/201.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"116.203.8.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062426/; classtype:trojan-activity;sid:83925526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.189.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062427/; classtype:trojan-activity;sid:83925527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062428)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.140.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062428/; classtype:trojan-activity;sid:83925528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062425)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.219.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062425/; classtype:trojan-activity;sid:83925525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062424)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.3.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062424/; classtype:trojan-activity;sid:83925524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062423)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.254.232.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062423/; classtype:trojan-activity;sid:83925523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062422)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.169.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062422/; classtype:trojan-activity;sid:83925522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062421)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.24.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062421/; classtype:trojan-activity;sid:83925521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.250.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062420/; classtype:trojan-activity;sid:83925520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.4.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062419/; classtype:trojan-activity;sid:83925519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.249.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062418/; classtype:trojan-activity;sid:83925518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.136.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062417/; classtype:trojan-activity;sid:83925517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.73.186.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062416/; classtype:trojan-activity;sid:83925516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.122.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062415/; classtype:trojan-activity;sid:83925515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.210.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062414/; classtype:trojan-activity;sid:83925514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.47.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062413/; classtype:trojan-activity;sid:83925513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.129.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062412/; classtype:trojan-activity;sid:83925512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062411/; classtype:trojan-activity;sid:83925511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.234.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062410/; classtype:trojan-activity;sid:83925510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.253.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062409/; classtype:trojan-activity;sid:83925509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.164.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062408/; classtype:trojan-activity;sid:83925508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.193.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062407/; classtype:trojan-activity;sid:83925507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062406/; classtype:trojan-activity;sid:83925506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.213.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062405/; classtype:trojan-activity;sid:83925505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062404)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.192.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062404/; classtype:trojan-activity;sid:83925504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062403)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.1.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062403/; classtype:trojan-activity;sid:83925503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062400)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.250.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062400/; classtype:trojan-activity;sid:83925500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062401)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.61.153.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062401/; classtype:trojan-activity;sid:83925501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.4.177.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062402/; classtype:trojan-activity;sid:83925502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.28.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062399/; classtype:trojan-activity;sid:83925499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062398)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.75.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062398/; classtype:trojan-activity;sid:83925498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.58.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062397/; classtype:trojan-activity;sid:83925497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.91.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062396/; classtype:trojan-activity;sid:83925496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.8.222"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062395/; classtype:trojan-activity;sid:83925495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.92.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062394/; classtype:trojan-activity;sid:83925494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.190.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062392/; classtype:trojan-activity;sid:83925492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.40.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062393/; classtype:trojan-activity;sid:83925493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.118.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062391/; classtype:trojan-activity;sid:83925491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.35.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062390/; classtype:trojan-activity;sid:83925490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.236.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062389/; classtype:trojan-activity;sid:83925489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.250.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062388/; classtype:trojan-activity;sid:83925488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.225.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062387/; classtype:trojan-activity;sid:83925487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.173.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062385/; classtype:trojan-activity;sid:83925485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.160.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062386/; classtype:trojan-activity;sid:83925486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.82.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062384/; classtype:trojan-activity;sid:83925484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.127.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062383/; classtype:trojan-activity;sid:83925483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.231.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062381/; classtype:trojan-activity;sid:83925481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.208.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062382/; classtype:trojan-activity;sid:83925482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062380)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.243.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062380/; classtype:trojan-activity;sid:83925480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062379)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.175.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062379/; classtype:trojan-activity;sid:83925479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062375)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.46.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062375/; classtype:trojan-activity;sid:83925475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062376)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.247.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062376/; classtype:trojan-activity;sid:83925476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062377/; classtype:trojan-activity;sid:83925477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.134.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062378/; classtype:trojan-activity;sid:83925478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.83.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062374/; classtype:trojan-activity;sid:83925474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.47.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062372/; classtype:trojan-activity;sid:83925472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.129.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062373/; classtype:trojan-activity;sid:83925473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062371/; classtype:trojan-activity;sid:83925471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.174.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062370/; classtype:trojan-activity;sid:83925470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.8.222"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062368/; classtype:trojan-activity;sid:83925468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.193.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062369/; classtype:trojan-activity;sid:83925469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.28.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062367/; classtype:trojan-activity;sid:83925467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.151.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062364/; classtype:trojan-activity;sid:83925464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.220.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062365/; classtype:trojan-activity;sid:83925465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.213.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062366/; classtype:trojan-activity;sid:83925466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.4.177.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062363/; classtype:trojan-activity;sid:83925463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062362)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/45354646.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"77.91.77.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062362/; classtype:trojan-activity;sid:83925462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062361)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.12.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062361/; classtype:trojan-activity;sid:83925461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062360)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.99.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062360/; classtype:trojan-activity;sid:83925460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.167.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062359/; classtype:trojan-activity;sid:83925459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.250.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062358/; classtype:trojan-activity;sid:83925458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.240.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062356/; classtype:trojan-activity;sid:83925456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.191.82.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062357/; classtype:trojan-activity;sid:83925457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062355)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.9.249.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062355/; classtype:trojan-activity;sid:83925455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.83.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062354/; classtype:trojan-activity;sid:83925454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.160.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062353/; classtype:trojan-activity;sid:83925453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.29.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062352/; classtype:trojan-activity;sid:83925452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.208.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062351/; classtype:trojan-activity;sid:83925451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.254.2.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062350/; classtype:trojan-activity;sid:83925450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.195.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062349/; classtype:trojan-activity;sid:83925449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.82.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062347/; classtype:trojan-activity;sid:83925447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.127.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062348/; classtype:trojan-activity;sid:83925448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.206.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062346/; classtype:trojan-activity;sid:83925446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.9.10"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062345/; classtype:trojan-activity;sid:83925445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.174.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062344/; classtype:trojan-activity;sid:83925444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062343)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.92.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062343/; classtype:trojan-activity;sid:83925443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.34.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062342/; classtype:trojan-activity;sid:83925442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.231.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062341/; classtype:trojan-activity;sid:83925441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062340)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.164.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062340/; classtype:trojan-activity;sid:83925440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062339)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.180.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062339/; classtype:trojan-activity;sid:83925439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062338)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"184.186.101.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062338/; classtype:trojan-activity;sid:83925438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062337)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.142.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062337/; classtype:trojan-activity;sid:83925437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.93.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062336/; classtype:trojan-activity;sid:83925436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.174.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062335/; classtype:trojan-activity;sid:83925435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.166.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062334/; classtype:trojan-activity;sid:83925434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.81.51.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062333/; classtype:trojan-activity;sid:83925433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.81.77.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062332/; classtype:trojan-activity;sid:83925432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.28.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062331/; classtype:trojan-activity;sid:83925431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.220.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062330/; classtype:trojan-activity;sid:83925430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.97.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062329/; classtype:trojan-activity;sid:83925429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.23.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062328/; classtype:trojan-activity;sid:83925428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062327)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.50.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062327/; classtype:trojan-activity;sid:83925427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.69.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062326/; classtype:trojan-activity;sid:83925426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.40.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062325/; classtype:trojan-activity;sid:83925425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.156.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062324/; classtype:trojan-activity;sid:83925424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062323)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.240.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062323/; classtype:trojan-activity;sid:83925423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.116.10.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062321/; classtype:trojan-activity;sid:83925421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.85.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062322/; classtype:trojan-activity;sid:83925422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.9.10"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062320/; classtype:trojan-activity;sid:83925420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.34.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062318/; classtype:trojan-activity;sid:83925418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.184.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062319/; classtype:trojan-activity;sid:83925419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.251.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062317/; classtype:trojan-activity;sid:83925417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.174.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062316/; classtype:trojan-activity;sid:83925416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.93.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062315/; classtype:trojan-activity;sid:83925415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.206.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062314/; classtype:trojan-activity;sid:83925414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062313)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.185.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062313/; classtype:trojan-activity;sid:83925413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062312)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.247.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062312/; classtype:trojan-activity;sid:83925412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.248.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062310/; classtype:trojan-activity;sid:83925410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062311)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062311/; classtype:trojan-activity;sid:83925411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.206.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062309/; classtype:trojan-activity;sid:83925409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.43.54.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062308/; classtype:trojan-activity;sid:83925408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062307)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.212.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062307/; classtype:trojan-activity;sid:83925407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.184.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062306/; classtype:trojan-activity;sid:83925406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.151.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062305/; classtype:trojan-activity;sid:83925405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.64.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062304/; classtype:trojan-activity;sid:83925404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.85.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062303/; classtype:trojan-activity;sid:83925403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.51.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062302/; classtype:trojan-activity;sid:83925402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062301/; classtype:trojan-activity;sid:83925401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.41.1"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062300/; classtype:trojan-activity;sid:83925400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.174.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062299/; classtype:trojan-activity;sid:83925399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.97.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062298/; classtype:trojan-activity;sid:83925398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.23.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062297/; classtype:trojan-activity;sid:83925397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.85.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062296/; classtype:trojan-activity;sid:83925396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.213.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062294/; classtype:trojan-activity;sid:83925394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.73.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062295/; classtype:trojan-activity;sid:83925395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062293)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.140.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062293/; classtype:trojan-activity;sid:83925393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.175.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062291/; classtype:trojan-activity;sid:83925391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062292)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.151.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062292/; classtype:trojan-activity;sid:83925392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062290)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.156.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062290/; classtype:trojan-activity;sid:83925390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062289)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.90.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062289/; classtype:trojan-activity;sid:83925389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.206.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062288/; classtype:trojan-activity;sid:83925388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.248.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062285/; classtype:trojan-activity;sid:83925385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062286)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.182.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062286/; classtype:trojan-activity;sid:83925386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062287)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.34.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062287/; classtype:trojan-activity;sid:83925387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.127.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062284/; classtype:trojan-activity;sid:83925384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.116.10.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062283/; classtype:trojan-activity;sid:83925383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.243.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062282/; classtype:trojan-activity;sid:83925382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.53.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062281/; classtype:trojan-activity;sid:83925381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.184.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062280/; classtype:trojan-activity;sid:83925380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.9.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062279/; classtype:trojan-activity;sid:83925379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062277)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.194.215.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062277/; classtype:trojan-activity;sid:83925377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062278)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.184.135.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062278/; classtype:trojan-activity;sid:83925378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062276)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.145.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062276/; classtype:trojan-activity;sid:83925376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.212.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062275/; classtype:trojan-activity;sid:83925375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.159.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062274/; classtype:trojan-activity;sid:83925374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.93.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062273/; classtype:trojan-activity;sid:83925373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.203.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062272/; classtype:trojan-activity;sid:83925372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062271)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.116.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062271/; classtype:trojan-activity;sid:83925371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.45.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062270/; classtype:trojan-activity;sid:83925370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062269/; classtype:trojan-activity;sid:83925369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.66.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062267/; classtype:trojan-activity;sid:83925367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.165.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062268/; classtype:trojan-activity;sid:83925368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.145.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062266/; classtype:trojan-activity;sid:83925366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.253.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062265/; classtype:trojan-activity;sid:83925365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.48.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062263/; classtype:trojan-activity;sid:83925363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.28.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062264/; classtype:trojan-activity;sid:83925364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062260)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.120.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062260/; classtype:trojan-activity;sid:83925360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062261)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.118.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062261/; classtype:trojan-activity;sid:83925361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062262/; classtype:trojan-activity;sid:83925362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062259)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.57.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062259/; classtype:trojan-activity;sid:83925359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062256)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.12.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062256/; classtype:trojan-activity;sid:83925356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062257)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.98.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062257/; classtype:trojan-activity;sid:83925357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.154.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062258/; classtype:trojan-activity;sid:83925358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.90.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062255/; classtype:trojan-activity;sid:83925355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.243.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062254/; classtype:trojan-activity;sid:83925354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062253)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.172.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062253/; classtype:trojan-activity;sid:83925353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.53.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062252/; classtype:trojan-activity;sid:83925352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.211.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062251/; classtype:trojan-activity;sid:83925351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.11.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062250/; classtype:trojan-activity;sid:83925350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.9.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062249/; classtype:trojan-activity;sid:83925349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062248)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.220.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062248/; classtype:trojan-activity;sid:83925348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062247)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.38.106.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062247/; classtype:trojan-activity;sid:83925347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062246)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.227.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062246/; classtype:trojan-activity;sid:83925346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.34.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062244/; classtype:trojan-activity;sid:83925344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.166.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062245/; classtype:trojan-activity;sid:83925345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.240.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062243/; classtype:trojan-activity;sid:83925343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.83.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062242/; classtype:trojan-activity;sid:83925342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.159.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062241/; classtype:trojan-activity;sid:83925341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.66.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062240/; classtype:trojan-activity;sid:83925340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.66.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062239/; classtype:trojan-activity;sid:83925339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.13.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062238/; classtype:trojan-activity;sid:83925338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.54.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062236/; classtype:trojan-activity;sid:83925336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.122.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062237/; classtype:trojan-activity;sid:83925337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.145.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062235/; classtype:trojan-activity;sid:83925335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.131.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062234/; classtype:trojan-activity;sid:83925334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.251.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062232/; classtype:trojan-activity;sid:83925332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062233/; classtype:trojan-activity;sid:83925333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.116.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062231/; classtype:trojan-activity;sid:83925331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.45.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062230/; classtype:trojan-activity;sid:83925330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.28.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062229/; classtype:trojan-activity;sid:83925329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.56.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062228/; classtype:trojan-activity;sid:83925328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.48.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062227/; classtype:trojan-activity;sid:83925327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.60.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062226/; classtype:trojan-activity;sid:83925326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062224)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.64.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062224/; classtype:trojan-activity;sid:83925324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.90.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062225/; classtype:trojan-activity;sid:83925325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.206.84.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062223/; classtype:trojan-activity;sid:83925323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.11.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062222/; classtype:trojan-activity;sid:83925322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.133.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062221/; classtype:trojan-activity;sid:83925321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.10.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062219/; classtype:trojan-activity;sid:83925319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.240.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062220/; classtype:trojan-activity;sid:83925320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062218)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.173.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062218/; classtype:trojan-activity;sid:83925318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.36.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062217/; classtype:trojan-activity;sid:83925317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.14.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062216/; classtype:trojan-activity;sid:83925316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.206.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062215/; classtype:trojan-activity;sid:83925315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.184.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062214/; classtype:trojan-activity;sid:83925314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062213)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.7.168"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062213/; classtype:trojan-activity;sid:83925313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.240.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062212/; classtype:trojan-activity;sid:83925312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062211)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.169.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062211/; classtype:trojan-activity;sid:83925311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062209)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.133.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062209/; classtype:trojan-activity;sid:83925309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.54.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062210/; classtype:trojan-activity;sid:83925310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062208)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.77.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062208/; classtype:trojan-activity;sid:83925308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062207)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.56.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062207/; classtype:trojan-activity;sid:83925307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.83.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062206/; classtype:trojan-activity;sid:83925306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.7.145"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062205/; classtype:trojan-activity;sid:83925305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.251.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062204/; classtype:trojan-activity;sid:83925304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.0.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062202/; classtype:trojan-activity;sid:83925302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.131.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062203/; classtype:trojan-activity;sid:83925303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.13.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062201/; classtype:trojan-activity;sid:83925301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.243.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062199/; classtype:trojan-activity;sid:83925299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.183.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062200/; classtype:trojan-activity;sid:83925300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.183.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062197/; classtype:trojan-activity;sid:83925297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.246.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062198/; classtype:trojan-activity;sid:83925298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.122.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062196/; classtype:trojan-activity;sid:83925296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.56.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062195/; classtype:trojan-activity;sid:83925295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.24.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062194/; classtype:trojan-activity;sid:83925294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.60.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062193/; classtype:trojan-activity;sid:83925293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062190)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.127.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062190/; classtype:trojan-activity;sid:83925290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062191)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.42.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062191/; classtype:trojan-activity;sid:83925291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062192)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.16.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062192/; classtype:trojan-activity;sid:83925292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062189)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.116.47.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062189/; classtype:trojan-activity;sid:83925289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.90.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062188/; classtype:trojan-activity;sid:83925288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.10.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062187/; classtype:trojan-activity;sid:83925287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.242.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062186/; classtype:trojan-activity;sid:83925286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.36.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062185/; classtype:trojan-activity;sid:83925285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.237.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062184/; classtype:trojan-activity;sid:83925284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062183)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.211.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062183/; classtype:trojan-activity;sid:83925283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.14.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062182/; classtype:trojan-activity;sid:83925282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062181)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.118.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062181/; classtype:trojan-activity;sid:83925281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062180)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.210.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062180/; classtype:trojan-activity;sid:83925280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062179)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.3.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062179/; classtype:trojan-activity;sid:83925279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.183.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062178/; classtype:trojan-activity;sid:83925278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062176)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.133.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062176/; classtype:trojan-activity;sid:83925276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062177)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.9.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062177/; classtype:trojan-activity;sid:83925277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.0.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062175/; classtype:trojan-activity;sid:83925275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062174)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.22.217.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062174/; classtype:trojan-activity;sid:83925274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.195.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062173/; classtype:trojan-activity;sid:83925273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.180.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062171/; classtype:trojan-activity;sid:83925271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.34.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062172/; classtype:trojan-activity;sid:83925272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.7.145"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062170/; classtype:trojan-activity;sid:83925270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.24.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062169/; classtype:trojan-activity;sid:83925269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.183.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062168/; classtype:trojan-activity;sid:83925268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.167.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062167/; classtype:trojan-activity;sid:83925267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.250.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062166/; classtype:trojan-activity;sid:83925266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.70.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062164/; classtype:trojan-activity;sid:83925264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.237.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062165/; classtype:trojan-activity;sid:83925265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.190.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062163/; classtype:trojan-activity;sid:83925263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062162)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.180.111.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062162/; classtype:trojan-activity;sid:83925262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.240.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062161/; classtype:trojan-activity;sid:83925261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.246.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062160/; classtype:trojan-activity;sid:83925260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.157.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062159/; classtype:trojan-activity;sid:83925259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062158)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.230.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062158/; classtype:trojan-activity;sid:83925258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062157)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.77.69.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062157/; classtype:trojan-activity;sid:83925257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.149.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062156/; classtype:trojan-activity;sid:83925256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.146.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062155/; classtype:trojan-activity;sid:83925255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062154)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.175.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062154/; classtype:trojan-activity;sid:83925254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062153)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.197.169.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062153/; classtype:trojan-activity;sid:83925253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062152)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.43.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062152/; classtype:trojan-activity;sid:83925252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.86.65"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062151/; classtype:trojan-activity;sid:83925251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.130.62.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062150/; classtype:trojan-activity;sid:83925250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.118.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062149/; classtype:trojan-activity;sid:83925249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.210.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062148/; classtype:trojan-activity;sid:83925248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.162.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062147/; classtype:trojan-activity;sid:83925247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.174.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062146/; classtype:trojan-activity;sid:83925246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.3.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062145/; classtype:trojan-activity;sid:83925245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.54.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062144/; classtype:trojan-activity;sid:83925244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.34.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062143/; classtype:trojan-activity;sid:83925243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.197.26.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062142/; classtype:trojan-activity;sid:83925242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.176.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062141/; classtype:trojan-activity;sid:83925241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.2.86.54"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062140/; classtype:trojan-activity;sid:83925240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.132.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062139/; classtype:trojan-activity;sid:83925239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.51.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062138/; classtype:trojan-activity;sid:83925238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.188.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062137/; classtype:trojan-activity;sid:83925237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.202.217.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062136/; classtype:trojan-activity;sid:83925236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.70.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062135/; classtype:trojan-activity;sid:83925235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.34.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062133/; classtype:trojan-activity;sid:83925233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.7.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062134/; classtype:trojan-activity;sid:83925234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.72.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062132/; classtype:trojan-activity;sid:83925232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.173.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062131/; classtype:trojan-activity;sid:83925231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.215.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062130/; classtype:trojan-activity;sid:83925230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.157.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062129/; classtype:trojan-activity;sid:83925229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.2.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062128/; classtype:trojan-activity;sid:83925228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.182.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062127/; classtype:trojan-activity;sid:83925227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.216.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062125/; classtype:trojan-activity;sid:83925225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.130.62.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062126/; classtype:trojan-activity;sid:83925226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.224.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062123/; classtype:trojan-activity;sid:83925223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.164.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062124/; classtype:trojan-activity;sid:83925224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062122)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.116.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062122/; classtype:trojan-activity;sid:83925222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062121)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.206.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062121/; classtype:trojan-activity;sid:83925221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062120)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.187.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062120/; classtype:trojan-activity;sid:83925220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.167.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062119/; classtype:trojan-activity;sid:83925219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.11.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062118/; classtype:trojan-activity;sid:83925218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.174.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062117/; classtype:trojan-activity;sid:83925217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.162.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062116/; classtype:trojan-activity;sid:83925216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.12.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062115/; classtype:trojan-activity;sid:83925215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.197.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062114/; classtype:trojan-activity;sid:83925214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.218.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062113/; classtype:trojan-activity;sid:83925213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.54.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062112/; classtype:trojan-activity;sid:83925212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.1.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062111/; classtype:trojan-activity;sid:83925211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062110)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.206.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062110/; classtype:trojan-activity;sid:83925210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.200.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062109/; classtype:trojan-activity;sid:83925209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.12.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062108/; classtype:trojan-activity;sid:83925208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.188.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062107/; classtype:trojan-activity;sid:83925207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.187.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062105/; classtype:trojan-activity;sid:83925205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062106)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.119.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062106/; classtype:trojan-activity;sid:83925206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.213.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062104/; classtype:trojan-activity;sid:83925204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.4.180.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062103/; classtype:trojan-activity;sid:83925203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.175.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062102/; classtype:trojan-activity;sid:83925202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.2.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062101/; classtype:trojan-activity;sid:83925201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.173.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062100/; classtype:trojan-activity;sid:83925200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.11.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062099/; classtype:trojan-activity;sid:83925199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.216.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062098/; classtype:trojan-activity;sid:83925198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.164.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062097/; classtype:trojan-activity;sid:83925197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.215.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062096/; classtype:trojan-activity;sid:83925196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062094)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.148.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062094/; classtype:trojan-activity;sid:83925194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.171.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062095/; classtype:trojan-activity;sid:83925195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.224.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062093/; classtype:trojan-activity;sid:83925193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062091)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.48.107.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062091/; classtype:trojan-activity;sid:83925191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062092)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.172.143.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062092/; classtype:trojan-activity;sid:83925192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062090)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.58.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062090/; classtype:trojan-activity;sid:83925190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.172.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062088/; classtype:trojan-activity;sid:83925188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062089)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.211.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062089/; classtype:trojan-activity;sid:83925189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.26.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062086/; classtype:trojan-activity;sid:83925186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.16.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062087/; classtype:trojan-activity;sid:83925187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.101.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062085/; classtype:trojan-activity;sid:83925185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.187.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062084/; classtype:trojan-activity;sid:83925184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.41.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062082/; classtype:trojan-activity;sid:83925182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.178.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062083/; classtype:trojan-activity;sid:83925183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.147.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062081/; classtype:trojan-activity;sid:83925181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.232.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062079/; classtype:trojan-activity;sid:83925179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062080)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.218.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062080/; classtype:trojan-activity;sid:83925180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.7.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062078/; classtype:trojan-activity;sid:83925178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.1.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062077/; classtype:trojan-activity;sid:83925177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062076)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.65.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062076/; classtype:trojan-activity;sid:83925176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062075)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.6.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062075/; classtype:trojan-activity;sid:83925175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062073)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.61.93.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062073/; classtype:trojan-activity;sid:83925173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062074)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.57.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062074/; classtype:trojan-activity;sid:83925174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.251.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062072/; classtype:trojan-activity;sid:83925172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.255.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062071/; classtype:trojan-activity;sid:83925171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.213.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062070/; classtype:trojan-activity;sid:83925170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.118.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062069/; classtype:trojan-activity;sid:83925169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062067/; classtype:trojan-activity;sid:83925167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062068)"; flow:established,from_client; content:"GET"; http_method; content:"/doc869877400_678937519|3f|hash=7xnengqzcqtwvknr2tajdnric2zrp1ojmstv4ihxqdl|7c|26|7c|dl=emxd0ztvsmba0jzykwu1lqbzvypfwclpqqakoepk1nz|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062068/; classtype:trojan-activity;sid:83925168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062066)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.171.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062066/; classtype:trojan-activity;sid:83925166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.101.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062065/; classtype:trojan-activity;sid:83925165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.222.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062064/; classtype:trojan-activity;sid:83925164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.111.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062062/; classtype:trojan-activity;sid:83925162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.131.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062063/; classtype:trojan-activity;sid:83925163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062060)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.119.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062060/; classtype:trojan-activity;sid:83925160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.140.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062061/; classtype:trojan-activity;sid:83925161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062059)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.71.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062059/; classtype:trojan-activity;sid:83925159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.40.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062058/; classtype:trojan-activity;sid:83925158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.188.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062055/; classtype:trojan-activity;sid:83925155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.147.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062056/; classtype:trojan-activity;sid:83925156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.213.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062057/; classtype:trojan-activity;sid:83925157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.16.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062054/; classtype:trojan-activity;sid:83925154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062053)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.128.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062053/; classtype:trojan-activity;sid:83925153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062052)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.10.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062052/; classtype:trojan-activity;sid:83925152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062051)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.45.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062051/; classtype:trojan-activity;sid:83925151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062049)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.182.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062049/; classtype:trojan-activity;sid:83925149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062050)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.254.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062050/; classtype:trojan-activity;sid:83925150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.86.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062048/; classtype:trojan-activity;sid:83925148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.41.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062047/; classtype:trojan-activity;sid:83925147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.53.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062046/; classtype:trojan-activity;sid:83925146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.232.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062045/; classtype:trojan-activity;sid:83925145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062044)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.35.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062044/; classtype:trojan-activity;sid:83925144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.26.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062043/; classtype:trojan-activity;sid:83925143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.38.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062042/; classtype:trojan-activity;sid:83925142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.171.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062041/; classtype:trojan-activity;sid:83925141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.100.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062040/; classtype:trojan-activity;sid:83925140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.85.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062039/; classtype:trojan-activity;sid:83925139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.60.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062038/; classtype:trojan-activity;sid:83925138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.115.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062037/; classtype:trojan-activity;sid:83925137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.187.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062036/; classtype:trojan-activity;sid:83925136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.187.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062035/; classtype:trojan-activity;sid:83925135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.81.95"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062034/; classtype:trojan-activity;sid:83925134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.255.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062033/; classtype:trojan-activity;sid:83925133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.43.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062032/; classtype:trojan-activity;sid:83925132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.152.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062031/; classtype:trojan-activity;sid:83925131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062030)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.73.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062030/; classtype:trojan-activity;sid:83925130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.81.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062029/; classtype:trojan-activity;sid:83925129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062028)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.169.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062028/; classtype:trojan-activity;sid:83925128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062027)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.94.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062027/; classtype:trojan-activity;sid:83925127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.251.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062026/; classtype:trojan-activity;sid:83925126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.128.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062025/; classtype:trojan-activity;sid:83925125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.140.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062024/; classtype:trojan-activity;sid:83925124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.118.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062023/; classtype:trojan-activity;sid:83925123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.239.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062022/; classtype:trojan-activity;sid:83925122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.144.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062021/; classtype:trojan-activity;sid:83925121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.115.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062020/; classtype:trojan-activity;sid:83925120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.150.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062019/; classtype:trojan-activity;sid:83925119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.188.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062018/; classtype:trojan-activity;sid:83925118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.1.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062017/; classtype:trojan-activity;sid:83925117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062016)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.190.230.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062016/; classtype:trojan-activity;sid:83925116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062014)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.190.230.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062014/; classtype:trojan-activity;sid:83925114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062015)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.190.230.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062015/; classtype:trojan-activity;sid:83925115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062013)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.190.230.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062013/; classtype:trojan-activity;sid:83925113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.86.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062012/; classtype:trojan-activity;sid:83925112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.169.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062011/; classtype:trojan-activity;sid:83925111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062010)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.47.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062010/; classtype:trojan-activity;sid:83925110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.201.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062008/; classtype:trojan-activity;sid:83925108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.38.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062009/; classtype:trojan-activity;sid:83925109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.132.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062006/; classtype:trojan-activity;sid:83925106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.4.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062007/; classtype:trojan-activity;sid:83925107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.152.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062005/; classtype:trojan-activity;sid:83925105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.67.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062004/; classtype:trojan-activity;sid:83925104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.35.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062003/; classtype:trojan-activity;sid:83925103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.141.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062001/; classtype:trojan-activity;sid:83925101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.9.90"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062002/; classtype:trojan-activity;sid:83925102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3062000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.195.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3062000/; classtype:trojan-activity;sid:83925100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.171.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3061999/; classtype:trojan-activity;sid:83925099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.90.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3061998/; classtype:trojan-activity;sid:83925098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.115.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3061997/; classtype:trojan-activity;sid:83925097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.100.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3061995/; classtype:trojan-activity;sid:83925095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.60.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3061996/; classtype:trojan-activity;sid:83925096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.201.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3061994/; classtype:trojan-activity;sid:83925094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.222.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3061992/; classtype:trojan-activity;sid:83925092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.39.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3061993/; classtype:trojan-activity;sid:83925093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.79.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3061991/; classtype:trojan-activity;sid:83925091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.176.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3061990/; classtype:trojan-activity;sid:83925090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.132.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3061989/; classtype:trojan-activity;sid:83925089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.150.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3061988/; classtype:trojan-activity;sid:83925088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061987)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.233.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3061987/; classtype:trojan-activity;sid:83925087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.177.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3061986/; classtype:trojan-activity;sid:83925086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061985)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.166.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3061985/; classtype:trojan-activity;sid:83925085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061984)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3061984/; classtype:trojan-activity;sid:83925084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.252.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3061983/; classtype:trojan-activity;sid:83925083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061982)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.33.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3061982/; classtype:trojan-activity;sid:83925082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.2.156"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3061980/; classtype:trojan-activity;sid:83925080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061981)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.27.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3061981/; classtype:trojan-activity;sid:83925081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.177.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3061979/; classtype:trojan-activity;sid:83925079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061978)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.57.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3061978/; classtype:trojan-activity;sid:83925078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.141.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3061977/; classtype:trojan-activity;sid:83925077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061976)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.183.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3061976/; classtype:trojan-activity;sid:83925076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.239.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3061975/; classtype:trojan-activity;sid:83925075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.67.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3061974/; classtype:trojan-activity;sid:83925074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.212.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061973/; classtype:trojan-activity;sid:83925073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.190.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061972/; classtype:trojan-activity;sid:83925072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.180.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061971/; classtype:trojan-activity;sid:83925071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.2.246.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061969/; classtype:trojan-activity;sid:83925069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.160.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061970/; classtype:trojan-activity;sid:83925070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.52.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061968/; classtype:trojan-activity;sid:83925068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.152.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061967/; classtype:trojan-activity;sid:83925067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.115.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061966/; classtype:trojan-activity;sid:83925066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.98.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061964/; classtype:trojan-activity;sid:83925064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.236.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061965/; classtype:trojan-activity;sid:83925065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.143.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061963/; classtype:trojan-activity;sid:83925063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061962)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.4.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061962/; classtype:trojan-activity;sid:83925062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.2.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061961/; classtype:trojan-activity;sid:83925061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.101.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061960/; classtype:trojan-activity;sid:83925060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061959)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.188.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061959/; classtype:trojan-activity;sid:83925059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.248.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061958/; classtype:trojan-activity;sid:83925058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.186.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061957/; classtype:trojan-activity;sid:83925057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061956)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.67.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061956/; classtype:trojan-activity;sid:83925056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.170.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061955/; classtype:trojan-activity;sid:83925055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.171.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061953/; classtype:trojan-activity;sid:83925053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.14.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061954/; classtype:trojan-activity;sid:83925054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.132.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061952/; classtype:trojan-activity;sid:83925052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.67.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061951/; classtype:trojan-activity;sid:83925051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.175.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061950/; classtype:trojan-activity;sid:83925050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.176.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061949/; classtype:trojan-activity;sid:83925049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.175.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061948/; classtype:trojan-activity;sid:83925048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.79.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061946/; classtype:trojan-activity;sid:83925046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061947)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.30.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061947/; classtype:trojan-activity;sid:83925047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.90.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061944/; classtype:trojan-activity;sid:83925044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061945)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.139.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061945/; classtype:trojan-activity;sid:83925045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.180.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061943/; classtype:trojan-activity;sid:83925043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061942)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.160.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061942/; classtype:trojan-activity;sid:83925042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.44.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061941/; classtype:trojan-activity;sid:83925041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061940)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.246.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061940/; classtype:trojan-activity;sid:83925040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061938)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.98.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061938/; classtype:trojan-activity;sid:83925038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.223.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061939/; classtype:trojan-activity;sid:83925039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.2.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061937/; classtype:trojan-activity;sid:83925037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.68.93.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061936/; classtype:trojan-activity;sid:83925036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.14.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061935/; classtype:trojan-activity;sid:83925035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.229.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061934/; classtype:trojan-activity;sid:83925034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.170.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061933/; classtype:trojan-activity;sid:83925033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.198.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061931/; classtype:trojan-activity;sid:83925031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.76.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061932/; classtype:trojan-activity;sid:83925032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.171.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061930/; classtype:trojan-activity;sid:83925030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.42.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061929/; classtype:trojan-activity;sid:83925029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.140.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061928/; classtype:trojan-activity;sid:83925028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.213.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061927/; classtype:trojan-activity;sid:83925027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061926)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.29.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061926/; classtype:trojan-activity;sid:83925026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061925)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.86.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061925/; classtype:trojan-activity;sid:83925025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061924)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.149.142.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061924/; classtype:trojan-activity;sid:83925024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.109.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061923/; classtype:trojan-activity;sid:83925023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.44.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061922/; classtype:trojan-activity;sid:83925022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.223.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061921/; classtype:trojan-activity;sid:83925021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.15.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061920/; classtype:trojan-activity;sid:83925020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.255.201.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061919/; classtype:trojan-activity;sid:83925019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.116.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061918/; classtype:trojan-activity;sid:83925018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.198.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061917/; classtype:trojan-activity;sid:83925017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061916)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.171.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061916/; classtype:trojan-activity;sid:83925016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.177.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061913/; classtype:trojan-activity;sid:83925013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.229.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061914/; classtype:trojan-activity;sid:83925014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.213.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061915/; classtype:trojan-activity;sid:83925015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.41.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061911/; classtype:trojan-activity;sid:83925011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.213.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061912/; classtype:trojan-activity;sid:83925012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.76.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061910/; classtype:trojan-activity;sid:83925010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.162.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061909/; classtype:trojan-activity;sid:83925009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.140.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061908/; classtype:trojan-activity;sid:83925008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.10.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061907/; classtype:trojan-activity;sid:83925007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.116.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061905/; classtype:trojan-activity;sid:83925005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.180.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061906/; classtype:trojan-activity;sid:83925006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.184.31.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061904/; classtype:trojan-activity;sid:83925004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.96.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061903/; classtype:trojan-activity;sid:83925003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.154.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061902/; classtype:trojan-activity;sid:83925002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.221.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061901/; classtype:trojan-activity;sid:83925001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.97.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061900/; classtype:trojan-activity;sid:83925000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.255.201.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061899/; classtype:trojan-activity;sid:83924999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.68.93.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061898/; classtype:trojan-activity;sid:83924998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.143.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061897/; classtype:trojan-activity;sid:83924997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.73.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061895/; classtype:trojan-activity;sid:83924995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.59.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061896/; classtype:trojan-activity;sid:83924996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.228.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061894/; classtype:trojan-activity;sid:83924994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.169.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061893/; classtype:trojan-activity;sid:83924993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061892)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.207.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061892/; classtype:trojan-activity;sid:83924992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.213.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061891/; classtype:trojan-activity;sid:83924991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.227.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061890/; classtype:trojan-activity;sid:83924990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.54.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061889/; classtype:trojan-activity;sid:83924989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.169.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061888/; classtype:trojan-activity;sid:83924988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.180.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061887/; classtype:trojan-activity;sid:83924987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.128.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061886/; classtype:trojan-activity;sid:83924986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"98.167.84.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061885/; classtype:trojan-activity;sid:83924985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061884)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.202.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061884/; classtype:trojan-activity;sid:83924984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.81.220.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061883/; classtype:trojan-activity;sid:83924983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.96.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061882/; classtype:trojan-activity;sid:83924982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.111.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061881/; classtype:trojan-activity;sid:83924981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.154.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061880/; classtype:trojan-activity;sid:83924980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.120.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061879/; classtype:trojan-activity;sid:83924979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.221.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061877/; classtype:trojan-activity;sid:83924977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.97.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061878/; classtype:trojan-activity;sid:83924978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.243.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061875/; classtype:trojan-activity;sid:83924975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.71.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061876/; classtype:trojan-activity;sid:83924976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.228.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061873/; classtype:trojan-activity;sid:83924973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.194.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061874/; classtype:trojan-activity;sid:83924974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.169.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061871/; classtype:trojan-activity;sid:83924971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.73.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061872/; classtype:trojan-activity;sid:83924972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.231.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061870/; classtype:trojan-activity;sid:83924970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.167.84.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061867/; classtype:trojan-activity;sid:83924967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061868)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.169.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061868/; classtype:trojan-activity;sid:83924968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061869)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.94.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061869/; classtype:trojan-activity;sid:83924969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.10.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061866/; classtype:trojan-activity;sid:83924966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061864)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_386"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.221.95.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061864/; classtype:trojan-activity;sid:83924964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061865)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"193.221.95.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061865/; classtype:trojan-activity;sid:83924965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061863)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.251.172.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061863/; classtype:trojan-activity;sid:83924963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061862)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.92.247.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061862/; classtype:trojan-activity;sid:83924962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061860)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.221.95.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061860/; classtype:trojan-activity;sid:83924960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061861)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.92.247.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061861/; classtype:trojan-activity;sid:83924961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061859)"; flow:established,from_client; content:"GET"; http_method; content:"/zzzz"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.224.128.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061859/; classtype:trojan-activity;sid:83924959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061858)"; flow:established,from_client; content:"GET"; http_method; content:"/main"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.94.207.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061858/; classtype:trojan-activity;sid:83924958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061855)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"147.78.103.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061855/; classtype:trojan-activity;sid:83924955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061856)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/botirc.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061856/; classtype:trojan-activity;sid:83924956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061857)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.141.120.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061857/; classtype:trojan-activity;sid:83924957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061852)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"93.123.39.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061852/; classtype:trojan-activity;sid:83924952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061853)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"147.78.103.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061853/; classtype:trojan-activity;sid:83924953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061854)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"147.78.103.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061854/; classtype:trojan-activity;sid:83924954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061848)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.156.25.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061848/; classtype:trojan-activity;sid:83924948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061849)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.92.247.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061849/; classtype:trojan-activity;sid:83924949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061850)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"95.214.27.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061850/; classtype:trojan-activity;sid:83924950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061851)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.snoopy"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.255.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061851/; classtype:trojan-activity;sid:83924951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061846)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.141.120.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061846/; classtype:trojan-activity;sid:83924946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061847)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.156.25.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061847/; classtype:trojan-activity;sid:83924947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061844)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/3e8vaf9sg5zrsetm4hmkxy5loopte7qc8z"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061844/; classtype:trojan-activity;sid:83924944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061845)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gx8nomowb5mxk40tro07m4rdk1uv7ssurm"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061845/; classtype:trojan-activity;sid:83924945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061841)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/botirc.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061841/; classtype:trojan-activity;sid:83924941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061842)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.133.46.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061842/; classtype:trojan-activity;sid:83924942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061843)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.92.255.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061843/; classtype:trojan-activity;sid:83924943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061837)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/botirc.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061837/; classtype:trojan-activity;sid:83924937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061838)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.123.39.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061838/; classtype:trojan-activity;sid:83924938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061839)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"159.100.14.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061839/; classtype:trojan-activity;sid:83924939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061840)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"154.9.249.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061840/; classtype:trojan-activity;sid:83924940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061834)"; flow:established,from_client; content:"GET"; http_method; content:"/miraint.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"23.225.71.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061834/; classtype:trojan-activity;sid:83924934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061835)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"154.9.249.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061835/; classtype:trojan-activity;sid:83924935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061836)"; flow:established,from_client; content:"GET"; http_method; content:"/keren.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.241.67.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061836/; classtype:trojan-activity;sid:83924936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061829)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.141.120.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061829/; classtype:trojan-activity;sid:83924929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061830)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.221.95.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061830/; classtype:trojan-activity;sid:83924930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061831)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061831/; classtype:trojan-activity;sid:83924931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061832)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"147.78.103.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061832/; classtype:trojan-activity;sid:83924932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061833)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.123.39.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061833/; classtype:trojan-activity;sid:83924933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061824)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.x86"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"93.123.85.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061824/; classtype:trojan-activity;sid:83924924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061825)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.238.253.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061825/; classtype:trojan-activity;sid:83924925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061826)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.156.25.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061826/; classtype:trojan-activity;sid:83924926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061827)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061827/; classtype:trojan-activity;sid:83924927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061828)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061828/; classtype:trojan-activity;sid:83924928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061818)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061818/; classtype:trojan-activity;sid:83924918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061819)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"154.9.249.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061819/; classtype:trojan-activity;sid:83924919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061820)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dnh2bi8fjhap0vfw4in6qjmkpaaxau9map"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061820/; classtype:trojan-activity;sid:83924920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061821)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"79.133.46.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061821/; classtype:trojan-activity;sid:83924921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061822)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061822/; classtype:trojan-activity;sid:83924922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061823)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mawpjfv7myl4u1jsdxdnwimoskfjx1dcgl"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061823/; classtype:trojan-activity;sid:83924923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061813)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"93.157.106.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061813/; classtype:trojan-activity;sid:83924913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061814)"; flow:established,from_client; content:"GET"; http_method; content:"/perspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061814/; classtype:trojan-activity;sid:83924914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061815)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm5n"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"23.225.71.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061815/; classtype:trojan-activity;sid:83924915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061816)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061816/; classtype:trojan-activity;sid:83924916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061817)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061817/; classtype:trojan-activity;sid:83924917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061806)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/botirc.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061806/; classtype:trojan-activity;sid:83924906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061807)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061807/; classtype:trojan-activity;sid:83924907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061808)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061808/; classtype:trojan-activity;sid:83924908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061809)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061809/; classtype:trojan-activity;sid:83924909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061810)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061810/; classtype:trojan-activity;sid:83924910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061811)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061811/; classtype:trojan-activity;sid:83924911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061812)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061812/; classtype:trojan-activity;sid:83924912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061800)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061800/; classtype:trojan-activity;sid:83924900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061801)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"147.78.103.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061801/; classtype:trojan-activity;sid:83924901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061802)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.141.120.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061802/; classtype:trojan-activity;sid:83924902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061803)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061803/; classtype:trojan-activity;sid:83924903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061804)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.92.255.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061804/; classtype:trojan-activity;sid:83924904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061805)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.92.255.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061805/; classtype:trojan-activity;sid:83924905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061791)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tvwxkf50rnjkmxosr64lssi76kjsifiw1r"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061791/; classtype:trojan-activity;sid:83924891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061792)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"154.9.249.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061792/; classtype:trojan-activity;sid:83924892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061793)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"154.9.249.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061793/; classtype:trojan-activity;sid:83924893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061794)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.221.95.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061794/; classtype:trojan-activity;sid:83924894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061795)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64el"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.221.95.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061795/; classtype:trojan-activity;sid:83924895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061796)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"159.100.14.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061796/; classtype:trojan-activity;sid:83924896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061797)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.19.126.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061797/; classtype:trojan-activity;sid:83924897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061798)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.141.120.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061798/; classtype:trojan-activity;sid:83924898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061799)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/5td5z8qx5xrykwqenlw8wtxte0yr6btknw"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061799/; classtype:trojan-activity;sid:83924899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061790)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_aarch64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"193.221.95.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061790/; classtype:trojan-activity;sid:83924890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061787)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/botirc.i686"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061787/; classtype:trojan-activity;sid:83924887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061788)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"193.221.95.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061788/; classtype:trojan-activity;sid:83924888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061789)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psjdgisbex0ctleonmlhbxdazaa2in0s3n"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061789/; classtype:trojan-activity;sid:83924889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061785)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061785/; classtype:trojan-activity;sid:83924885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061786)"; flow:established,from_client; content:"GET"; http_method; content:"/splm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061786/; classtype:trojan-activity;sid:83924886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061782)"; flow:established,from_client; content:"GET"; http_method; content:"/keren.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.241.67.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061782/; classtype:trojan-activity;sid:83924882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061783)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"95.214.27.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061783/; classtype:trojan-activity;sid:83924883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061784)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"95.214.27.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061784/; classtype:trojan-activity;sid:83924884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061778)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.123.39.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061778/; classtype:trojan-activity;sid:83924878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061779)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"95.214.27.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061779/; classtype:trojan-activity;sid:83924879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061780)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.141.120.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061780/; classtype:trojan-activity;sid:83924880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061781)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061781/; classtype:trojan-activity;sid:83924881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061773)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061773/; classtype:trojan-activity;sid:83924873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061774)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"154.9.249.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061774/; classtype:trojan-activity;sid:83924874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061775)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061775/; classtype:trojan-activity;sid:83924875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061776)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061776/; classtype:trojan-activity;sid:83924876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061777)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.225.71.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061777/; classtype:trojan-activity;sid:83924877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061769)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061769/; classtype:trojan-activity;sid:83924869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061770)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.141.120.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061770/; classtype:trojan-activity;sid:83924870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061771)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.123.39.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061771/; classtype:trojan-activity;sid:83924871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061772)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/botirc.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061772/; classtype:trojan-activity;sid:83924872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061765)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061765/; classtype:trojan-activity;sid:83924865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061766)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061766/; classtype:trojan-activity;sid:83924866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061767)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061767/; classtype:trojan-activity;sid:83924867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061768)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061768/; classtype:trojan-activity;sid:83924868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061758)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.153.139.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061758/; classtype:trojan-activity;sid:83924858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061759)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.123.39.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061759/; classtype:trojan-activity;sid:83924859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061760)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.123.39.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061760/; classtype:trojan-activity;sid:83924860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061761)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.123.39.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061761/; classtype:trojan-activity;sid:83924861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061762)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/botirc.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061762/; classtype:trojan-activity;sid:83924862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061763)"; flow:established,from_client; content:"GET"; http_method; content:"/keren.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.241.67.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061763/; classtype:trojan-activity;sid:83924863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061764)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.214.27.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061764/; classtype:trojan-activity;sid:83924864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061754)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"147.78.103.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061754/; classtype:trojan-activity;sid:83924854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061755)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061755/; classtype:trojan-activity;sid:83924855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061756)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/80qtyi7ejsb57trgjharccpudx3ht0rtml"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061756/; classtype:trojan-activity;sid:83924856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061757)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/9cwn0rhwzq0ba6we20r3f2ybcxso4fjeb2"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061757/; classtype:trojan-activity;sid:83924857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061750)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jpkb7zvk1uzrjilwoxemevodsdfh9gdaro"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061750/; classtype:trojan-activity;sid:83924850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061751)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061751/; classtype:trojan-activity;sid:83924851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061752)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/8419a7tps31rwoyqyr9a9irqm4sqfpwsbg"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061752/; classtype:trojan-activity;sid:83924852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061753)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061753/; classtype:trojan-activity;sid:83924853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061744)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.141.120.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061744/; classtype:trojan-activity;sid:83924844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061745)"; flow:established,from_client; content:"GET"; http_method; content:"/keren.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.241.67.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061745/; classtype:trojan-activity;sid:83924845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061746)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061746/; classtype:trojan-activity;sid:83924846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061747)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"93.157.106.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061747/; classtype:trojan-activity;sid:83924847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061748)"; flow:established,from_client; content:"GET"; http_method; content:"/keren.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.241.67.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061748/; classtype:trojan-activity;sid:83924848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061749)"; flow:established,from_client; content:"GET"; http_method; content:"/keren.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.241.67.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061749/; classtype:trojan-activity;sid:83924849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061737)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"93.157.106.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061737/; classtype:trojan-activity;sid:83924837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061738)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.156.25.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061738/; classtype:trojan-activity;sid:83924838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061739)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061739/; classtype:trojan-activity;sid:83924839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061740)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.123.39.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061740/; classtype:trojan-activity;sid:83924840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061741)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"154.9.249.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061741/; classtype:trojan-activity;sid:83924841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061742)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"154.9.249.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061742/; classtype:trojan-activity;sid:83924842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061743)"; flow:established,from_client; content:"GET"; http_method; content:"/miraint.arm5n"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"23.225.71.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061743/; classtype:trojan-activity;sid:83924843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061732)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.123.85.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061732/; classtype:trojan-activity;sid:83924832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061733)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061733/; classtype:trojan-activity;sid:83924833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061734)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"95.214.27.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061734/; classtype:trojan-activity;sid:83924834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061735)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xm9mmevoubcn09fwzsayhpa3qgzfirrcrb"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061735/; classtype:trojan-activity;sid:83924835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061736)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061736/; classtype:trojan-activity;sid:83924836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061728)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"193.221.95.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061728/; classtype:trojan-activity;sid:83924828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061729)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/botirc.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061729/; classtype:trojan-activity;sid:83924829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061730)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"159.100.14.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061730/; classtype:trojan-activity;sid:83924830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061731)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061731/; classtype:trojan-activity;sid:83924831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061723)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"147.78.103.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061723/; classtype:trojan-activity;sid:83924823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061724)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"95.214.27.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061724/; classtype:trojan-activity;sid:83924824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061725)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061725/; classtype:trojan-activity;sid:83924825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061726)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"23.225.71.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061726/; classtype:trojan-activity;sid:83924826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061727)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"193.221.95.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061727/; classtype:trojan-activity;sid:83924827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061720)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061720/; classtype:trojan-activity;sid:83924820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061721)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"147.78.103.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061721/; classtype:trojan-activity;sid:83924821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061722)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rsrhkljkitnbdvo00dhjikkmfnfvjs7ft2"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061722/; classtype:trojan-activity;sid:83924822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061716)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.153.139.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061716/; classtype:trojan-activity;sid:83924816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061717)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061717/; classtype:trojan-activity;sid:83924817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061718)"; flow:established,from_client; content:"GET"; http_method; content:"/miraint.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"23.225.71.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061718/; classtype:trojan-activity;sid:83924818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.182.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061719/; classtype:trojan-activity;sid:83924819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061709)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061709/; classtype:trojan-activity;sid:83924809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061710)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"95.214.27.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061710/; classtype:trojan-activity;sid:83924810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061711)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"79.133.46.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061711/; classtype:trojan-activity;sid:83924811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061712)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"95.214.27.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061712/; classtype:trojan-activity;sid:83924812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061713)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061713/; classtype:trojan-activity;sid:83924813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061714)"; flow:established,from_client; content:"GET"; http_method; content:"/nginx_a7l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"204.93.201.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061714/; classtype:trojan-activity;sid:83924814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061715)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061715/; classtype:trojan-activity;sid:83924815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061701)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.214.27.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061701/; classtype:trojan-activity;sid:83924801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061702)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/5x75qtoxlogrynpkgm36kuttnoa8ljiwxo"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061702/; classtype:trojan-activity;sid:83924802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061703)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"154.9.249.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061703/; classtype:trojan-activity;sid:83924803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061704)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.141.120.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061704/; classtype:trojan-activity;sid:83924804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061705)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"93.157.106.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061705/; classtype:trojan-activity;sid:83924805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061706)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061706/; classtype:trojan-activity;sid:83924806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061707)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.141.120.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061707/; classtype:trojan-activity;sid:83924807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061708)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"93.157.106.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061708/; classtype:trojan-activity;sid:83924808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061700)"; flow:established,from_client; content:"GET"; http_method; content:"/keren.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.241.67.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061700/; classtype:trojan-activity;sid:83924800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061699)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061699/; classtype:trojan-activity;sid:83924799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061696)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.123.39.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061696/; classtype:trojan-activity;sid:83924796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061697)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"154.9.249.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061697/; classtype:trojan-activity;sid:83924797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061698)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061698/; classtype:trojan-activity;sid:83924798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061693)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061693/; classtype:trojan-activity;sid:83924793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061694)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"93.157.106.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061694/; classtype:trojan-activity;sid:83924794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061695)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061695/; classtype:trojan-activity;sid:83924795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061691)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061691/; classtype:trojan-activity;sid:83924791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061692)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"93.157.106.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061692/; classtype:trojan-activity;sid:83924792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061687)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"154.9.249.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061687/; classtype:trojan-activity;sid:83924787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061688)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"93.157.106.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061688/; classtype:trojan-activity;sid:83924788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061689)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"154.9.249.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061689/; classtype:trojan-activity;sid:83924789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061690)"; flow:established,from_client; content:"GET"; http_method; content:"/keren.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.241.67.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061690/; classtype:trojan-activity;sid:83924790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061680)"; flow:established,from_client; content:"GET"; http_method; content:"/keren.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.241.67.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061680/; classtype:trojan-activity;sid:83924780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061681)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.141.120.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061681/; classtype:trojan-activity;sid:83924781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061682)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/botirc.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.123.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061682/; classtype:trojan-activity;sid:83924782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061683)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"154.9.249.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061683/; classtype:trojan-activity;sid:83924783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061684)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"154.9.249.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061684/; classtype:trojan-activity;sid:83924784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061685)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061685/; classtype:trojan-activity;sid:83924785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061686)"; flow:established,from_client; content:"GET"; http_method; content:"/keren.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.241.67.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061686/; classtype:trojan-activity;sid:83924786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061673)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.123.39.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061673/; classtype:trojan-activity;sid:83924773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061674)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.123.39.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061674/; classtype:trojan-activity;sid:83924774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.132.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061675/; classtype:trojan-activity;sid:83924775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061676)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"93.157.106.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061676/; classtype:trojan-activity;sid:83924776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061677)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"93.157.106.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061677/; classtype:trojan-activity;sid:83924777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061678)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"93.157.106.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061678/; classtype:trojan-activity;sid:83924778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061679)"; flow:established,from_client; content:"GET"; http_method; content:"/keren.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.241.67.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061679/; classtype:trojan-activity;sid:83924779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061670)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061670/; classtype:trojan-activity;sid:83924770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061671)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.123.39.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061671/; classtype:trojan-activity;sid:83924771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.78.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061672/; classtype:trojan-activity;sid:83924772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061664)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061664/; classtype:trojan-activity;sid:83924764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061665)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061665/; classtype:trojan-activity;sid:83924765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061666)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061666/; classtype:trojan-activity;sid:83924766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061667)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061667/; classtype:trojan-activity;sid:83924767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061668)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061668/; classtype:trojan-activity;sid:83924768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061669)"; flow:established,from_client; content:"GET"; http_method; content:"/nginx_a5l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"204.93.201.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061669/; classtype:trojan-activity;sid:83924769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061651)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061651/; classtype:trojan-activity;sid:83924751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061652)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061652/; classtype:trojan-activity;sid:83924752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061653)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061653/; classtype:trojan-activity;sid:83924753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061654)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061654/; classtype:trojan-activity;sid:83924754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061655)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061655/; classtype:trojan-activity;sid:83924755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061656)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061656/; classtype:trojan-activity;sid:83924756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061657)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061657/; classtype:trojan-activity;sid:83924757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061658)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061658/; classtype:trojan-activity;sid:83924758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061659)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061659/; classtype:trojan-activity;sid:83924759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061660)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061660/; classtype:trojan-activity;sid:83924760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061661)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061661/; classtype:trojan-activity;sid:83924761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061662)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061662/; classtype:trojan-activity;sid:83924762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061663)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.105.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061663/; classtype:trojan-activity;sid:83924763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061649)"; flow:established,from_client; content:"GET"; http_method; content:"/nginx_a64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"204.93.201.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061649/; classtype:trojan-activity;sid:83924749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061650)"; flow:established,from_client; content:"GET"; http_method; content:"/nginx_64"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"204.93.201.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061650/; classtype:trojan-activity;sid:83924750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.101.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061648/; classtype:trojan-activity;sid:83924748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061645)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.36.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061645/; classtype:trojan-activity;sid:83924745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.86.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061644/; classtype:trojan-activity;sid:83924744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.129.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061643/; classtype:trojan-activity;sid:83924743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.120.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061642/; classtype:trojan-activity;sid:83924742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061641)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.157.50.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061641/; classtype:trojan-activity;sid:83924741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061640)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.241.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061640/; classtype:trojan-activity;sid:83924740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061638)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.176.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061638/; classtype:trojan-activity;sid:83924738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.231.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061639/; classtype:trojan-activity;sid:83924739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061636)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.175.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061636/; classtype:trojan-activity;sid:83924736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.101.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061637/; classtype:trojan-activity;sid:83924737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.18.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061635/; classtype:trojan-activity;sid:83924735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.71.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061634/; classtype:trojan-activity;sid:83924734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.164.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061633/; classtype:trojan-activity;sid:83924733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.173.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061632/; classtype:trojan-activity;sid:83924732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.164.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061631/; classtype:trojan-activity;sid:83924731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.132.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061630/; classtype:trojan-activity;sid:83924730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.137.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061629/; classtype:trojan-activity;sid:83924729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.176.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061628/; classtype:trojan-activity;sid:83924728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.181.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061627/; classtype:trojan-activity;sid:83924727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.43.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061625/; classtype:trojan-activity;sid:83924725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061626)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.70.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061626/; classtype:trojan-activity;sid:83924726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061624)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.185.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061624/; classtype:trojan-activity;sid:83924724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.182.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061623/; classtype:trojan-activity;sid:83924723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061622)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.4.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061622/; classtype:trojan-activity;sid:83924722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.140.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061621/; classtype:trojan-activity;sid:83924721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.169.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061620/; classtype:trojan-activity;sid:83924720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.0.77"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061619/; classtype:trojan-activity;sid:83924719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.142.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061618/; classtype:trojan-activity;sid:83924718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.86.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061617/; classtype:trojan-activity;sid:83924717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.173.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061616/; classtype:trojan-activity;sid:83924716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.70.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061615/; classtype:trojan-activity;sid:83924715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.209.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061614/; classtype:trojan-activity;sid:83924714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.229.174.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061613/; classtype:trojan-activity;sid:83924713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061612/; classtype:trojan-activity;sid:83924712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.173.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061611/; classtype:trojan-activity;sid:83924711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.80.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061610/; classtype:trojan-activity;sid:83924710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061609)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.112.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061609/; classtype:trojan-activity;sid:83924709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.200.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061608/; classtype:trojan-activity;sid:83924708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061607/; classtype:trojan-activity;sid:83924707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061605)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.138.12.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061605/; classtype:trojan-activity;sid:83924705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061606)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.245.243.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061606/; classtype:trojan-activity;sid:83924706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061604)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.165.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061604/; classtype:trojan-activity;sid:83924704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061599)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.37.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061599/; classtype:trojan-activity;sid:83924699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061600)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.98.9.101"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061600/; classtype:trojan-activity;sid:83924700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061601)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.218.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061601/; classtype:trojan-activity;sid:83924701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061602)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.168.176.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061602/; classtype:trojan-activity;sid:83924702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061603)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.205.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061603/; classtype:trojan-activity;sid:83924703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061594)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.92.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061594/; classtype:trojan-activity;sid:83924694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061595)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.194.32.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061595/; classtype:trojan-activity;sid:83924695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061596)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.30.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061596/; classtype:trojan-activity;sid:83924696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061597)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.89.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061597/; classtype:trojan-activity;sid:83924697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061598)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.88.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061598/; classtype:trojan-activity;sid:83924698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061592)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.144.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061592/; classtype:trojan-activity;sid:83924692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061593)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.6.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061593/; classtype:trojan-activity;sid:83924693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.140.106.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061591/; classtype:trojan-activity;sid:83924691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061589)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.244.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061589/; classtype:trojan-activity;sid:83924689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061590)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.213.110.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061590/; classtype:trojan-activity;sid:83924690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.18.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061588/; classtype:trojan-activity;sid:83924688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.109.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061587/; classtype:trojan-activity;sid:83924687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.137.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061586/; classtype:trojan-activity;sid:83924686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.61.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061585/; classtype:trojan-activity;sid:83924685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.121.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061584/; classtype:trojan-activity;sid:83924684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.161.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061583/; classtype:trojan-activity;sid:83924683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.145.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061582/; classtype:trojan-activity;sid:83924682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061581)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.11.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061581/; classtype:trojan-activity;sid:83924681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.221.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061580/; classtype:trojan-activity;sid:83924680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.197.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061579/; classtype:trojan-activity;sid:83924679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061578)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.83.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061578/; classtype:trojan-activity;sid:83924678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061577)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.171.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061577/; classtype:trojan-activity;sid:83924677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.221.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061576/; classtype:trojan-activity;sid:83924676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061575)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.183.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061575/; classtype:trojan-activity;sid:83924675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.209.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061573/; classtype:trojan-activity;sid:83924673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.0.77"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061574/; classtype:trojan-activity;sid:83924674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.142.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061572/; classtype:trojan-activity;sid:83924672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.80.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061570/; classtype:trojan-activity;sid:83924670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.160.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061571/; classtype:trojan-activity;sid:83924671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.206.95.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061569/; classtype:trojan-activity;sid:83924669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.173.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061568/; classtype:trojan-activity;sid:83924668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.115.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061566/; classtype:trojan-activity;sid:83924666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.95.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061567/; classtype:trojan-activity;sid:83924667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.129.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061565/; classtype:trojan-activity;sid:83924665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.29.225"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061564/; classtype:trojan-activity;sid:83924664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.229.174.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061563/; classtype:trojan-activity;sid:83924663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.109.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061562/; classtype:trojan-activity;sid:83924662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061561)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.160.104.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061561/; classtype:trojan-activity;sid:83924661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061560)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.212.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061560/; classtype:trojan-activity;sid:83924660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.221.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061559/; classtype:trojan-activity;sid:83924659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.255.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061558/; classtype:trojan-activity;sid:83924658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.208.3.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061557/; classtype:trojan-activity;sid:83924657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.197.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061556/; classtype:trojan-activity;sid:83924656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.171.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061555/; classtype:trojan-activity;sid:83924655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.31.249"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061554/; classtype:trojan-activity;sid:83924654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.121.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061552/; classtype:trojan-activity;sid:83924652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.19.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061553/; classtype:trojan-activity;sid:83924653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.115.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061551/; classtype:trojan-activity;sid:83924651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.209.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061550/; classtype:trojan-activity;sid:83924650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.163.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061548/; classtype:trojan-activity;sid:83924648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.161.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061549/; classtype:trojan-activity;sid:83924649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.206.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061547/; classtype:trojan-activity;sid:83924647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.250.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061546/; classtype:trojan-activity;sid:83924646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061545)"; flow:established,from_client; content:"GET"; http_method; content:"/a/jfhqw229.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"home4u.mk"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061545/; classtype:trojan-activity;sid:83924645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061542)"; flow:established,from_client; content:"GET"; http_method; content:"/ykkorzuqfq100.bin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"146.70.24.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061542/; classtype:trojan-activity;sid:83924642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061543)"; flow:established,from_client; content:"GET"; http_method; content:"/opgdwanixmub247.bin"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"66.150.198.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061543/; classtype:trojan-activity;sid:83924643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061544)"; flow:established,from_client; content:"GET"; http_method; content:"/xzuzuecxe67.bin"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"66.150.198.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061544/; classtype:trojan-activity;sid:83924644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061541)"; flow:established,from_client; content:"GET"; http_method; content:"/skszhhokrynycvd159.bin"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"146.70.24.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061541/; classtype:trojan-activity;sid:83924641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.61.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061540/; classtype:trojan-activity;sid:83924640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061539)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.237.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061539/; classtype:trojan-activity;sid:83924639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061538)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.16.12"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061538/; classtype:trojan-activity;sid:83924638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061537)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.150.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061537/; classtype:trojan-activity;sid:83924637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.191.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061535/; classtype:trojan-activity;sid:83924635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061536)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.0.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061536/; classtype:trojan-activity;sid:83924636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.19.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061534/; classtype:trojan-activity;sid:83924634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.248.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061533/; classtype:trojan-activity;sid:83924633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.174.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061532/; classtype:trojan-activity;sid:83924632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.41.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061531/; classtype:trojan-activity;sid:83924631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.208.3.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061530/; classtype:trojan-activity;sid:83924630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.218.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061529/; classtype:trojan-activity;sid:83924629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.163.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061527/; classtype:trojan-activity;sid:83924627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.50.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061528/; classtype:trojan-activity;sid:83924628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061526)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.229.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061526/; classtype:trojan-activity;sid:83924626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.161.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061525/; classtype:trojan-activity;sid:83924625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.178.221.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061524/; classtype:trojan-activity;sid:83924624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.40.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061522/; classtype:trojan-activity;sid:83924622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.34.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061523/; classtype:trojan-activity;sid:83924623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.101.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061521/; classtype:trojan-activity;sid:83924621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.233.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061519/; classtype:trojan-activity;sid:83924619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061520)"; flow:established,from_client; content:"GET"; http_method; content:"/shindevarm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"192.3.1.113"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061520/; classtype:trojan-activity;sid:83924620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061517)"; flow:established,from_client; content:"GET"; http_method; content:"/payload2.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"172.104.160.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061517/; classtype:trojan-activity;sid:83924617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.14.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061518/; classtype:trojan-activity;sid:83924618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061516)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"109.107.166.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061516/; classtype:trojan-activity;sid:83924616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.121.3.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061514/; classtype:trojan-activity;sid:83924614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.121.3.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061515/; classtype:trojan-activity;sid:83924615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061513)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1j7ltdpl8xs6-3tgdctojda2tytpkixk8"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061513/; classtype:trojan-activity;sid:83924613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061512)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1y7uppv_adkponakwwz3xh8fh2au_zd1q"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061512/; classtype:trojan-activity;sid:83924612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061509)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1ym8akclpz20qhuwav7_en4qcpezs20i2"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061509/; classtype:trojan-activity;sid:83924609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061510)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1dg0exynyytilmwvdp3v1denuhlxqrosz"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061510/; classtype:trojan-activity;sid:83924610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061511)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1iesqruzogl-axgunc2woeuhkvlrnydcd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061511/; classtype:trojan-activity;sid:83924611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.78.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061507/; classtype:trojan-activity;sid:83924607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061508)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=15zgeesmda5wyugsfzvjg2gwkc_fgqotw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061508/; classtype:trojan-activity;sid:83924608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.236.58.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061506/; classtype:trojan-activity;sid:83924606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.213.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061505/; classtype:trojan-activity;sid:83924605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061500)"; flow:established,from_client; content:"GET"; http_method; content:"/54t45t564.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"162.250.98.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061500/; classtype:trojan-activity;sid:83924600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061501)"; flow:established,from_client; content:"GET"; http_method; content:"/gy856678.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"162.250.98.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061501/; classtype:trojan-activity;sid:83924601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061502)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"147.78.103.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061502/; classtype:trojan-activity;sid:83924602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061503)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"147.78.103.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061503/; classtype:trojan-activity;sid:83924603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.241.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061504/; classtype:trojan-activity;sid:83924604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061498)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1qidcf15np2o5fr3shk6ulklfjvgjcg47"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061498/; classtype:trojan-activity;sid:83924598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061499)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.8.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061499/; classtype:trojan-activity;sid:83924599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061497)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"209.141.61.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061497/; classtype:trojan-activity;sid:83924597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.174.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061496/; classtype:trojan-activity;sid:83924596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.111.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061495/; classtype:trojan-activity;sid:83924595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061494)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.180.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061494/; classtype:trojan-activity;sid:83924594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061493)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.22.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061493/; classtype:trojan-activity;sid:83924593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061492)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.228.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061492/; classtype:trojan-activity;sid:83924592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061490)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.210.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061490/; classtype:trojan-activity;sid:83924590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.116.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061491/; classtype:trojan-activity;sid:83924591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061488)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061488/; classtype:trojan-activity;sid:83924588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.164.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061489/; classtype:trojan-activity;sid:83924589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.166.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061487/; classtype:trojan-activity;sid:83924587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.218.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061486/; classtype:trojan-activity;sid:83924586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.98.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061485/; classtype:trojan-activity;sid:83924585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.248.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061484/; classtype:trojan-activity;sid:83924584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.60.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061483/; classtype:trojan-activity;sid:83924583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.50.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061482/; classtype:trojan-activity;sid:83924582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.81.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061480/; classtype:trojan-activity;sid:83924580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.245.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061481/; classtype:trojan-activity;sid:83924581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.178.221.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061479/; classtype:trojan-activity;sid:83924579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.139.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061478/; classtype:trojan-activity;sid:83924578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061477)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.103.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061477/; classtype:trojan-activity;sid:83924577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061476)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.107.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061476/; classtype:trojan-activity;sid:83924576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061475)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.56.87.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061475/; classtype:trojan-activity;sid:83924575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061474)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.8.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061474/; classtype:trojan-activity;sid:83924574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.233.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061473/; classtype:trojan-activity;sid:83924573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.51.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061472/; classtype:trojan-activity;sid:83924572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.241.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061471/; classtype:trojan-activity;sid:83924571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.139.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061470/; classtype:trojan-activity;sid:83924570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.189.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061469/; classtype:trojan-activity;sid:83924569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.116.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061468/; classtype:trojan-activity;sid:83924568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.40.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061467/; classtype:trojan-activity;sid:83924567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.129.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061466/; classtype:trojan-activity;sid:83924566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.111.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061465/; classtype:trojan-activity;sid:83924565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.189.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061464/; classtype:trojan-activity;sid:83924564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061463/; classtype:trojan-activity;sid:83924563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061462)"; flow:established,from_client; content:"GET"; http_method; content:"/231ee868-d324-4cda-a591-0bf66d47a445/downloads/c596fa89-c231-4322-a4ad-cb69cbb39c62/updatessss.exe|3f|response-content-disposition=attachment%3b%20filename%3d%22updatessss.exe%22|7c|26|7c|awsaccesskeyid=asia6kose3bnktxv6gnp|7c|26|7c|signature=ryp5twf5jnnmp9gqdjihivarc08%3d|7c|26|7c|x-amz-security-token=iqojb3jpz2lux2vjekp%2f%2f%2f%2f%2f%2f%2f%2f%2f%2fweacxvzlwvhc3qtmsjhmeucia4ctumymfotfdojqkyl%2ft%2b6mulwt9ydp3obq1ifdgxhaieat1%2fkrfl9fdzhom3mpjajinjvpwocncspig%2fzggrflloqpwiifbaaggw5odq1mjuxmdexndyidj5e9vijhtxnb9zkhyqeagzm%2fvkwpzbwx0i1avwuyqtmkly5ot%2btmzovnhkmvmyld2l2y6yeje57ebnkwyubwfw7zrapgimrmvjehsfl%2fa9vkwiow8bkrpodqtvj4tcyphpbi8zj%2fbgsqfoorvcjg3emzrlmzudmbq4h93w%2bjoi40gsoon%2bute%2bwsugh42n3gwv%2fpmyb7yu77qdxbr85zt%2fex5%2bvmmx9ywif6ndr6nua1pct2bkzs4r5wmoxllbivzilkbv6sholkbn2wymm7vhavmbg8l7sbuj8ylsvrdb6qu9tszjdgw8l0pdlkpml6qh4bmtljssth3ypojtfbp7rcxas9c6wrq6gujv6jpfgqvjdmoxo%2brqgop0b8ubtr6wisnvtp00fw%2ffcdjwwiewjeu0qqd6q4yavi02znhhhw7alsx%2fdox9lko96xur8i6qi7v0ltepb2oir2bjueqoi1ofvl46uvamiamcgdalie%2bzb6wcmkbf1ioebohqlnvh%2fph9wcwdwqvpcln194dpvjdw%2fukpne4sy3nvnzezczuyd0lhbq%2fgg9n7f08rymsiuv6klrgdtjw%3d%3d|7c|26|7c|expires=1721675373"; http_uri; depth:1163; isdataat:!1,relative; nocase; content:"bbuseruploads.s3.amazonaws.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061462/; classtype:trojan-activity;sid:83924562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061461)"; flow:established,from_client; content:"GET"; http_method; content:"/231ee868-d324-4cda-a591-0bf66d47a445/downloads/05ff3a35-bed8-4825-bc6a-38d6459af864/updatemmmm.exe|3f|response-content-disposition=attachment%3b%20filename%3d%22updatemmmm.exe%22|7c|26|7c|awsaccesskeyid=asia6kose3bni36od54l|7c|26|7c|signature=ixxwgxil7l3%2fhn2wjhxvxr8paxu%3d|7c|26|7c|x-amz-security-token=iqojb3jpz2lux2vjekp%2f%2f%2f%2f%2f%2f%2f%2f%2f%2fweacxvzlwvhc3qtmsjhmeucidwbtgqibtlmwm1ec9a%2ba0drxo5ymvqj%2buvlqq%2buyuspaieatkgo3qvnb4k7%2be%2bhhvvk0aqvq7a6raza2fzhycejfgqqpwiifbaaggw5odq1mjuxmdexndyidotou%2bcoqxeoy%2fqbasqeappvbrl6%2bq7ih4ftqzyvz9cdrwt6nhjbfbi1cvzbq9eimq4g5eziwbfgweiwl%2fqfnd9rylamzlc5kc6jhvkz%2b0qpz4l51sbhbiat90pynfdamfikhea%2fuqlrm%2fo70eupqcmgyzdp4tzgiuumo%2fwcah0lnpkamodmoc3y6t8voarghoovqjrn5wvjhvksjsr9lfvew%2bkgyvv7edcitebrgtwsr%2fphpfufhz3nqzrbtnxdpsczvbe440hrsxhbnbxohi4obvgrgsimtl4bhpkplbk%2bbjx55eg134reibevx64f%2fjwouc3jd0emj8q%2bfpmb43m%2b57jvsv1ujz942vevxoitwat1mj3w%2brqgop0bfljy%2b1lchuxb85wquroj2gerwx1pxoostcn0jfmyseq1bl%2blcmpmsnbxrbu9ydnttfmgawz0ctoqu96zxy43kfolzvppvs0xoyrmkpc%2b%2bd602ust2gkhkyj5ue1thr5kn8o2sphxwwj2%2f5ge6hmovlqkxfnq0%2bnt%2behlwgryjvxqfo5jk27d%2feaddwnjckl52ewt4ssdlkhxtza3ia%3d%3d|7c|26|7c|expires=1721676325"; http_uri; depth:1179; isdataat:!1,relative; nocase; content:"bbuseruploads.s3.amazonaws.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061461/; classtype:trojan-activity;sid:83924561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061459/; classtype:trojan-activity;sid:83924559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061458)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.93.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061458/; classtype:trojan-activity;sid:83924558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061457)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.61.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061457/; classtype:trojan-activity;sid:83924557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061456)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061456/; classtype:trojan-activity;sid:83924556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.42.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061455/; classtype:trojan-activity;sid:83924555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.98.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061454/; classtype:trojan-activity;sid:83924554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.7.108"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061453/; classtype:trojan-activity;sid:83924553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.205.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061452/; classtype:trojan-activity;sid:83924552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.13.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061451/; classtype:trojan-activity;sid:83924551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.81.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061450/; classtype:trojan-activity;sid:83924550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.150.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061449/; classtype:trojan-activity;sid:83924549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061448)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.151.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061448/; classtype:trojan-activity;sid:83924548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.158.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061447/; classtype:trojan-activity;sid:83924547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.189.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061446/; classtype:trojan-activity;sid:83924546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061445)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.43.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061445/; classtype:trojan-activity;sid:83924545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061444)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.27.87"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061444/; classtype:trojan-activity;sid:83924544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.135.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061443/; classtype:trojan-activity;sid:83924543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061442)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.226.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061442/; classtype:trojan-activity;sid:83924542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061440)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.208.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061440/; classtype:trojan-activity;sid:83924540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061441)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.183.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061441/; classtype:trojan-activity;sid:83924541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.239.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061439/; classtype:trojan-activity;sid:83924539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.234.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061438/; classtype:trojan-activity;sid:83924538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.209.113.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061437/; classtype:trojan-activity;sid:83924537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061435)"; flow:established,from_client; content:"GET"; http_method; content:"/auto/9923765c101c3aa0fca26d109ef9ebe8/215.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"116.203.8.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061435/; classtype:trojan-activity;sid:83924535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061436)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.88.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061436/; classtype:trojan-activity;sid:83924536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.7.108"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061434/; classtype:trojan-activity;sid:83924534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061433)"; flow:established,from_client; content:"GET"; http_method; content:"/auto/9923765c101c3aa0fca26d109ef9ebe8/223.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"116.203.8.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061433/; classtype:trojan-activity;sid:83924533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061430)"; flow:established,from_client; content:"GET"; http_method; content:"/auto/9923765c101c3aa0fca26d109ef9ebe8/215.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"static.165.8.203.116.clients.your-server.de"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061430/; classtype:trojan-activity;sid:83924530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061429)"; flow:established,from_client; content:"GET"; http_method; content:"/auto/9923765c101c3aa0fca26d109ef9ebe8/223.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"static.165.8.203.116.clients.your-server.de"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061429/; classtype:trojan-activity;sid:83924529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061428)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.180.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061428/; classtype:trojan-activity;sid:83924528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.94.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061427/; classtype:trojan-activity;sid:83924527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.248.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061426/; classtype:trojan-activity;sid:83924526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.218.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061425/; classtype:trojan-activity;sid:83924525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.13.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061424/; classtype:trojan-activity;sid:83924524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.81.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061423/; classtype:trojan-activity;sid:83924523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.57.236.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061422/; classtype:trojan-activity;sid:83924522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.24.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061421/; classtype:trojan-activity;sid:83924521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061420)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.217.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061420/; classtype:trojan-activity;sid:83924520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061419)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.97.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061419/; classtype:trojan-activity;sid:83924519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.135.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061415/; classtype:trojan-activity;sid:83924515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.61.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061416/; classtype:trojan-activity;sid:83924516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.51.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061417/; classtype:trojan-activity;sid:83924517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061418)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.15.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061418/; classtype:trojan-activity;sid:83924518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.18.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061414/; classtype:trojan-activity;sid:83924514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.8.66"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061413/; classtype:trojan-activity;sid:83924513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.33.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061412/; classtype:trojan-activity;sid:83924512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.234.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061411/; classtype:trojan-activity;sid:83924511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.122.114.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061410/; classtype:trojan-activity;sid:83924510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.129.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061409/; classtype:trojan-activity;sid:83924509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.187.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061408/; classtype:trojan-activity;sid:83924508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.187.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061407/; classtype:trojan-activity;sid:83924507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.138.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061406/; classtype:trojan-activity;sid:83924506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.2.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061405/; classtype:trojan-activity;sid:83924505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.71.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061404/; classtype:trojan-activity;sid:83924504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061402)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.123.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061402/; classtype:trojan-activity;sid:83924502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061403)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061403/; classtype:trojan-activity;sid:83924503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061401)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.25.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061401/; classtype:trojan-activity;sid:83924501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061400)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.81.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061400/; classtype:trojan-activity;sid:83924500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061399)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.112.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061399/; classtype:trojan-activity;sid:83924499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061398)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.177.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061398/; classtype:trojan-activity;sid:83924498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061395)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.132.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061395/; classtype:trojan-activity;sid:83924495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061396)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.149.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061396/; classtype:trojan-activity;sid:83924496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061397)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.21.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061397/; classtype:trojan-activity;sid:83924497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061394)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.249.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061394/; classtype:trojan-activity;sid:83924494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061393)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.24.191.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061393/; classtype:trojan-activity;sid:83924493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.81.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061392/; classtype:trojan-activity;sid:83924492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.185.140.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061391/; classtype:trojan-activity;sid:83924491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.138.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061390/; classtype:trojan-activity;sid:83924490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.57.236.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061389/; classtype:trojan-activity;sid:83924489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061382)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.137.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061382/; classtype:trojan-activity;sid:83924482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061383)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"trcpay.xyz"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061383/; classtype:trojan-activity;sid:83924483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061384)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"trcpay.xyz"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061384/; classtype:trojan-activity;sid:83924484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061385)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"trcpay.xyz"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061385/; classtype:trojan-activity;sid:83924485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061386)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"trcpay.xyz"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061386/; classtype:trojan-activity;sid:83924486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061387)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"trcpay.xyz"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061387/; classtype:trojan-activity;sid:83924487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061388)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"trcpay.xyz"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061388/; classtype:trojan-activity;sid:83924488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061380)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"trcpay.xyz"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061380/; classtype:trojan-activity;sid:83924480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061381)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"trcpay.xyz"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061381/; classtype:trojan-activity;sid:83924481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061377)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"trcpay.xyz"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061377/; classtype:trojan-activity;sid:83924477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061378)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"trcpay.xyz"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061378/; classtype:trojan-activity;sid:83924478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061379)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"trcpay.xyz"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061379/; classtype:trojan-activity;sid:83924479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061376)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.44.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061376/; classtype:trojan-activity;sid:83924476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061373)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.156.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061373/; classtype:trojan-activity;sid:83924473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.114.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061374/; classtype:trojan-activity;sid:83924474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061375)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061375/; classtype:trojan-activity;sid:83924475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.101.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061372/; classtype:trojan-activity;sid:83924472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.61.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061371/; classtype:trojan-activity;sid:83924471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.165.140.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061370/; classtype:trojan-activity;sid:83924470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.221.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061369/; classtype:trojan-activity;sid:83924469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061368)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"194.147.16.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061368/; classtype:trojan-activity;sid:83924468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061366)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"194.147.16.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061366/; classtype:trojan-activity;sid:83924466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061367)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"194.147.16.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061367/; classtype:trojan-activity;sid:83924467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061363)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"194.147.16.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061363/; classtype:trojan-activity;sid:83924463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061364)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"194.147.16.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061364/; classtype:trojan-activity;sid:83924464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061365)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"194.147.16.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061365/; classtype:trojan-activity;sid:83924465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061357)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"194.147.16.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061357/; classtype:trojan-activity;sid:83924457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061358)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"194.147.16.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061358/; classtype:trojan-activity;sid:83924458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061359)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"194.147.16.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061359/; classtype:trojan-activity;sid:83924459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061360)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"194.147.16.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061360/; classtype:trojan-activity;sid:83924460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.122.114.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061361/; classtype:trojan-activity;sid:83924461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061362)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"194.147.16.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061362/; classtype:trojan-activity;sid:83924462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.88.176.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061356/; classtype:trojan-activity;sid:83924456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061355)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.150.26.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061355/; classtype:trojan-activity;sid:83924455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061352)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.trcpay.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061352/; classtype:trojan-activity;sid:83924452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061353)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.150.26.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061353/; classtype:trojan-activity;sid:83924453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061354)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.trcpay.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061354/; classtype:trojan-activity;sid:83924454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061349)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.trcpay.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061349/; classtype:trojan-activity;sid:83924449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061350)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.150.26.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061350/; classtype:trojan-activity;sid:83924450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061351)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.trcpay.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061351/; classtype:trojan-activity;sid:83924451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061344)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.150.26.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061344/; classtype:trojan-activity;sid:83924444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061345)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.trcpay.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061345/; classtype:trojan-activity;sid:83924445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061346)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.150.26.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061346/; classtype:trojan-activity;sid:83924446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061347)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.trcpay.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061347/; classtype:trojan-activity;sid:83924447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061348)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.150.26.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061348/; classtype:trojan-activity;sid:83924448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061342)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.trcpay.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061342/; classtype:trojan-activity;sid:83924442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061343)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.150.26.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061343/; classtype:trojan-activity;sid:83924443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061334)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.trcpay.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061334/; classtype:trojan-activity;sid:83924434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061335)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.trcpay.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061335/; classtype:trojan-activity;sid:83924435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061336)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.150.26.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061336/; classtype:trojan-activity;sid:83924436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061337)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.trcpay.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061337/; classtype:trojan-activity;sid:83924437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061338)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.trcpay.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061338/; classtype:trojan-activity;sid:83924438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061339)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.150.26.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061339/; classtype:trojan-activity;sid:83924439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061340)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.150.26.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061340/; classtype:trojan-activity;sid:83924440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061341)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.150.26.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061341/; classtype:trojan-activity;sid:83924441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.71.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061333/; classtype:trojan-activity;sid:83924433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061332)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.7.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061332/; classtype:trojan-activity;sid:83924432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061331)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.128.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061331/; classtype:trojan-activity;sid:83924431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.32.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061330/; classtype:trojan-activity;sid:83924430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.185.140.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061329/; classtype:trojan-activity;sid:83924429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.38.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061328/; classtype:trojan-activity;sid:83924428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.53.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061327/; classtype:trojan-activity;sid:83924427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061325)"; flow:established,from_client; content:"GET"; http_method; content:"/auto/9923765c101c3aa0fca26d109ef9ebe8/215.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"static.165.8.203.116.clients.your-server.de"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061325/; classtype:trojan-activity;sid:83924425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061324)"; flow:established,from_client; content:"GET"; http_method; content:"/auto/9923765c101c3aa0fca26d109ef9ebe8/215.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"116.203.8.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061324/; classtype:trojan-activity;sid:83924424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061322)"; flow:established,from_client; content:"GET"; http_method; content:"/auto/9923765c101c3aa0fca26d109ef9ebe8/223.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"116.203.8.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061322/; classtype:trojan-activity;sid:83924422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061323)"; flow:established,from_client; content:"GET"; http_method; content:"/auto/9923765c101c3aa0fca26d109ef9ebe8/223.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"static.165.8.203.116.clients.your-server.de"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061323/; classtype:trojan-activity;sid:83924423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061321)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.80.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061321/; classtype:trojan-activity;sid:83924421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.83.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061319/; classtype:trojan-activity;sid:83924419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061320)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.119.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061320/; classtype:trojan-activity;sid:83924420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061317)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.128.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061317/; classtype:trojan-activity;sid:83924417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.178.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061318/; classtype:trojan-activity;sid:83924418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.253.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061316/; classtype:trojan-activity;sid:83924416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.212.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061315/; classtype:trojan-activity;sid:83924415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.210.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061314/; classtype:trojan-activity;sid:83924414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.97.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061312/; classtype:trojan-activity;sid:83924412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.134.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061311/; classtype:trojan-activity;sid:83924411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.152.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061310/; classtype:trojan-activity;sid:83924410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.41.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061309/; classtype:trojan-activity;sid:83924409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.32.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061308/; classtype:trojan-activity;sid:83924408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061306)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mips"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"xjp.cyberspeed.baby"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061306/; classtype:trojan-activity;sid:83924406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061307)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mips"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"lkq.cyberspeed.baby"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061307/; classtype:trojan-activity;sid:83924407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.131.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061305/; classtype:trojan-activity;sid:83924405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061294)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"awesome-shirley.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061294/; classtype:trojan-activity;sid:83924394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061295)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"fervent-kilby.37-221-67-60.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061295/; classtype:trojan-activity;sid:83924395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061296)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"gestion-client.37-221-67-60.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061296/; classtype:trojan-activity;sid:83924396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061297)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.manager.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061297/; classtype:trojan-activity;sid:83924397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061298)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.manager.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061298/; classtype:trojan-activity;sid:83924398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061299)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"happy-heisenberg.37-221-67-60.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061299/; classtype:trojan-activity;sid:83924399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061300)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"awesome-shirley.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061300/; classtype:trojan-activity;sid:83924400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061301)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"auth-idclient.37-221-67-60.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061301/; classtype:trojan-activity;sid:83924401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061302)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"inspiring-ride.37-221-67-60.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061302/; classtype:trojan-activity;sid:83924402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061303)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"manager.37-221-67-60.plesk.page"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061303/; classtype:trojan-activity;sid:83924403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061304)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.auth-idclient.37-221-67-60.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061304/; classtype:trojan-activity;sid:83924404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061285)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"awesome-shirley.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061285/; classtype:trojan-activity;sid:83924385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061286)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"intelligent-varahamihira.37-221-67-60.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061286/; classtype:trojan-activity;sid:83924386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061287)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"espace-auth.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061287/; classtype:trojan-activity;sid:83924387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061288)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.gestion.transaction.37-221-67-60.plesk.page"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061288/; classtype:trojan-activity;sid:83924388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061289)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.manager.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061289/; classtype:trojan-activity;sid:83924389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061290)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"37-221-67-60.plesk.page"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061290/; classtype:trojan-activity;sid:83924390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061291)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"manager.37-221-67-60.plesk.page"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061291/; classtype:trojan-activity;sid:83924391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061292)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"37-221-67-60.plesk.page"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061292/; classtype:trojan-activity;sid:83924392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061293)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"webmail.espace-auth.37-221-67-60.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061293/; classtype:trojan-activity;sid:83924393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061278)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.manager.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061278/; classtype:trojan-activity;sid:83924378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061279)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.espace-auth.37-221-67-60.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061279/; classtype:trojan-activity;sid:83924379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061280)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"manager.37-221-67-60.plesk.page"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061280/; classtype:trojan-activity;sid:83924380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061281)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"webmail.gestion-client.37-221-67-60.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061281/; classtype:trojan-activity;sid:83924381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061282)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.inspiring-ride.37-221-67-60.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061282/; classtype:trojan-activity;sid:83924382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061283)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"gestion-client.37-221-67-60.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061283/; classtype:trojan-activity;sid:83924383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061284)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.manager.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061284/; classtype:trojan-activity;sid:83924384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061275)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.sparc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.auth-idclient.37-221-67-60.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061275/; classtype:trojan-activity;sid:83924375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061276)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.auth-idclient.37-221-67-60.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061276/; classtype:trojan-activity;sid:83924376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061277)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"espace-auth.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061277/; classtype:trojan-activity;sid:83924377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061268)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.sparc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"fervent-kilby.37-221-67-60.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061268/; classtype:trojan-activity;sid:83924368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061269)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"webmail.auth-idclient.37-221-67-60.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061269/; classtype:trojan-activity;sid:83924369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061270)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.sparc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"inspiring-ride.37-221-67-60.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061270/; classtype:trojan-activity;sid:83924370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061271)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"gestion.transaction.37-221-67-60.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061271/; classtype:trojan-activity;sid:83924371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061272)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.espace-auth.37-221-67-60.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061272/; classtype:trojan-activity;sid:83924372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061273)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.espace-auth.37-221-67-60.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061273/; classtype:trojan-activity;sid:83924373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061274)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"intelligent-varahamihira.37-221-67-60.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061274/; classtype:trojan-activity;sid:83924374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061265)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.auth-idclient.37-221-67-60.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061265/; classtype:trojan-activity;sid:83924365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061266)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.happy-heisenberg.37-221-67-60.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061266/; classtype:trojan-activity;sid:83924366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061267)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"awesome-shirley.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061267/; classtype:trojan-activity;sid:83924367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061263)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"inspiring-ride.37-221-67-60.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061263/; classtype:trojan-activity;sid:83924363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061264)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.sparc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.locale.37-221-67-60.plesk.page"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061264/; classtype:trojan-activity;sid:83924364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061260)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.inspiring-ride.37-221-67-60.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061260/; classtype:trojan-activity;sid:83924360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061261)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"gestion-client.37-221-67-60.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061261/; classtype:trojan-activity;sid:83924361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061262)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"inspiring-ride.37-221-67-60.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061262/; classtype:trojan-activity;sid:83924362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061254)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.manager.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061254/; classtype:trojan-activity;sid:83924354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061255)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"intelligent-varahamihira.37-221-67-60.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061255/; classtype:trojan-activity;sid:83924355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061256)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"fervent-kilby.37-221-67-60.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061256/; classtype:trojan-activity;sid:83924356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061257)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"auth-idclient.37-221-67-60.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061257/; classtype:trojan-activity;sid:83924357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061258)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"manager.37-221-67-60.plesk.page"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061258/; classtype:trojan-activity;sid:83924358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061259)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.locale.37-221-67-60.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061259/; classtype:trojan-activity;sid:83924359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061251)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"gestion.transaction.37-221-67-60.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061251/; classtype:trojan-activity;sid:83924351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061252)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"intelligent-varahamihira.37-221-67-60.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061252/; classtype:trojan-activity;sid:83924352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061253)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.espace-auth.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061253/; classtype:trojan-activity;sid:83924353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061246)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.auth-idclient.37-221-67-60.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061246/; classtype:trojan-activity;sid:83924346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061247)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.gestion.transaction.37-221-67-60.plesk.page"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061247/; classtype:trojan-activity;sid:83924347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061248)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.sparc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"gestion-client.37-221-67-60.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061248/; classtype:trojan-activity;sid:83924348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061249)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"inspiring-ride.37-221-67-60.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061249/; classtype:trojan-activity;sid:83924349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061250)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"37-221-67-60.plesk.page"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061250/; classtype:trojan-activity;sid:83924350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061242)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.locale.37-221-67-60.plesk.page"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061242/; classtype:trojan-activity;sid:83924342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061243)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"webmail.espace-auth.37-221-67-60.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061243/; classtype:trojan-activity;sid:83924343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061244)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"gestion-client.37-221-67-60.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061244/; classtype:trojan-activity;sid:83924344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061245)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.locale.37-221-67-60.plesk.page"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061245/; classtype:trojan-activity;sid:83924345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061238)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"37-221-67-60.plesk.page"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061238/; classtype:trojan-activity;sid:83924338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061239)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"webmail.auth-idclient.37-221-67-60.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061239/; classtype:trojan-activity;sid:83924339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061240)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.gestion.transaction.37-221-67-60.plesk.page"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061240/; classtype:trojan-activity;sid:83924340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061241)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"intelligent-varahamihira.37-221-67-60.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061241/; classtype:trojan-activity;sid:83924341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061236)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"auth-idclient.37-221-67-60.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061236/; classtype:trojan-activity;sid:83924336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061237)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.auth-idclient.37-221-67-60.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061237/; classtype:trojan-activity;sid:83924337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061230)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"awesome-shirley.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061230/; classtype:trojan-activity;sid:83924330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061231)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"happy-heisenberg.37-221-67-60.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061231/; classtype:trojan-activity;sid:83924331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061232)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"locale.37-221-67-60.plesk.page"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061232/; classtype:trojan-activity;sid:83924332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061233)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"manager.37-221-67-60.plesk.page"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061233/; classtype:trojan-activity;sid:83924333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061234)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.inspiring-ride.37-221-67-60.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061234/; classtype:trojan-activity;sid:83924334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061235)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"espace-auth.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061235/; classtype:trojan-activity;sid:83924335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061226)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"locale.37-221-67-60.plesk.page"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061226/; classtype:trojan-activity;sid:83924326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061227)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.sparc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"webmail.locale.37-221-67-60.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061227/; classtype:trojan-activity;sid:83924327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061228)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"happy-heisenberg.37-221-67-60.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061228/; classtype:trojan-activity;sid:83924328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061229)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.sparc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"webmail.manager.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061229/; classtype:trojan-activity;sid:83924329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061222)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.sparc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"espace-auth.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061222/; classtype:trojan-activity;sid:83924322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061223)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.happy-heisenberg.37-221-67-60.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061223/; classtype:trojan-activity;sid:83924323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061224)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"gestion.transaction.37-221-67-60.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061224/; classtype:trojan-activity;sid:83924324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061225)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.112.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061225/; classtype:trojan-activity;sid:83924325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061220)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.sparc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"awesome-shirley.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061220/; classtype:trojan-activity;sid:83924320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061221)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.gestion-client.37-221-67-60.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061221/; classtype:trojan-activity;sid:83924321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061215)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"webmail.manager.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061215/; classtype:trojan-activity;sid:83924315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061216)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.espace-auth.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061216/; classtype:trojan-activity;sid:83924316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061217)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.locale.37-221-67-60.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061217/; classtype:trojan-activity;sid:83924317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061218)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.locale.37-221-67-60.plesk.page"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061218/; classtype:trojan-activity;sid:83924318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061219)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"gestion.transaction.37-221-67-60.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061219/; classtype:trojan-activity;sid:83924319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061212)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.gestion-client.37-221-67-60.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061212/; classtype:trojan-activity;sid:83924312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061213)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.happy-heisenberg.37-221-67-60.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061213/; classtype:trojan-activity;sid:83924313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061214)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.sparc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.happy-heisenberg.37-221-67-60.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061214/; classtype:trojan-activity;sid:83924314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061205)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.sparc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"manager.37-221-67-60.plesk.page"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061205/; classtype:trojan-activity;sid:83924305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061206)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"happy-heisenberg.37-221-67-60.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061206/; classtype:trojan-activity;sid:83924306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061207)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"manager.37-221-67-60.plesk.page"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061207/; classtype:trojan-activity;sid:83924307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061208)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.locale.37-221-67-60.plesk.page"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061208/; classtype:trojan-activity;sid:83924308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061209)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"auth-idclient.37-221-67-60.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061209/; classtype:trojan-activity;sid:83924309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061210)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.locale.37-221-67-60.plesk.page"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061210/; classtype:trojan-activity;sid:83924310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061211)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.happy-heisenberg.37-221-67-60.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061211/; classtype:trojan-activity;sid:83924311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061202)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"gestion.transaction.37-221-67-60.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061202/; classtype:trojan-activity;sid:83924302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061203)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.sparc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"webmail.espace-auth.37-221-67-60.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061203/; classtype:trojan-activity;sid:83924303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061204)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.auth-idclient.37-221-67-60.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061204/; classtype:trojan-activity;sid:83924304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061200)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"gestion.transaction.37-221-67-60.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061200/; classtype:trojan-activity;sid:83924300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061201)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"inspiring-ride.37-221-67-60.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061201/; classtype:trojan-activity;sid:83924301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061197)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"webmail.locale.37-221-67-60.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061197/; classtype:trojan-activity;sid:83924297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061198)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.happy-heisenberg.37-221-67-60.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061198/; classtype:trojan-activity;sid:83924298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061199)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.manager.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061199/; classtype:trojan-activity;sid:83924299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061190)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.espace-auth.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061190/; classtype:trojan-activity;sid:83924290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061191)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"manager.37-221-67-60.plesk.page"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061191/; classtype:trojan-activity;sid:83924291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061192)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"espace-auth.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061192/; classtype:trojan-activity;sid:83924292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061193)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"auth-idclient.37-221-67-60.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061193/; classtype:trojan-activity;sid:83924293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061194)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.sparc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"happy-heisenberg.37-221-67-60.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061194/; classtype:trojan-activity;sid:83924294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061195)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.espace-auth.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061195/; classtype:trojan-activity;sid:83924295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061196)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.sparc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.manager.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061196/; classtype:trojan-activity;sid:83924296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061185)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"inspiring-ride.37-221-67-60.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061185/; classtype:trojan-activity;sid:83924285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061186)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.sparc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"webmail.gestion-client.37-221-67-60.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061186/; classtype:trojan-activity;sid:83924286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061187)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.inspiring-ride.37-221-67-60.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061187/; classtype:trojan-activity;sid:83924287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061188)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"inspiring-ride.37-221-67-60.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061188/; classtype:trojan-activity;sid:83924288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061189)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.inspiring-ride.37-221-67-60.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061189/; classtype:trojan-activity;sid:83924289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061183)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"auth-idclient.37-221-67-60.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061183/; classtype:trojan-activity;sid:83924283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061184)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.espace-auth.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061184/; classtype:trojan-activity;sid:83924284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061178)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"happy-heisenberg.37-221-67-60.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061178/; classtype:trojan-activity;sid:83924278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061179)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.locale.37-221-67-60.plesk.page"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061179/; classtype:trojan-activity;sid:83924279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061180)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.locale.37-221-67-60.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061180/; classtype:trojan-activity;sid:83924280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061181)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.manager.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061181/; classtype:trojan-activity;sid:83924281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061182)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.manager.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061182/; classtype:trojan-activity;sid:83924282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061174)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.sparc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"webmail.gestion.transaction.37-221-67-60.plesk.page"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061174/; classtype:trojan-activity;sid:83924274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061175)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.espace-auth.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061175/; classtype:trojan-activity;sid:83924275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061176)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"gestion-client.37-221-67-60.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061176/; classtype:trojan-activity;sid:83924276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061177)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.manager.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061177/; classtype:trojan-activity;sid:83924277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061172)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.auth-idclient.37-221-67-60.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061172/; classtype:trojan-activity;sid:83924272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061173)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"webmail.locale.37-221-67-60.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061173/; classtype:trojan-activity;sid:83924273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061168)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"awesome-shirley.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061168/; classtype:trojan-activity;sid:83924268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061169)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.gestion.transaction.37-221-67-60.plesk.page"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061169/; classtype:trojan-activity;sid:83924269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061170)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"gestion-client.37-221-67-60.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061170/; classtype:trojan-activity;sid:83924270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061171)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.sparc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.espace-auth.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061171/; classtype:trojan-activity;sid:83924271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061161)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"webmail.gestion.transaction.37-221-67-60.plesk.page"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061161/; classtype:trojan-activity;sid:83924261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061162)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.gestion-client.37-221-67-60.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061162/; classtype:trojan-activity;sid:83924262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061163)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"happy-heisenberg.37-221-67-60.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061163/; classtype:trojan-activity;sid:83924263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061164)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.inspiring-ride.37-221-67-60.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061164/; classtype:trojan-activity;sid:83924264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061165)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.espace-auth.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061165/; classtype:trojan-activity;sid:83924265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061166)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.sparc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"gestion.transaction.37-221-67-60.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061166/; classtype:trojan-activity;sid:83924266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061167)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.auth-idclient.37-221-67-60.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061167/; classtype:trojan-activity;sid:83924267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061159)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.manager.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061159/; classtype:trojan-activity;sid:83924259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061160)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.sparc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"webmail.auth-idclient.37-221-67-60.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061160/; classtype:trojan-activity;sid:83924260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061153)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.espace-auth.37-221-67-60.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061153/; classtype:trojan-activity;sid:83924253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061154)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"fervent-kilby.37-221-67-60.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061154/; classtype:trojan-activity;sid:83924254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061155)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"espace-auth.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061155/; classtype:trojan-activity;sid:83924255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061156)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.auth-idclient.37-221-67-60.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061156/; classtype:trojan-activity;sid:83924256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061157)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.locale.37-221-67-60.plesk.page"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061157/; classtype:trojan-activity;sid:83924257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061158)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"awesome-shirley.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061158/; classtype:trojan-activity;sid:83924258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061150)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"locale.37-221-67-60.plesk.page"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061150/; classtype:trojan-activity;sid:83924250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061151)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.espace-auth.37-221-67-60.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061151/; classtype:trojan-activity;sid:83924251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061152)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.inspiring-ride.37-221-67-60.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061152/; classtype:trojan-activity;sid:83924252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061147)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"locale.37-221-67-60.plesk.page"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061147/; classtype:trojan-activity;sid:83924247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061148)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"happy-heisenberg.37-221-67-60.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061148/; classtype:trojan-activity;sid:83924248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061149)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"espace-auth.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061149/; classtype:trojan-activity;sid:83924249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061143)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.auth-idclient.37-221-67-60.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061143/; classtype:trojan-activity;sid:83924243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061144)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.gestion.transaction.37-221-67-60.plesk.page"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061144/; classtype:trojan-activity;sid:83924244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061145)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"locale.37-221-67-60.plesk.page"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061145/; classtype:trojan-activity;sid:83924245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061146)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"espace-auth.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061146/; classtype:trojan-activity;sid:83924246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061139)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.happy-heisenberg.37-221-67-60.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061139/; classtype:trojan-activity;sid:83924239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061140)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"webmail.gestion.transaction.37-221-67-60.plesk.page"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061140/; classtype:trojan-activity;sid:83924240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061141)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"webmail.manager.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061141/; classtype:trojan-activity;sid:83924241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061142)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.locale.37-221-67-60.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061142/; classtype:trojan-activity;sid:83924242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061134)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"locale.37-221-67-60.plesk.page"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061134/; classtype:trojan-activity;sid:83924234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061135)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"locale.37-221-67-60.plesk.page"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061135/; classtype:trojan-activity;sid:83924235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061136)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.happy-heisenberg.37-221-67-60.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061136/; classtype:trojan-activity;sid:83924236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061137)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.sparc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.inspiring-ride.37-221-67-60.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061137/; classtype:trojan-activity;sid:83924237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061138)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"webmail.gestion-client.37-221-67-60.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061138/; classtype:trojan-activity;sid:83924238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061131)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.sparc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"37-221-67-60.plesk.page"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061131/; classtype:trojan-activity;sid:83924231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061132)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.manager.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061132/; classtype:trojan-activity;sid:83924232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061133)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.sparc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"locale.37-221-67-60.plesk.page"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061133/; classtype:trojan-activity;sid:83924233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061127)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"gestion-client.37-221-67-60.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061127/; classtype:trojan-activity;sid:83924227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061128)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.auth-idclient.37-221-67-60.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061128/; classtype:trojan-activity;sid:83924228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061129)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.124.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061129/; classtype:trojan-activity;sid:83924229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061130)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"fervent-kilby.37-221-67-60.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061130/; classtype:trojan-activity;sid:83924230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061125)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.auth-idclient.37-221-67-60.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061125/; classtype:trojan-activity;sid:83924225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061126)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"fervent-kilby.37-221-67-60.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061126/; classtype:trojan-activity;sid:83924226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061122)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"37-221-67-60.plesk.page"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061122/; classtype:trojan-activity;sid:83924222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061123)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"auth-idclient.37-221-67-60.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061123/; classtype:trojan-activity;sid:83924223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061124)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"fervent-kilby.37-221-67-60.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061124/; classtype:trojan-activity;sid:83924224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061118)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"37-221-67-60.plesk.page"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061118/; classtype:trojan-activity;sid:83924218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061119)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.gestion-client.37-221-67-60.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061119/; classtype:trojan-activity;sid:83924219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061120)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"gestion.transaction.37-221-67-60.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061120/; classtype:trojan-activity;sid:83924220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061121)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.gestion-client.37-221-67-60.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061121/; classtype:trojan-activity;sid:83924221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.42.47.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061113/; classtype:trojan-activity;sid:83924213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061114)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"fervent-kilby.37-221-67-60.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061114/; classtype:trojan-activity;sid:83924214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061115)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"intelligent-varahamihira.37-221-67-60.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061115/; classtype:trojan-activity;sid:83924215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061116)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"intelligent-varahamihira.37-221-67-60.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061116/; classtype:trojan-activity;sid:83924216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061117)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"37-221-67-60.plesk.page"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061117/; classtype:trojan-activity;sid:83924217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061110)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.sparc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"auth-idclient.37-221-67-60.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061110/; classtype:trojan-activity;sid:83924210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061111)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.sparc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"intelligent-varahamihira.37-221-67-60.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061111/; classtype:trojan-activity;sid:83924211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061112)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.locale.37-221-67-60.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061112/; classtype:trojan-activity;sid:83924212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.252.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061109/; classtype:trojan-activity;sid:83924209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.180.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061108/; classtype:trojan-activity;sid:83924208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.12.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061106/; classtype:trojan-activity;sid:83924206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.230.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061107/; classtype:trojan-activity;sid:83924207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.38.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061105/; classtype:trojan-activity;sid:83924205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.119.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061104/; classtype:trojan-activity;sid:83924204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061103)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.53.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061103/; classtype:trojan-activity;sid:83924203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061099)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"transaction.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061099/; classtype:trojan-activity;sid:83924199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061100)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"webmail.floride.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061100/; classtype:trojan-activity;sid:83924200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061101)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"transaction.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061101/; classtype:trojan-activity;sid:83924201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061102)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.floride.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061102/; classtype:trojan-activity;sid:83924202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061088)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"floride.37-221-67-60.plesk.page"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061088/; classtype:trojan-activity;sid:83924188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061089)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"floride.37-221-67-60.plesk.page"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061089/; classtype:trojan-activity;sid:83924189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061090)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"floride.37-221-67-60.plesk.page"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061090/; classtype:trojan-activity;sid:83924190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061091)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.sparc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"floride.37-221-67-60.plesk.page"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061091/; classtype:trojan-activity;sid:83924191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061092)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"transaction.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061092/; classtype:trojan-activity;sid:83924192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061093)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"transaction.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061093/; classtype:trojan-activity;sid:83924193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061094)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.floride.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061094/; classtype:trojan-activity;sid:83924194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061095)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"transaction.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061095/; classtype:trojan-activity;sid:83924195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061096)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.floride.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061096/; classtype:trojan-activity;sid:83924196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061097)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"floride.37-221-67-60.plesk.page"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061097/; classtype:trojan-activity;sid:83924197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061098)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.sparc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"transaction.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061098/; classtype:trojan-activity;sid:83924198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061082)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.sparc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"webmail.floride.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061082/; classtype:trojan-activity;sid:83924182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061083)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"floride.37-221-67-60.plesk.page"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061083/; classtype:trojan-activity;sid:83924183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061084)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.floride.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061084/; classtype:trojan-activity;sid:83924184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061085)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"transaction.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061085/; classtype:trojan-activity;sid:83924185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061086)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"transaction.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061086/; classtype:trojan-activity;sid:83924186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061087)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.floride.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061087/; classtype:trojan-activity;sid:83924187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061079)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"webmail.floride.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061079/; classtype:trojan-activity;sid:83924179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061080)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"floride.37-221-67-60.plesk.page"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061080/; classtype:trojan-activity;sid:83924180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061081)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"floride.37-221-67-60.plesk.page"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061081/; classtype:trojan-activity;sid:83924181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.83.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061078/; classtype:trojan-activity;sid:83924178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.167.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061070/; classtype:trojan-activity;sid:83924170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061071)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.floride.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061071/; classtype:trojan-activity;sid:83924171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061072)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.floride.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061072/; classtype:trojan-activity;sid:83924172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061073)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.floride.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061073/; classtype:trojan-activity;sid:83924173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061074)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.floride.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061074/; classtype:trojan-activity;sid:83924174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061075)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.floride.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061075/; classtype:trojan-activity;sid:83924175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061076)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.floride.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061076/; classtype:trojan-activity;sid:83924176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061077)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.floride.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061077/; classtype:trojan-activity;sid:83924177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061069)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.sparc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.floride.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061069/; classtype:trojan-activity;sid:83924169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061068)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.gestion-client.37-221-67-60.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061068/; classtype:trojan-activity;sid:83924168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061059)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.floride.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061059/; classtype:trojan-activity;sid:83924159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061060)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.auth-idclient.37-221-67-60.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061060/; classtype:trojan-activity;sid:83924160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061061)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"gestion-client.37-221-67-60.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061061/; classtype:trojan-activity;sid:83924161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061062)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.happy-heisenberg.37-221-67-60.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061062/; classtype:trojan-activity;sid:83924162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061063)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.manager.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061063/; classtype:trojan-activity;sid:83924163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061064)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.locale.37-221-67-60.plesk.page"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061064/; classtype:trojan-activity;sid:83924164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061065)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.manager.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061065/; classtype:trojan-activity;sid:83924165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061066)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.espace-auth.37-221-67-60.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061066/; classtype:trojan-activity;sid:83924166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061067)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"intelligent-varahamihira.37-221-67-60.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061067/; classtype:trojan-activity;sid:83924167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061055)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.auth-idclient.37-221-67-60.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061055/; classtype:trojan-activity;sid:83924155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061056)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.inspiring-ride.37-221-67-60.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061056/; classtype:trojan-activity;sid:83924156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061057)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.locale.37-221-67-60.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061057/; classtype:trojan-activity;sid:83924157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061058)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"webmail.gestion.transaction.37-221-67-60.plesk.page"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061058/; classtype:trojan-activity;sid:83924158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061051)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"espace-auth.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061051/; classtype:trojan-activity;sid:83924151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061052)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"happy-heisenberg.37-221-67-60.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061052/; classtype:trojan-activity;sid:83924152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061053)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"auth-idclient.37-221-67-60.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061053/; classtype:trojan-activity;sid:83924153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061054)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.floride.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061054/; classtype:trojan-activity;sid:83924154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061043)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"transaction.37-221-67-60.plesk.page"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061043/; classtype:trojan-activity;sid:83924143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061044)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"locale.37-221-67-60.plesk.page"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061044/; classtype:trojan-activity;sid:83924144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061045)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"awesome-shirley.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061045/; classtype:trojan-activity;sid:83924145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061046)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"fervent-kilby.37-221-67-60.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061046/; classtype:trojan-activity;sid:83924146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061047)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"inspiring-ride.37-221-67-60.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061047/; classtype:trojan-activity;sid:83924147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061048)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"floride.37-221-67-60.plesk.page"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061048/; classtype:trojan-activity;sid:83924148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061049)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.espace-auth.37-221-67-60.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061049/; classtype:trojan-activity;sid:83924149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061050)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"gestion.transaction.37-221-67-60.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061050/; classtype:trojan-activity;sid:83924150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061042)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"manager.37-221-67-60.plesk.page"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061042/; classtype:trojan-activity;sid:83924142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.212.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061041/; classtype:trojan-activity;sid:83924141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061040)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"37-221-67-60.plesk.page"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061040/; classtype:trojan-activity;sid:83924140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.170.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061039/; classtype:trojan-activity;sid:83924139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061037)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.145.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061037/; classtype:trojan-activity;sid:83924137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.91.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061038/; classtype:trojan-activity;sid:83924138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.11.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061035/; classtype:trojan-activity;sid:83924135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.49.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061036/; classtype:trojan-activity;sid:83924136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061034)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sim.viewdocsfile.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061034/; classtype:trojan-activity;sid:83924134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061033)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.98.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061033/; classtype:trojan-activity;sid:83924133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.109.149.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061032/; classtype:trojan-activity;sid:83924132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.253.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061031/; classtype:trojan-activity;sid:83924131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061030)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"sim.viewdocsfile.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061030/; classtype:trojan-activity;sid:83924130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061029)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sim.viewdocsfile.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061029/; classtype:trojan-activity;sid:83924129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.13.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061027/; classtype:trojan-activity;sid:83924127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061028)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sim.viewdocsfile.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061028/; classtype:trojan-activity;sid:83924128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061024)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sim.viewdocsfile.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061024/; classtype:trojan-activity;sid:83924124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061025)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sim.viewdocsfile.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061025/; classtype:trojan-activity;sid:83924125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061026)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"sim.viewdocsfile.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061026/; classtype:trojan-activity;sid:83924126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061020)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"sim.viewdocsfile.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061020/; classtype:trojan-activity;sid:83924120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061021)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"sim.viewdocsfile.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061021/; classtype:trojan-activity;sid:83924121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061022)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"sim.viewdocsfile.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061022/; classtype:trojan-activity;sid:83924122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061023)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"sim.viewdocsfile.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061023/; classtype:trojan-activity;sid:83924123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061013)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"sim.viewdocsfile.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061013/; classtype:trojan-activity;sid:83924113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061014)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"sim.viewdocsfile.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061014/; classtype:trojan-activity;sid:83924114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061015)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sim.viewdocsfile.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061015/; classtype:trojan-activity;sid:83924115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061016)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"sim.viewdocsfile.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061016/; classtype:trojan-activity;sid:83924116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061017)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"sim.viewdocsfile.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061017/; classtype:trojan-activity;sid:83924117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061018)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"sim.viewdocsfile.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061018/; classtype:trojan-activity;sid:83924118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061019)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"sim.viewdocsfile.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061019/; classtype:trojan-activity;sid:83924119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.134.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061002/; classtype:trojan-activity;sid:83924102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061003)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sim.viewdocsfile.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061003/; classtype:trojan-activity;sid:83924103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061004)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"sim.viewdocsfile.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061004/; classtype:trojan-activity;sid:83924104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.97.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061005/; classtype:trojan-activity;sid:83924105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061006)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"sim.viewdocsfile.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061006/; classtype:trojan-activity;sid:83924106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061007)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"sim.viewdocsfile.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061007/; classtype:trojan-activity;sid:83924107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061008)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"sim.viewdocsfile.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061008/; classtype:trojan-activity;sid:83924108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061009)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sim.viewdocsfile.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061009/; classtype:trojan-activity;sid:83924109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061010)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sim.viewdocsfile.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061010/; classtype:trojan-activity;sid:83924110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061011)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"sim.viewdocsfile.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061011/; classtype:trojan-activity;sid:83924111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061012)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"sim.viewdocsfile.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061012/; classtype:trojan-activity;sid:83924112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061000)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"sim.viewdocsfile.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061000/; classtype:trojan-activity;sid:83924100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3061001)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"sim.viewdocsfile.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3061001/; classtype:trojan-activity;sid:83924101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.116.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060999/; classtype:trojan-activity;sid:83924099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.178.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060998/; classtype:trojan-activity;sid:83924098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.41.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060997/; classtype:trojan-activity;sid:83924097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.252.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060996/; classtype:trojan-activity;sid:83924096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.50.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060985/; classtype:trojan-activity;sid:83924085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.131.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060984/; classtype:trojan-activity;sid:83924084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060978)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arc"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"lkq.cyberspeed.baby"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060978/; classtype:trojan-activity;sid:83924078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060979)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.m68k"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"lkq.cyberspeed.baby"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060979/; classtype:trojan-activity;sid:83924079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060980)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm5"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"lkq.cyberspeed.baby"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060980/; classtype:trojan-activity;sid:83924080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060981)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm6"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"lkq.cyberspeed.baby"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060981/; classtype:trojan-activity;sid:83924081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060982)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.i686"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"lkq.cyberspeed.baby"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060982/; classtype:trojan-activity;sid:83924082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060983)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"lkq.cyberspeed.baby"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060983/; classtype:trojan-activity;sid:83924083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.12.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060977/; classtype:trojan-activity;sid:83924077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060970)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm7"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"xjp.cyberspeed.baby"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060970/; classtype:trojan-activity;sid:83924070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060971)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm6"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"xjp.cyberspeed.baby"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060971/; classtype:trojan-activity;sid:83924071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060972)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm7"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"lkq.cyberspeed.baby"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060972/; classtype:trojan-activity;sid:83924072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060973)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"xjp.cyberspeed.baby"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060973/; classtype:trojan-activity;sid:83924073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060974)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"lkq.cyberspeed.baby"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060974/; classtype:trojan-activity;sid:83924074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060975)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"xjp.cyberspeed.baby"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060975/; classtype:trojan-activity;sid:83924075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060976)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.i686"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"xjp.cyberspeed.baby"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060976/; classtype:trojan-activity;sid:83924076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060960)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.spc"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"lkq.cyberspeed.baby"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060960/; classtype:trojan-activity;sid:83924060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060961)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mpsl"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"xjp.cyberspeed.baby"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060961/; classtype:trojan-activity;sid:83924061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060962)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.spc"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"xjp.cyberspeed.baby"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060962/; classtype:trojan-activity;sid:83924062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060963)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm5"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"xjp.cyberspeed.baby"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060963/; classtype:trojan-activity;sid:83924063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060964)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.m68k"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"xjp.cyberspeed.baby"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060964/; classtype:trojan-activity;sid:83924064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060965)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mpsl"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"lkq.cyberspeed.baby"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060965/; classtype:trojan-activity;sid:83924065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060966)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.sh4"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"lkq.cyberspeed.baby"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060966/; classtype:trojan-activity;sid:83924066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060967)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.sh4"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"xjp.cyberspeed.baby"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060967/; classtype:trojan-activity;sid:83924067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060968)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arc"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"xjp.cyberspeed.baby"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060968/; classtype:trojan-activity;sid:83924068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.149.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060969/; classtype:trojan-activity;sid:83924069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060959)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.63.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060959/; classtype:trojan-activity;sid:83924059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.45.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060956/; classtype:trojan-activity;sid:83924056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060957)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.36.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060957/; classtype:trojan-activity;sid:83924057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060958)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.213.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060958/; classtype:trojan-activity;sid:83924058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060954)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cnc.pr333.ggm.kr"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060954/; classtype:trojan-activity;sid:83924054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060955)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cnc.pr333.ggm.kr"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060955/; classtype:trojan-activity;sid:83924055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060953)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cnc.pr333.ggm.kr"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060953/; classtype:trojan-activity;sid:83924053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060948)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cnc.pr333.ggm.kr"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060948/; classtype:trojan-activity;sid:83924048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060949)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cnc.pr333.ggm.kr"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060949/; classtype:trojan-activity;sid:83924049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060950)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cnc.pr333.ggm.kr"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060950/; classtype:trojan-activity;sid:83924050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060951)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cnc.pr333.ggm.kr"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060951/; classtype:trojan-activity;sid:83924051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060952)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cnc.pr333.ggm.kr"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060952/; classtype:trojan-activity;sid:83924052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060945)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cnc.pr333.ggm.kr"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060945/; classtype:trojan-activity;sid:83924045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060946)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cnc.pr333.ggm.kr"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060946/; classtype:trojan-activity;sid:83924046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060947)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cnc.pr333.ggm.kr"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060947/; classtype:trojan-activity;sid:83924047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.15.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060944/; classtype:trojan-activity;sid:83924044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.74.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060943/; classtype:trojan-activity;sid:83924043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.216.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060942/; classtype:trojan-activity;sid:83924042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.42.47.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060941/; classtype:trojan-activity;sid:83924041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060940)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.170.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060940/; classtype:trojan-activity;sid:83924040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.11.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060939/; classtype:trojan-activity;sid:83924039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060938)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.214.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060938/; classtype:trojan-activity;sid:83924038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060937)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.219.13.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060937/; classtype:trojan-activity;sid:83924037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.13.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060936/; classtype:trojan-activity;sid:83924036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060935)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.39.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060935/; classtype:trojan-activity;sid:83924035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.49.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060934/; classtype:trojan-activity;sid:83924034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.252.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060933/; classtype:trojan-activity;sid:83924033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.116.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060932/; classtype:trojan-activity;sid:83924032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.182.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060931/; classtype:trojan-activity;sid:83924031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.158.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060930/; classtype:trojan-activity;sid:83924030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.67.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060929/; classtype:trojan-activity;sid:83924029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.149.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060928/; classtype:trojan-activity;sid:83924028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.62.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060927/; classtype:trojan-activity;sid:83924027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.32.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060926/; classtype:trojan-activity;sid:83924026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060925)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.197.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060925/; classtype:trojan-activity;sid:83924025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.177.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060924/; classtype:trojan-activity;sid:83924024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060922)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.221.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060922/; classtype:trojan-activity;sid:83924022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.217.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060923/; classtype:trojan-activity;sid:83924023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060921)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.230.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060921/; classtype:trojan-activity;sid:83924021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.67.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060920/; classtype:trojan-activity;sid:83924020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.233.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060919/; classtype:trojan-activity;sid:83924019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.74.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060918/; classtype:trojan-activity;sid:83924018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.116.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060916/; classtype:trojan-activity;sid:83924016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.175.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060917/; classtype:trojan-activity;sid:83924017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.216.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060915/; classtype:trojan-activity;sid:83924015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.233.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060914/; classtype:trojan-activity;sid:83924014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060913)"; flow:established,from_client; content:"GET"; http_method; content:"/doc869877400_678972482|3f|hash=bxesveaulimong9apuvzzqb5sjhiw7mhux9bzu22eat|7c|26|7c|dl=y640nlvxuphmcq2lkrz2mea3wtnhkod8uusn9s6sre0|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060913/; classtype:trojan-activity;sid:83924013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.101.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060912/; classtype:trojan-activity;sid:83924012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.196.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060911/; classtype:trojan-activity;sid:83924011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060910)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.73.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060910/; classtype:trojan-activity;sid:83924010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.18.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060909/; classtype:trojan-activity;sid:83924009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.244.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060908/; classtype:trojan-activity;sid:83924008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.15.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060907/; classtype:trojan-activity;sid:83924007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.138.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060906/; classtype:trojan-activity;sid:83924006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.219.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060905/; classtype:trojan-activity;sid:83924005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.152.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060904/; classtype:trojan-activity;sid:83924004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.32.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060903/; classtype:trojan-activity;sid:83924003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.177.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060902/; classtype:trojan-activity;sid:83924002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060901)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.148.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060901/; classtype:trojan-activity;sid:83924001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.9.145"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060900/; classtype:trojan-activity;sid:83924000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.116.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060899/; classtype:trojan-activity;sid:83923999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.175.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060898/; classtype:trojan-activity;sid:83923998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.98.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060897/; classtype:trojan-activity;sid:83923997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.166.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060896/; classtype:trojan-activity;sid:83923996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.101.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060895/; classtype:trojan-activity;sid:83923995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.37.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060894/; classtype:trojan-activity;sid:83923994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.66.76.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060893/; classtype:trojan-activity;sid:83923993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.223.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060892/; classtype:trojan-activity;sid:83923992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060891)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.117.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060891/; classtype:trojan-activity;sid:83923991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060890)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.6.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060890/; classtype:trojan-activity;sid:83923990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.178.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060889/; classtype:trojan-activity;sid:83923989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.138.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060888/; classtype:trojan-activity;sid:83923988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.152.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060887/; classtype:trojan-activity;sid:83923987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.9.145"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060886/; classtype:trojan-activity;sid:83923986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060885)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.249.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060885/; classtype:trojan-activity;sid:83923985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060884)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060884/; classtype:trojan-activity;sid:83923984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.254.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060883/; classtype:trojan-activity;sid:83923983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060882)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.127.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060882/; classtype:trojan-activity;sid:83923982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060880)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.183.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060880/; classtype:trojan-activity;sid:83923980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060881)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.29.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060881/; classtype:trojan-activity;sid:83923981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060878)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.161.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060878/; classtype:trojan-activity;sid:83923978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060879)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.144.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060879/; classtype:trojan-activity;sid:83923979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060877)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.4.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060877/; classtype:trojan-activity;sid:83923977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.81.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060875/; classtype:trojan-activity;sid:83923975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060876)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.15.8.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060876/; classtype:trojan-activity;sid:83923976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.98.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060874/; classtype:trojan-activity;sid:83923974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060873)"; flow:established,from_client; content:"GET"; http_method; content:"/doc869877400_678974076|3f|hash=yb8tek8nsfnncobuwxhkvaetz1khfkhzbdqip7s01be|7c|26|7c|dl=mhhbkrqyi5quk3azavxqb54uego3uzsndmrd3vcuddg|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060873/; classtype:trojan-activity;sid:83923973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060872/; classtype:trojan-activity;sid:83923972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.223.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060871/; classtype:trojan-activity;sid:83923971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.175.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060870/; classtype:trojan-activity;sid:83923970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.214.15.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060869/; classtype:trojan-activity;sid:83923969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.37.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060868/; classtype:trojan-activity;sid:83923968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060867)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.88.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060867/; classtype:trojan-activity;sid:83923967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.113.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060865/; classtype:trojan-activity;sid:83923965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060866)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.132.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060866/; classtype:trojan-activity;sid:83923966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.65.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060864/; classtype:trojan-activity;sid:83923964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.114.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060863/; classtype:trojan-activity;sid:83923963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.229.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060862/; classtype:trojan-activity;sid:83923962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.178.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060861/; classtype:trojan-activity;sid:83923961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.51.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060859/; classtype:trojan-activity;sid:83923959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.251.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060860/; classtype:trojan-activity;sid:83923960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.8.12"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060858/; classtype:trojan-activity;sid:83923958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.216.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060857/; classtype:trojan-activity;sid:83923957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.38.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060856/; classtype:trojan-activity;sid:83923956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.151.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060855/; classtype:trojan-activity;sid:83923955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060853)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.117.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060853/; classtype:trojan-activity;sid:83923953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.134.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060854/; classtype:trojan-activity;sid:83923954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060852)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.32.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060852/; classtype:trojan-activity;sid:83923952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060851)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.225.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060851/; classtype:trojan-activity;sid:83923951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060850)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.127.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060850/; classtype:trojan-activity;sid:83923950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060848)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.68.162.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060848/; classtype:trojan-activity;sid:83923948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060849)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.62.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060849/; classtype:trojan-activity;sid:83923949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.210.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060847/; classtype:trojan-activity;sid:83923947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.212.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060846/; classtype:trojan-activity;sid:83923946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.175.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060845/; classtype:trojan-activity;sid:83923945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060844)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.31.72.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060844/; classtype:trojan-activity;sid:83923944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.81.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060842/; classtype:trojan-activity;sid:83923942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.185.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060843/; classtype:trojan-activity;sid:83923943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.132.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060841/; classtype:trojan-activity;sid:83923941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.22.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060840/; classtype:trojan-activity;sid:83923940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.179.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060839/; classtype:trojan-activity;sid:83923939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060838)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.178.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060838/; classtype:trojan-activity;sid:83923938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.163.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060837/; classtype:trojan-activity;sid:83923937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.191.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060836/; classtype:trojan-activity;sid:83923936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060834)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.9.120.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060834/; classtype:trojan-activity;sid:83923934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060835)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.56.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060835/; classtype:trojan-activity;sid:83923935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060833)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.33.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060833/; classtype:trojan-activity;sid:83923933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.218.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060831/; classtype:trojan-activity;sid:83923931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.112.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060832/; classtype:trojan-activity;sid:83923932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.8.12"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060830/; classtype:trojan-activity;sid:83923930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.51.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060828/; classtype:trojan-activity;sid:83923928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.166.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060829/; classtype:trojan-activity;sid:83923929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.36.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060826/; classtype:trojan-activity;sid:83923926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.229.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060827/; classtype:trojan-activity;sid:83923927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.67.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060825/; classtype:trojan-activity;sid:83923925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.151.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060824/; classtype:trojan-activity;sid:83923924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060823)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.183.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060823/; classtype:trojan-activity;sid:83923923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060822)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.71.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060822/; classtype:trojan-activity;sid:83923922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.14.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060821/; classtype:trojan-activity;sid:83923921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.210.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060820/; classtype:trojan-activity;sid:83923920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.163.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060819/; classtype:trojan-activity;sid:83923919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.38.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060818/; classtype:trojan-activity;sid:83923918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.84.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060817/; classtype:trojan-activity;sid:83923917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.212.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060816/; classtype:trojan-activity;sid:83923916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060815)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.132.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060815/; classtype:trojan-activity;sid:83923915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.22.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060814/; classtype:trojan-activity;sid:83923914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.247.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060813/; classtype:trojan-activity;sid:83923913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060812)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.194.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060812/; classtype:trojan-activity;sid:83923912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.133.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060811/; classtype:trojan-activity;sid:83923911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.150.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060810/; classtype:trojan-activity;sid:83923910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060809)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.170.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060809/; classtype:trojan-activity;sid:83923909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060807)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.176.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060807/; classtype:trojan-activity;sid:83923907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060808)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.249.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060808/; classtype:trojan-activity;sid:83923908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.200.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060806/; classtype:trojan-activity;sid:83923906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.218.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060805/; classtype:trojan-activity;sid:83923905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.36.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060803/; classtype:trojan-activity;sid:83923903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060804/; classtype:trojan-activity;sid:83923904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.209.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060802/; classtype:trojan-activity;sid:83923902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.177.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060801/; classtype:trojan-activity;sid:83923901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.60.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060800/; classtype:trojan-activity;sid:83923900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.57.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060797/; classtype:trojan-activity;sid:83923897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.201.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060798/; classtype:trojan-activity;sid:83923898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.43.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060799/; classtype:trojan-activity;sid:83923899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060796)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.210.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060796/; classtype:trojan-activity;sid:83923896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.94.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060795/; classtype:trojan-activity;sid:83923895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.82.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060794/; classtype:trojan-activity;sid:83923894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060793)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.55.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060793/; classtype:trojan-activity;sid:83923893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060792)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.79.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060792/; classtype:trojan-activity;sid:83923892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.149.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060791/; classtype:trojan-activity;sid:83923891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.66.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060790/; classtype:trojan-activity;sid:83923890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.175.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060788/; classtype:trojan-activity;sid:83923888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.84.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060789/; classtype:trojan-activity;sid:83923889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.6.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060787/; classtype:trojan-activity;sid:83923887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.93.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060786/; classtype:trojan-activity;sid:83923886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.218.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060785/; classtype:trojan-activity;sid:83923885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.68.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060784/; classtype:trojan-activity;sid:83923884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.11.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060783/; classtype:trojan-activity;sid:83923883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.55.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060782/; classtype:trojan-activity;sid:83923882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.88.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060780/; classtype:trojan-activity;sid:83923880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.89.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060781/; classtype:trojan-activity;sid:83923881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.127.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060779/; classtype:trojan-activity;sid:83923879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.77.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060778/; classtype:trojan-activity;sid:83923878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.247.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060777/; classtype:trojan-activity;sid:83923877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.22.110.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060776/; classtype:trojan-activity;sid:83923876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.66.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060775/; classtype:trojan-activity;sid:83923875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.34.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060774/; classtype:trojan-activity;sid:83923874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.242.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060773/; classtype:trojan-activity;sid:83923873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.187.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060772/; classtype:trojan-activity;sid:83923872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060771)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.86.246.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060771/; classtype:trojan-activity;sid:83923871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060770)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.191.82.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060770/; classtype:trojan-activity;sid:83923870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.242.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060769/; classtype:trojan-activity;sid:83923869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060768/; classtype:trojan-activity;sid:83923868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.201.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060767/; classtype:trojan-activity;sid:83923867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.82.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060766/; classtype:trojan-activity;sid:83923866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.94.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060764/; classtype:trojan-activity;sid:83923864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.206.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060765/; classtype:trojan-activity;sid:83923865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.118.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060763/; classtype:trojan-activity;sid:83923863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.5.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060762/; classtype:trojan-activity;sid:83923862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.254.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060761/; classtype:trojan-activity;sid:83923861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060760)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.11.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060760/; classtype:trojan-activity;sid:83923860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060759)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.189.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060759/; classtype:trojan-activity;sid:83923859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.149.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060758/; classtype:trojan-activity;sid:83923858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060757)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060757/; classtype:trojan-activity;sid:83923857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060756)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.156.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060756/; classtype:trojan-activity;sid:83923856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.93.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060754/; classtype:trojan-activity;sid:83923854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.18.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060755/; classtype:trojan-activity;sid:83923855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.57.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060753/; classtype:trojan-activity;sid:83923853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.88.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060752/; classtype:trojan-activity;sid:83923852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.186.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060751/; classtype:trojan-activity;sid:83923851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.102.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060750/; classtype:trojan-activity;sid:83923850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.242.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060749/; classtype:trojan-activity;sid:83923849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060747/; classtype:trojan-activity;sid:83923847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.223.143.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060748/; classtype:trojan-activity;sid:83923848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.223.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060746/; classtype:trojan-activity;sid:83923846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.34.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060745/; classtype:trojan-activity;sid:83923845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.243.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060744/; classtype:trojan-activity;sid:83923844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.238.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060743/; classtype:trojan-activity;sid:83923843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.209.113.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060741/; classtype:trojan-activity;sid:83923841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060742)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.105.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060742/; classtype:trojan-activity;sid:83923842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.122.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060740/; classtype:trojan-activity;sid:83923840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.164.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060739/; classtype:trojan-activity;sid:83923839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.218.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060738/; classtype:trojan-activity;sid:83923838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.134.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060737/; classtype:trojan-activity;sid:83923837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.82.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060736/; classtype:trojan-activity;sid:83923836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.102.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060735/; classtype:trojan-activity;sid:83923835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.186.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060734/; classtype:trojan-activity;sid:83923834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.39.19.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060733/; classtype:trojan-activity;sid:83923833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.156.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060732/; classtype:trojan-activity;sid:83923832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.223.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060731/; classtype:trojan-activity;sid:83923831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.6.88.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060730/; classtype:trojan-activity;sid:83923830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.249.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060729/; classtype:trojan-activity;sid:83923829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.171.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060728/; classtype:trojan-activity;sid:83923828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.171.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060726/; classtype:trojan-activity;sid:83923826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.39.19.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060727/; classtype:trojan-activity;sid:83923827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.242.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060725/; classtype:trojan-activity;sid:83923825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.206.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060724/; classtype:trojan-activity;sid:83923824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.80.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060723/; classtype:trojan-activity;sid:83923823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.6.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060722/; classtype:trojan-activity;sid:83923822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.80.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060721/; classtype:trojan-activity;sid:83923821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.243.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060720/; classtype:trojan-activity;sid:83923820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.253.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060719/; classtype:trojan-activity;sid:83923819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.77.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060718/; classtype:trojan-activity;sid:83923818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.222.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060717/; classtype:trojan-activity;sid:83923817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060716)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.118.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060716/; classtype:trojan-activity;sid:83923816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.122.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060715/; classtype:trojan-activity;sid:83923815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060714)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.39.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060714/; classtype:trojan-activity;sid:83923814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060713/; classtype:trojan-activity;sid:83923813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.113.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060712/; classtype:trojan-activity;sid:83923812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.134.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060711/; classtype:trojan-activity;sid:83923811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.175.161.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060710/; classtype:trojan-activity;sid:83923810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.15.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060708/; classtype:trojan-activity;sid:83923808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.18.209.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060709/; classtype:trojan-activity;sid:83923809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.6.88.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060707/; classtype:trojan-activity;sid:83923807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.206.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060706/; classtype:trojan-activity;sid:83923806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.18.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060705/; classtype:trojan-activity;sid:83923805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.249.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060704/; classtype:trojan-activity;sid:83923804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.248.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060703/; classtype:trojan-activity;sid:83923803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060702)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.3.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060702/; classtype:trojan-activity;sid:83923802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060701)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.211.10.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060701/; classtype:trojan-activity;sid:83923801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.180.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060700/; classtype:trojan-activity;sid:83923800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060699)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.3.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060699/; classtype:trojan-activity;sid:83923799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060698)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.38.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060698/; classtype:trojan-activity;sid:83923798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060696)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.208.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060696/; classtype:trojan-activity;sid:83923796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060697)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.6.17"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060697/; classtype:trojan-activity;sid:83923797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060695)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.56.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060695/; classtype:trojan-activity;sid:83923795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060694)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060694/; classtype:trojan-activity;sid:83923794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060693)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.122.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060693/; classtype:trojan-activity;sid:83923793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060692)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.152.49.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060692/; classtype:trojan-activity;sid:83923792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.62.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060691/; classtype:trojan-activity;sid:83923791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.139.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060689/; classtype:trojan-activity;sid:83923789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.113.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060690/; classtype:trojan-activity;sid:83923790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060688)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.92.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060688/; classtype:trojan-activity;sid:83923788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.156.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060687/; classtype:trojan-activity;sid:83923787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.18.209.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060686/; classtype:trojan-activity;sid:83923786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.253.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060685/; classtype:trojan-activity;sid:83923785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.119.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060684/; classtype:trojan-activity;sid:83923784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.8.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060683/; classtype:trojan-activity;sid:83923783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.15.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060681/; classtype:trojan-activity;sid:83923781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.38.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060682/; classtype:trojan-activity;sid:83923782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.153.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060680/; classtype:trojan-activity;sid:83923780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.99.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060679/; classtype:trojan-activity;sid:83923779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060678)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.34.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060678/; classtype:trojan-activity;sid:83923778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060677)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.24.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060677/; classtype:trojan-activity;sid:83923777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060675)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.71.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060675/; classtype:trojan-activity;sid:83923775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060676)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.32.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060676/; classtype:trojan-activity;sid:83923776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.153.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060674/; classtype:trojan-activity;sid:83923774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.180.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060673/; classtype:trojan-activity;sid:83923773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.174.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060671/; classtype:trojan-activity;sid:83923771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.113.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060672/; classtype:trojan-activity;sid:83923772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.196.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060670/; classtype:trojan-activity;sid:83923770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.248.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060669/; classtype:trojan-activity;sid:83923769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.242.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060666/; classtype:trojan-activity;sid:83923766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.107.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060667/; classtype:trojan-activity;sid:83923767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.156.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060668/; classtype:trojan-activity;sid:83923768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.113.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060665/; classtype:trojan-activity;sid:83923765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.247.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060664/; classtype:trojan-activity;sid:83923764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.116.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060663/; classtype:trojan-activity;sid:83923763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060662)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.213.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060662/; classtype:trojan-activity;sid:83923762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.139.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060661/; classtype:trojan-activity;sid:83923761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060660)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.97.7.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060660/; classtype:trojan-activity;sid:83923760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.215.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060659/; classtype:trojan-activity;sid:83923759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.62.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060658/; classtype:trojan-activity;sid:83923758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.73.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060657/; classtype:trojan-activity;sid:83923757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.82.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060656/; classtype:trojan-activity;sid:83923756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.247.130.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060655/; classtype:trojan-activity;sid:83923755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.156.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060654/; classtype:trojan-activity;sid:83923754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.53.154.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060653/; classtype:trojan-activity;sid:83923753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.168.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060652/; classtype:trojan-activity;sid:83923752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060651)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.99.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060651/; classtype:trojan-activity;sid:83923751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.89.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060650/; classtype:trojan-activity;sid:83923750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060649)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.213.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060649/; classtype:trojan-activity;sid:83923749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.30.148"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060648/; classtype:trojan-activity;sid:83923748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.67.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060647/; classtype:trojan-activity;sid:83923747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.153.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060646/; classtype:trojan-activity;sid:83923746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060645)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.19.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060645/; classtype:trojan-activity;sid:83923745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060644)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.9.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060644/; classtype:trojan-activity;sid:83923744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.201.139.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060643/; classtype:trojan-activity;sid:83923743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.180.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060641/; classtype:trojan-activity;sid:83923741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.174.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060642/; classtype:trojan-activity;sid:83923742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.67.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060640/; classtype:trojan-activity;sid:83923740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.162.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060638/; classtype:trojan-activity;sid:83923738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.161.61.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060639/; classtype:trojan-activity;sid:83923739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.8.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060637/; classtype:trojan-activity;sid:83923737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.53.154.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060636/; classtype:trojan-activity;sid:83923736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.8.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060634/; classtype:trojan-activity;sid:83923734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.167.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060635/; classtype:trojan-activity;sid:83923735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.87.126.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060633/; classtype:trojan-activity;sid:83923733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060632)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.6.88.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060632/; classtype:trojan-activity;sid:83923732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.116.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060631/; classtype:trojan-activity;sid:83923731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.107.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060629/; classtype:trojan-activity;sid:83923729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060630)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.60.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060630/; classtype:trojan-activity;sid:83923730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.73.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060628/; classtype:trojan-activity;sid:83923728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.57.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060627/; classtype:trojan-activity;sid:83923727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.14.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060626/; classtype:trojan-activity;sid:83923726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.218.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060624/; classtype:trojan-activity;sid:83923724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.36.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060625/; classtype:trojan-activity;sid:83923725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.130.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060623/; classtype:trojan-activity;sid:83923723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.171.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060622/; classtype:trojan-activity;sid:83923722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.160.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060621/; classtype:trojan-activity;sid:83923721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.236.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060620/; classtype:trojan-activity;sid:83923720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.168.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060619/; classtype:trojan-activity;sid:83923719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.213.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060618/; classtype:trojan-activity;sid:83923718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.36.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060617/; classtype:trojan-activity;sid:83923717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.1.247"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060616/; classtype:trojan-activity;sid:83923716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.160.34.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060615/; classtype:trojan-activity;sid:83923715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060614)"; flow:established,from_client; content:"GET"; http_method; content:"/evan9908/setup1/main/file200h.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060614/; classtype:trojan-activity;sid:83923714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.213.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060612/; classtype:trojan-activity;sid:83923712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.67.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060613/; classtype:trojan-activity;sid:83923713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060610)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.250.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060610/; classtype:trojan-activity;sid:83923710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060611)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.127.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060611/; classtype:trojan-activity;sid:83923711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.123.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060609/; classtype:trojan-activity;sid:83923709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.153.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060607/; classtype:trojan-activity;sid:83923707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.212.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060608/; classtype:trojan-activity;sid:83923708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.59.107.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060606/; classtype:trojan-activity;sid:83923706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.166.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060605/; classtype:trojan-activity;sid:83923705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060604)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.161.61.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060604/; classtype:trojan-activity;sid:83923704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.232.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060603/; classtype:trojan-activity;sid:83923703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060602/; classtype:trojan-activity;sid:83923702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.98.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060601/; classtype:trojan-activity;sid:83923701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.174.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060600/; classtype:trojan-activity;sid:83923700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.88.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060599/; classtype:trojan-activity;sid:83923699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.79.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060598/; classtype:trojan-activity;sid:83923698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.53.105.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060597/; classtype:trojan-activity;sid:83923697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.167.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060596/; classtype:trojan-activity;sid:83923696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.146.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060595/; classtype:trojan-activity;sid:83923695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.36.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060594/; classtype:trojan-activity;sid:83923694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.88.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060592/; classtype:trojan-activity;sid:83923692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.57.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060593/; classtype:trojan-activity;sid:83923693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.91.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060591/; classtype:trojan-activity;sid:83923691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.197.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060590/; classtype:trojan-activity;sid:83923690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.218.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060587/; classtype:trojan-activity;sid:83923687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.236.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060588/; classtype:trojan-activity;sid:83923688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.206.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060589/; classtype:trojan-activity;sid:83923689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060586)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.201.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060586/; classtype:trojan-activity;sid:83923686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.87.126.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060585/; classtype:trojan-activity;sid:83923685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.56.2.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060584/; classtype:trojan-activity;sid:83923684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.161.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060583/; classtype:trojan-activity;sid:83923683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.239.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060582/; classtype:trojan-activity;sid:83923682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.1.247"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060581/; classtype:trojan-activity;sid:83923681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.79.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060580/; classtype:trojan-activity;sid:83923680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.237.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060578/; classtype:trojan-activity;sid:83923678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.177.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060579/; classtype:trojan-activity;sid:83923679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.23.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060577/; classtype:trojan-activity;sid:83923677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.160.34.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060576/; classtype:trojan-activity;sid:83923676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.153.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060575/; classtype:trojan-activity;sid:83923675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.213.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060574/; classtype:trojan-activity;sid:83923674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060573)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.127.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060573/; classtype:trojan-activity;sid:83923673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.125.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060572/; classtype:trojan-activity;sid:83923672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060571)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.220.163.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060571/; classtype:trojan-activity;sid:83923671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.146.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060570/; classtype:trojan-activity;sid:83923670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.216.152.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060569/; classtype:trojan-activity;sid:83923669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.187.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060568/; classtype:trojan-activity;sid:83923668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060567/; classtype:trojan-activity;sid:83923667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.98.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060566/; classtype:trojan-activity;sid:83923666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.232.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060565/; classtype:trojan-activity;sid:83923665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.4.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060564/; classtype:trojan-activity;sid:83923664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060563/; classtype:trojan-activity;sid:83923663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.105.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060562/; classtype:trojan-activity;sid:83923662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.253.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060561/; classtype:trojan-activity;sid:83923661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.21.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060560/; classtype:trojan-activity;sid:83923660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.161.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060559/; classtype:trojan-activity;sid:83923659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.239.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060558/; classtype:trojan-activity;sid:83923658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.213.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060557/; classtype:trojan-activity;sid:83923657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.94.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060556/; classtype:trojan-activity;sid:83923656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.209.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060555/; classtype:trojan-activity;sid:83923655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.118.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060554/; classtype:trojan-activity;sid:83923654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.44.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060553/; classtype:trojan-activity;sid:83923653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060551)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.190.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060551/; classtype:trojan-activity;sid:83923651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.2.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060552/; classtype:trojan-activity;sid:83923652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060548)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.61.218.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060548/; classtype:trojan-activity;sid:83923648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.175.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060549/; classtype:trojan-activity;sid:83923649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060550)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.186.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060550/; classtype:trojan-activity;sid:83923650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.31.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060547/; classtype:trojan-activity;sid:83923647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.32.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060546/; classtype:trojan-activity;sid:83923646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.88.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060545/; classtype:trojan-activity;sid:83923645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.206.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060544/; classtype:trojan-activity;sid:83923644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060543)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.182.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060543/; classtype:trojan-activity;sid:83923643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060542/; classtype:trojan-activity;sid:83923642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.81.95"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060532/; classtype:trojan-activity;sid:83923632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimispool.dll"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"mimikatz-tech.stevenyu1132284389.workers.dev"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060527/; classtype:trojan-activity;sid:83923627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilib.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"mimikatz-tech.stevenyu1132284389.workers.dev"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060528/; classtype:trojan-activity;sid:83923628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilib.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"mimikatz-tech.stevenyu1132284389.workers.dev"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060529/; classtype:trojan-activity;sid:83923629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimispool.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"mimikatz-tech.stevenyu1132284389.workers.dev"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060530/; classtype:trojan-activity;sid:83923630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimispool.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"mimikatz-tech.stevenyu1132284389.workers.dev"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060531/; classtype:trojan-activity;sid:83923631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimilib.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mimikatz-tech.stevenyu1132284389.workers.dev"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060523/; classtype:trojan-activity;sid:83923623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilove.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mimikatz-tech.stevenyu1132284389.workers.dev"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060524/; classtype:trojan-activity;sid:83923624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/mimikatz.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"mimikatz-tech.stevenyu1132284389.workers.dev"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060525/; classtype:trojan-activity;sid:83923625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/mimikatz.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"mimikatz-tech.stevenyu1132284389.workers.dev"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060526/; classtype:trojan-activity;sid:83923626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimikatz.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mimikatz-tech.stevenyu1132284389.workers.dev"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060519/; classtype:trojan-activity;sid:83923619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimilib.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mimikatz-tech.stevenyu1132284389.workers.dev"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060520/; classtype:trojan-activity;sid:83923620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimispool.dll"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"mimikatz-tech.stevenyu1132284389.workers.dev"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060521/; classtype:trojan-activity;sid:83923621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilove.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mimikatz-tech.stevenyu1132284389.workers.dev"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060522/; classtype:trojan-activity;sid:83923622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimikatz.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mimikatz-tech.stevenyu1132284389.workers.dev"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060518/; classtype:trojan-activity;sid:83923618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.177.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060517/; classtype:trojan-activity;sid:83923617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimidrv.sys"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"mimikatz-tech.stevenyu1132284389.workers.dev"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060513/; classtype:trojan-activity;sid:83923613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.11.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060514/; classtype:trojan-activity;sid:83923614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimidrv.sys"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"mimikatz-tech.stevenyu1132284389.workers.dev"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060515/; classtype:trojan-activity;sid:83923615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimidrv.sys"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mimikatz-tech.stevenyu1132284389.workers.dev"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060516/; classtype:trojan-activity;sid:83923616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060512)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimidrv.sys"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mimikatz-tech.stevenyu1132284389.workers.dev"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060512/; classtype:trojan-activity;sid:83923612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.171.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060511/; classtype:trojan-activity;sid:83923611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimikatz.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mimikatz.tech"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060510/; classtype:trojan-activity;sid:83923610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilove.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mimikatz.tech"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060502/; classtype:trojan-activity;sid:83923602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060503)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimispool.dll"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"mimikatz.tech"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060503/; classtype:trojan-activity;sid:83923603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimidrv.sys"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mimikatz.tech"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060504/; classtype:trojan-activity;sid:83923604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/mimikatz.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"mimikatz.tech"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060505/; classtype:trojan-activity;sid:83923605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilib.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"mimikatz.tech"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060506/; classtype:trojan-activity;sid:83923606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimispool.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"mimikatz.tech"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060507/; classtype:trojan-activity;sid:83923607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060508)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimilib.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mimikatz.tech"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060508/; classtype:trojan-activity;sid:83923608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimidrv.sys"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"mimikatz.tech"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060509/; classtype:trojan-activity;sid:83923609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.23.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060501/; classtype:trojan-activity;sid:83923601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.117.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060500/; classtype:trojan-activity;sid:83923600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.158.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060499/; classtype:trojan-activity;sid:83923599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060498)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.127.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060498/; classtype:trojan-activity;sid:83923598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.128.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060497/; classtype:trojan-activity;sid:83923597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.187.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060496/; classtype:trojan-activity;sid:83923596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.190.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060494/; classtype:trojan-activity;sid:83923594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.127.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060495/; classtype:trojan-activity;sid:83923595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.84.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060493/; classtype:trojan-activity;sid:83923593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.74.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060492/; classtype:trojan-activity;sid:83923592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.4.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060491/; classtype:trojan-activity;sid:83923591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.189.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060490/; classtype:trojan-activity;sid:83923590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.43.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060489/; classtype:trojan-activity;sid:83923589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060488)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.104.183.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060488/; classtype:trojan-activity;sid:83923588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060487/; classtype:trojan-activity;sid:83923587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.21.156"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060486/; classtype:trojan-activity;sid:83923586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.202.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060485/; classtype:trojan-activity;sid:83923585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.94.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060484/; classtype:trojan-activity;sid:83923584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.63.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060483/; classtype:trojan-activity;sid:83923583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.0.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060481/; classtype:trojan-activity;sid:83923581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.191.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060482/; classtype:trojan-activity;sid:83923582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.177.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060480/; classtype:trojan-activity;sid:83923580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.36.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060479/; classtype:trojan-activity;sid:83923579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.213.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060478/; classtype:trojan-activity;sid:83923578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.53.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060477/; classtype:trojan-activity;sid:83923577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060476)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.53.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060476/; classtype:trojan-activity;sid:83923576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060474)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.18.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060474/; classtype:trojan-activity;sid:83923574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.27.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060475/; classtype:trojan-activity;sid:83923575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.31.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060473/; classtype:trojan-activity;sid:83923573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060472)"; flow:established,from_client; content:"GET"; http_method; content:"/akame.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.150.26.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060472/; classtype:trojan-activity;sid:83923572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.245.158.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060471/; classtype:trojan-activity;sid:83923571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.253.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060470/; classtype:trojan-activity;sid:83923570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.11.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060467/; classtype:trojan-activity;sid:83923567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.51.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060468/; classtype:trojan-activity;sid:83923568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.132.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060469/; classtype:trojan-activity;sid:83923569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.84.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060466/; classtype:trojan-activity;sid:83923566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.220.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060465/; classtype:trojan-activity;sid:83923565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.128.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060464/; classtype:trojan-activity;sid:83923564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.117.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060463/; classtype:trojan-activity;sid:83923563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.190.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060462/; classtype:trojan-activity;sid:83923562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060461)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.184.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060461/; classtype:trojan-activity;sid:83923561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.178.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060460/; classtype:trojan-activity;sid:83923560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.212.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060459/; classtype:trojan-activity;sid:83923559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.43.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060458/; classtype:trojan-activity;sid:83923558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.189.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060457/; classtype:trojan-activity;sid:83923557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.173.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060455/; classtype:trojan-activity;sid:83923555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.63.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060456/; classtype:trojan-activity;sid:83923556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.177.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060454/; classtype:trojan-activity;sid:83923554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.106.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060453/; classtype:trojan-activity;sid:83923553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.76.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060452/; classtype:trojan-activity;sid:83923552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.95.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060451/; classtype:trojan-activity;sid:83923551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.27.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060450/; classtype:trojan-activity;sid:83923550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.138.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060448/; classtype:trojan-activity;sid:83923548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.223.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060449/; classtype:trojan-activity;sid:83923549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.57.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060447/; classtype:trojan-activity;sid:83923547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.30.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060446/; classtype:trojan-activity;sid:83923546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.102.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060445/; classtype:trojan-activity;sid:83923545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060444)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.228.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060444/; classtype:trojan-activity;sid:83923544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060441)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.12.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060441/; classtype:trojan-activity;sid:83923541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060442)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.170.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060442/; classtype:trojan-activity;sid:83923542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060443)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.95.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060443/; classtype:trojan-activity;sid:83923543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060440)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.112.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060440/; classtype:trojan-activity;sid:83923540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060439)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.90.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060439/; classtype:trojan-activity;sid:83923539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060438)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.165.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060438/; classtype:trojan-activity;sid:83923538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060437)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.60.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060437/; classtype:trojan-activity;sid:83923537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060436)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.12.159"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060436/; classtype:trojan-activity;sid:83923536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060435)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.253.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060435/; classtype:trojan-activity;sid:83923535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060434)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.6.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060434/; classtype:trojan-activity;sid:83923534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060433)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.106.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060433/; classtype:trojan-activity;sid:83923533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060432)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.29.133"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060432/; classtype:trojan-activity;sid:83923532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.53.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060431/; classtype:trojan-activity;sid:83923531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.88.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060430/; classtype:trojan-activity;sid:83923530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.253.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060429/; classtype:trojan-activity;sid:83923529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.115.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060428/; classtype:trojan-activity;sid:83923528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.25.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060427/; classtype:trojan-activity;sid:83923527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.204.252.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060423/; classtype:trojan-activity;sid:83923523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.166.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060424/; classtype:trojan-activity;sid:83923524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.51.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060425/; classtype:trojan-activity;sid:83923525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.8.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060426/; classtype:trojan-activity;sid:83923526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.237.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060422/; classtype:trojan-activity;sid:83923522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.88.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060421/; classtype:trojan-activity;sid:83923521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.12.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060420/; classtype:trojan-activity;sid:83923520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.11.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060419/; classtype:trojan-activity;sid:83923519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060418)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.211.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060418/; classtype:trojan-activity;sid:83923518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060417)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.1.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060417/; classtype:trojan-activity;sid:83923517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.96.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060414/; classtype:trojan-activity;sid:83923514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.168.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060415/; classtype:trojan-activity;sid:83923515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.86.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060416/; classtype:trojan-activity;sid:83923516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.176.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060413/; classtype:trojan-activity;sid:83923513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.173.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060410/; classtype:trojan-activity;sid:83923510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.213.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060411/; classtype:trojan-activity;sid:83923511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.184.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060412/; classtype:trojan-activity;sid:83923512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060409)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1b6etw70krbjunvsme7jlxtce5hzmycj6"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060409/; classtype:trojan-activity;sid:83923509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.96.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060407/; classtype:trojan-activity;sid:83923507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.95.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060408/; classtype:trojan-activity;sid:83923508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.138.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060406/; classtype:trojan-activity;sid:83923506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.44.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060405/; classtype:trojan-activity;sid:83923505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.24.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060404/; classtype:trojan-activity;sid:83923504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.106.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060403/; classtype:trojan-activity;sid:83923503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.210.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060402/; classtype:trojan-activity;sid:83923502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.57.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060401/; classtype:trojan-activity;sid:83923501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.39.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060400/; classtype:trojan-activity;sid:83923500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.102.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060399/; classtype:trojan-activity;sid:83923499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.10.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060398/; classtype:trojan-activity;sid:83923498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060388)"; flow:established,from_client; content:"GET"; http_method; content:"/akame.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.150.26.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060388/; classtype:trojan-activity;sid:83923488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060389)"; flow:established,from_client; content:"GET"; http_method; content:"/akame.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.150.26.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060389/; classtype:trojan-activity;sid:83923489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060390)"; flow:established,from_client; content:"GET"; http_method; content:"/akame.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.150.26.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060390/; classtype:trojan-activity;sid:83923490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060391)"; flow:established,from_client; content:"GET"; http_method; content:"/akame.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.150.26.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060391/; classtype:trojan-activity;sid:83923491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060392)"; flow:established,from_client; content:"GET"; http_method; content:"/akame.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.150.26.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060392/; classtype:trojan-activity;sid:83923492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060393)"; flow:established,from_client; content:"GET"; http_method; content:"/akame.m86k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.150.26.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060393/; classtype:trojan-activity;sid:83923493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060394)"; flow:established,from_client; content:"GET"; http_method; content:"/akame.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.150.26.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060394/; classtype:trojan-activity;sid:83923494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060395)"; flow:established,from_client; content:"GET"; http_method; content:"/akame.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.150.26.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060395/; classtype:trojan-activity;sid:83923495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060396)"; flow:established,from_client; content:"GET"; http_method; content:"/akame.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.150.26.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060396/; classtype:trojan-activity;sid:83923496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.109.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060397/; classtype:trojan-activity;sid:83923497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.72.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060385/; classtype:trojan-activity;sid:83923485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060386)"; flow:established,from_client; content:"GET"; http_method; content:"/akame.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.150.26.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060386/; classtype:trojan-activity;sid:83923486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060387)"; flow:established,from_client; content:"GET"; http_method; content:"/xworm.hta"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.197.69.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060387/; classtype:trojan-activity;sid:83923487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060382)"; flow:established,from_client; content:"GET"; http_method; content:"/akame.armn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.150.26.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060382/; classtype:trojan-activity;sid:83923482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060383)"; flow:established,from_client; content:"GET"; http_method; content:"/download.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"154.197.69.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060383/; classtype:trojan-activity;sid:83923483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060384)"; flow:established,from_client; content:"GET"; http_method; content:"/xworm.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.197.69.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060384/; classtype:trojan-activity;sid:83923484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060381)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.89.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060381/; classtype:trojan-activity;sid:83923481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060380)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.0.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060380/; classtype:trojan-activity;sid:83923480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.251.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060379/; classtype:trojan-activity;sid:83923479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060378)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.88.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060378/; classtype:trojan-activity;sid:83923478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.52.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060377/; classtype:trojan-activity;sid:83923477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.194.106.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060376/; classtype:trojan-activity;sid:83923476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.199.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060375/; classtype:trojan-activity;sid:83923475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060374/; classtype:trojan-activity;sid:83923474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.37.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060373/; classtype:trojan-activity;sid:83923473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.90.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060372/; classtype:trojan-activity;sid:83923472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060371)"; flow:established,from_client; content:"GET"; http_method; content:"/evan9908/setup1/main/set-up.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060371/; classtype:trojan-activity;sid:83923471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.88.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060370/; classtype:trojan-activity;sid:83923470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.43.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060369/; classtype:trojan-activity;sid:83923469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.140.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060368/; classtype:trojan-activity;sid:83923468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060367)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.221.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060367/; classtype:trojan-activity;sid:83923467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.44.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060366/; classtype:trojan-activity;sid:83923466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.45.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060365/; classtype:trojan-activity;sid:83923465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.171.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060364/; classtype:trojan-activity;sid:83923464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.176.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060363/; classtype:trojan-activity;sid:83923463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.145.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060362/; classtype:trojan-activity;sid:83923462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.219.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060361/; classtype:trojan-activity;sid:83923461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060358)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.43.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060358/; classtype:trojan-activity;sid:83923458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.168.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060359/; classtype:trojan-activity;sid:83923459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060360)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.4.18.220"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060360/; classtype:trojan-activity;sid:83923460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060357)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.160.164.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060357/; classtype:trojan-activity;sid:83923457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.213.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060356/; classtype:trojan-activity;sid:83923456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.86.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060355/; classtype:trojan-activity;sid:83923455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.12.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060354/; classtype:trojan-activity;sid:83923454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060353)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.251.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060353/; classtype:trojan-activity;sid:83923453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.72.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060352/; classtype:trojan-activity;sid:83923452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.4.128"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060351/; classtype:trojan-activity;sid:83923451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.14.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060350/; classtype:trojan-activity;sid:83923450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.31.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060349/; classtype:trojan-activity;sid:83923449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.140.142.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060348/; classtype:trojan-activity;sid:83923448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.96.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060347/; classtype:trojan-activity;sid:83923447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.184.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060346/; classtype:trojan-activity;sid:83923446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.25.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060345/; classtype:trojan-activity;sid:83923445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.10.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060344/; classtype:trojan-activity;sid:83923444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060343)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.91.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060343/; classtype:trojan-activity;sid:83923443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.85.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060341/; classtype:trojan-activity;sid:83923441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060342)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.218.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060342/; classtype:trojan-activity;sid:83923442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.208.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060338/; classtype:trojan-activity;sid:83923438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060339)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.122.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060339/; classtype:trojan-activity;sid:83923439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.159.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060340/; classtype:trojan-activity;sid:83923440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060337)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.158.161.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060337/; classtype:trojan-activity;sid:83923437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060336)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.85.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060336/; classtype:trojan-activity;sid:83923436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060335)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.171.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060335/; classtype:trojan-activity;sid:83923435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060334)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.251.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060334/; classtype:trojan-activity;sid:83923434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.98.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060333/; classtype:trojan-activity;sid:83923433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.251.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060332/; classtype:trojan-activity;sid:83923432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.96.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060331/; classtype:trojan-activity;sid:83923431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.90.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060330/; classtype:trojan-activity;sid:83923430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.227.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060329/; classtype:trojan-activity;sid:83923429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.5.20.159"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060328/; classtype:trojan-activity;sid:83923428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.98.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060327/; classtype:trojan-activity;sid:83923427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.140.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060326/; classtype:trojan-activity;sid:83923426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.45.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060325/; classtype:trojan-activity;sid:83923425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.123.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060324/; classtype:trojan-activity;sid:83923424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.3.27.122"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060323/; classtype:trojan-activity;sid:83923423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.132.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060322/; classtype:trojan-activity;sid:83923422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.219.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060321/; classtype:trojan-activity;sid:83923421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.60.255.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060320/; classtype:trojan-activity;sid:83923420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.251.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060319/; classtype:trojan-activity;sid:83923419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.24.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060317/; classtype:trojan-activity;sid:83923417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.145.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060318/; classtype:trojan-activity;sid:83923418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060314)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.152.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060314/; classtype:trojan-activity;sid:83923414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060315)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.76.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060315/; classtype:trojan-activity;sid:83923415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060316)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.52.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060316/; classtype:trojan-activity;sid:83923416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.117.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060313/; classtype:trojan-activity;sid:83923413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.4.128"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060312/; classtype:trojan-activity;sid:83923412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.39.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060311/; classtype:trojan-activity;sid:83923411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.159.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060310/; classtype:trojan-activity;sid:83923410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.208.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060308/; classtype:trojan-activity;sid:83923408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.121.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060309/; classtype:trojan-activity;sid:83923409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060307)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.220.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060307/; classtype:trojan-activity;sid:83923407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.167.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060306/; classtype:trojan-activity;sid:83923406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060305)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.15.52.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060305/; classtype:trojan-activity;sid:83923405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060304)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.81.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060304/; classtype:trojan-activity;sid:83923404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060303)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.98.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060303/; classtype:trojan-activity;sid:83923403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.252.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060302/; classtype:trojan-activity;sid:83923402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.172.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060301/; classtype:trojan-activity;sid:83923401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.41.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060300/; classtype:trojan-activity;sid:83923400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060298)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.221.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060298/; classtype:trojan-activity;sid:83923398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.75.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060299/; classtype:trojan-activity;sid:83923399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.203.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060297/; classtype:trojan-activity;sid:83923397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.178.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060295/; classtype:trojan-activity;sid:83923395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.200.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060296/; classtype:trojan-activity;sid:83923396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.229.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060293/; classtype:trojan-activity;sid:83923393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.227.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060294/; classtype:trojan-activity;sid:83923394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.80.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060291/; classtype:trojan-activity;sid:83923391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.158.157.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060292/; classtype:trojan-activity;sid:83923392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.239.77.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060290/; classtype:trojan-activity;sid:83923390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.119.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060289/; classtype:trojan-activity;sid:83923389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.39.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060288/; classtype:trojan-activity;sid:83923388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.3.27.122"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060287/; classtype:trojan-activity;sid:83923387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060286/; classtype:trojan-activity;sid:83923386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060285)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.137.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060285/; classtype:trojan-activity;sid:83923385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.117.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060284/; classtype:trojan-activity;sid:83923384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.173.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060283/; classtype:trojan-activity;sid:83923383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060282)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.12.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060282/; classtype:trojan-activity;sid:83923382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060281)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.125.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060281/; classtype:trojan-activity;sid:83923381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.129.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060280/; classtype:trojan-activity;sid:83923380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.173.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060279/; classtype:trojan-activity;sid:83923379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.78.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060277/; classtype:trojan-activity;sid:83923377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.221.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060278/; classtype:trojan-activity;sid:83923378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.210.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060276/; classtype:trojan-activity;sid:83923376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.95.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060275/; classtype:trojan-activity;sid:83923375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.185.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060274/; classtype:trojan-activity;sid:83923374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.56.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060273/; classtype:trojan-activity;sid:83923373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.56.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060272/; classtype:trojan-activity;sid:83923372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.108.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060271/; classtype:trojan-activity;sid:83923371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.218.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060270/; classtype:trojan-activity;sid:83923370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.121.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060269/; classtype:trojan-activity;sid:83923369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.200.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060268/; classtype:trojan-activity;sid:83923368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.219.142.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060267/; classtype:trojan-activity;sid:83923367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.133.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060266/; classtype:trojan-activity;sid:83923366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060265)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.245.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060265/; classtype:trojan-activity;sid:83923365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060264)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.244.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060264/; classtype:trojan-activity;sid:83923364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.255.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060262/; classtype:trojan-activity;sid:83923362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.203.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060263/; classtype:trojan-activity;sid:83923363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.158.157.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060261/; classtype:trojan-activity;sid:83923361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.94.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060260/; classtype:trojan-activity;sid:83923360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.5.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060258/; classtype:trojan-activity;sid:83923358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.176.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060259/; classtype:trojan-activity;sid:83923359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.217.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060257/; classtype:trojan-activity;sid:83923357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.136.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060256/; classtype:trojan-activity;sid:83923356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.78.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060255/; classtype:trojan-activity;sid:83923355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.61.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060254/; classtype:trojan-activity;sid:83923354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.169.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060253/; classtype:trojan-activity;sid:83923353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.161.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060252/; classtype:trojan-activity;sid:83923352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.229.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060250/; classtype:trojan-activity;sid:83923350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.80.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060251/; classtype:trojan-activity;sid:83923351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.107.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060249/; classtype:trojan-activity;sid:83923349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.239.77.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060248/; classtype:trojan-activity;sid:83923348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.221.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060247/; classtype:trojan-activity;sid:83923347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.178.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060245/; classtype:trojan-activity;sid:83923345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.56.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060246/; classtype:trojan-activity;sid:83923346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060244)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.62.124.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060244/; classtype:trojan-activity;sid:83923344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060242)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.126.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060242/; classtype:trojan-activity;sid:83923342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060243)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060243/; classtype:trojan-activity;sid:83923343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.59.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060241/; classtype:trojan-activity;sid:83923341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.159.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060240/; classtype:trojan-activity;sid:83923340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.137.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060239/; classtype:trojan-activity;sid:83923339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.41.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060238/; classtype:trojan-activity;sid:83923338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.89.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060237/; classtype:trojan-activity;sid:83923337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060236/; classtype:trojan-activity;sid:83923336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.253.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060235/; classtype:trojan-activity;sid:83923335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.172.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060233/; classtype:trojan-activity;sid:83923333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.108.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060234/; classtype:trojan-activity;sid:83923334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.182.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060231/; classtype:trojan-activity;sid:83923331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.233.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060232/; classtype:trojan-activity;sid:83923332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.181.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060230/; classtype:trojan-activity;sid:83923330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.78.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060229/; classtype:trojan-activity;sid:83923329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060227)"; flow:established,from_client; content:"GET"; http_method; content:"/lawhpva115.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"172.93.222.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060227/; classtype:trojan-activity;sid:83923327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060228)"; flow:established,from_client; content:"GET"; http_method; content:"/lltjwqmuffk36.bin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"172.93.222.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060228/; classtype:trojan-activity;sid:83923328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.175.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060225/; classtype:trojan-activity;sid:83923325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.118.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060226/; classtype:trojan-activity;sid:83923326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.94.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060224/; classtype:trojan-activity;sid:83923324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.247.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060223/; classtype:trojan-activity;sid:83923323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060222)"; flow:established,from_client; content:"GET"; http_method; content:"/selectex-file-host/deepweb.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.196.10.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060222/; classtype:trojan-activity;sid:83923322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060218)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.189.181.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060218/; classtype:trojan-activity;sid:83923318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060219)"; flow:established,from_client; content:"GET"; http_method; content:"/selectex-file-host/client-built.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"185.196.10.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060219/; classtype:trojan-activity;sid:83923319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060220)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.95.169.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060220/; classtype:trojan-activity;sid:83923320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060221)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.fourloko"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"66.55.76.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060221/; classtype:trojan-activity;sid:83923321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060210)"; flow:established,from_client; content:"GET"; http_method; content:"/server.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.83.207.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060210/; classtype:trojan-activity;sid:83923310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060211)"; flow:established,from_client; content:"GET"; http_method; content:"/botkiller.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.83.207.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060211/; classtype:trojan-activity;sid:83923311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060212)"; flow:established,from_client; content:"GET"; http_method; content:"/selectex-file-host/file.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.196.10.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060212/; classtype:trojan-activity;sid:83923312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.121.3.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060213/; classtype:trojan-activity;sid:83923313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060214)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.mipsel"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"46.23.108.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060214/; classtype:trojan-activity;sid:83923314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.121.3.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060215/; classtype:trojan-activity;sid:83923315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060216)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.23.108.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060216/; classtype:trojan-activity;sid:83923316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060217)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.armv6l"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"46.23.108.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060217/; classtype:trojan-activity;sid:83923317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060207)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"209.250.234.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060207/; classtype:trojan-activity;sid:83923307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060208)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/1244787082367336591/1263488753826136187/setup.msi|3f|ex=669d0e19|7c|26|7c|is=669bbc99|7c|26|7c|hm=c5d5b588cb0fd39e3b6beaa8ed93f795db1e7975a0e9a8f781c9eee9cfedd7b5"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060208/; classtype:trojan-activity;sid:83923308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060209)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.23.108.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060209/; classtype:trojan-activity;sid:83923309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060195)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"93.123.85.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060195/; classtype:trojan-activity;sid:83923295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060196)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"93.123.85.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060196/; classtype:trojan-activity;sid:83923296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060197)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"93.123.85.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060197/; classtype:trojan-activity;sid:83923297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060198)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"93.123.85.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060198/; classtype:trojan-activity;sid:83923298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060199)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"93.123.85.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060199/; classtype:trojan-activity;sid:83923299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060200)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"93.123.85.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060200/; classtype:trojan-activity;sid:83923300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060201)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"93.123.85.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060201/; classtype:trojan-activity;sid:83923301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060202)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"93.123.85.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060202/; classtype:trojan-activity;sid:83923302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060203)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"93.123.85.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060203/; classtype:trojan-activity;sid:83923303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060204)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"93.123.85.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060204/; classtype:trojan-activity;sid:83923304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060205)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"93.123.85.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060205/; classtype:trojan-activity;sid:83923305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060206)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"93.123.85.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060206/; classtype:trojan-activity;sid:83923306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.5.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060194/; classtype:trojan-activity;sid:83923294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060193)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/server/wf34g534ve3.rar"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"birthingamerica.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060193/; classtype:trojan-activity;sid:83923293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.170.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060192/; classtype:trojan-activity;sid:83923292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.61.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060191/; classtype:trojan-activity;sid:83923291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.133.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060190/; classtype:trojan-activity;sid:83923290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.94.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060189/; classtype:trojan-activity;sid:83923289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.85.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060188/; classtype:trojan-activity;sid:83923288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.161.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060185/; classtype:trojan-activity;sid:83923285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.77.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060186/; classtype:trojan-activity;sid:83923286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.91.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060187/; classtype:trojan-activity;sid:83923287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.255.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060184/; classtype:trojan-activity;sid:83923284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060183)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.32.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060183/; classtype:trojan-activity;sid:83923283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060182)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.209.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060182/; classtype:trojan-activity;sid:83923282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060180)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.35.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060180/; classtype:trojan-activity;sid:83923280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.167.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060181/; classtype:trojan-activity;sid:83923281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060179)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.21.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060179/; classtype:trojan-activity;sid:83923279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.19.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060178/; classtype:trojan-activity;sid:83923278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060177)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.75.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060177/; classtype:trojan-activity;sid:83923277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060176)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.40.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060176/; classtype:trojan-activity;sid:83923276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060175)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.11.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060175/; classtype:trojan-activity;sid:83923275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.219.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060172/; classtype:trojan-activity;sid:83923272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060173/; classtype:trojan-activity;sid:83923273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060174)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.162.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060174/; classtype:trojan-activity;sid:83923274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.182.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060171/; classtype:trojan-activity;sid:83923271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.214.10.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060170/; classtype:trojan-activity;sid:83923270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.118.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060169/; classtype:trojan-activity;sid:83923269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.88.176.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060168/; classtype:trojan-activity;sid:83923268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.152.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060166/; classtype:trojan-activity;sid:83923266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.80.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060167/; classtype:trojan-activity;sid:83923267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.118.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060165/; classtype:trojan-activity;sid:83923265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.150.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060164/; classtype:trojan-activity;sid:83923264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060163/; classtype:trojan-activity;sid:83923263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.69.40.151"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060162/; classtype:trojan-activity;sid:83923262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.19.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060161/; classtype:trojan-activity;sid:83923261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.160.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060159/; classtype:trojan-activity;sid:83923259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.169.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060160/; classtype:trojan-activity;sid:83923260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.222.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060158/; classtype:trojan-activity;sid:83923258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.66.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060157/; classtype:trojan-activity;sid:83923257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.152.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060156/; classtype:trojan-activity;sid:83923256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.85.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060155/; classtype:trojan-activity;sid:83923255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060154)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.152.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060154/; classtype:trojan-activity;sid:83923254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060151)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"172.38.0.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060151/; classtype:trojan-activity;sid:83923251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060152)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.198.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060152/; classtype:trojan-activity;sid:83923252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060153)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.224.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060153/; classtype:trojan-activity;sid:83923253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060148)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.224.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060148/; classtype:trojan-activity;sid:83923248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060149)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.120.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060149/; classtype:trojan-activity;sid:83923249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060150)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.244.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060150/; classtype:trojan-activity;sid:83923250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060147)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.187.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060147/; classtype:trojan-activity;sid:83923247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060145)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.66.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060145/; classtype:trojan-activity;sid:83923245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060146)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.224.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060146/; classtype:trojan-activity;sid:83923246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060143)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.112.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060143/; classtype:trojan-activity;sid:83923243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060144)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.78.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060144/; classtype:trojan-activity;sid:83923244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060142)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.85.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060142/; classtype:trojan-activity;sid:83923242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060138)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.220.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060138/; classtype:trojan-activity;sid:83923238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060139)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.51.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060139/; classtype:trojan-activity;sid:83923239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060140)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.4.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060140/; classtype:trojan-activity;sid:83923240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060141)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.143.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060141/; classtype:trojan-activity;sid:83923241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060137)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.84.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060137/; classtype:trojan-activity;sid:83923237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.94.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060136/; classtype:trojan-activity;sid:83923236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.25.237.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060134/; classtype:trojan-activity;sid:83923234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.77.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060135/; classtype:trojan-activity;sid:83923235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.4.6"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060132/; classtype:trojan-activity;sid:83923232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.60.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060133/; classtype:trojan-activity;sid:83923233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.91.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060131/; classtype:trojan-activity;sid:83923231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060130)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.36.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060130/; classtype:trojan-activity;sid:83923230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.103.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060129/; classtype:trojan-activity;sid:83923229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.209.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060128/; classtype:trojan-activity;sid:83923228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.218.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060127/; classtype:trojan-activity;sid:83923227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.34.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060126/; classtype:trojan-activity;sid:83923226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.8.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060125/; classtype:trojan-activity;sid:83923225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.138.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060124/; classtype:trojan-activity;sid:83923224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.35.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060123/; classtype:trojan-activity;sid:83923223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.236.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060122/; classtype:trojan-activity;sid:83923222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.63.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060121/; classtype:trojan-activity;sid:83923221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.210.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060120/; classtype:trojan-activity;sid:83923220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.21.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060119/; classtype:trojan-activity;sid:83923219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.218.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060118/; classtype:trojan-activity;sid:83923218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.213.69.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060117/; classtype:trojan-activity;sid:83923217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060116)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.180.140.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060116/; classtype:trojan-activity;sid:83923216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060114)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.49.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060114/; classtype:trojan-activity;sid:83923214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.41.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060115/; classtype:trojan-activity;sid:83923215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.38.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060113/; classtype:trojan-activity;sid:83923213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.222.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060112/; classtype:trojan-activity;sid:83923212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.147.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060111/; classtype:trojan-activity;sid:83923211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.80.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060110/; classtype:trojan-activity;sid:83923210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.160.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060109/; classtype:trojan-activity;sid:83923209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.163.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060107/; classtype:trojan-activity;sid:83923207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.158.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060108/; classtype:trojan-activity;sid:83923208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.187.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060106/; classtype:trojan-activity;sid:83923206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.197.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060105/; classtype:trojan-activity;sid:83923205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060103)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.4.6"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060103/; classtype:trojan-activity;sid:83923203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.82.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060104/; classtype:trojan-activity;sid:83923204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.244.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060102/; classtype:trojan-activity;sid:83923202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.89.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060101/; classtype:trojan-activity;sid:83923201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060100)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.247.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060100/; classtype:trojan-activity;sid:83923200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.233.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060098/; classtype:trojan-activity;sid:83923198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060099)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.105.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060099/; classtype:trojan-activity;sid:83923199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.46.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060095/; classtype:trojan-activity;sid:83923195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060096)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060096/; classtype:trojan-activity;sid:83923196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.25.237.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060097/; classtype:trojan-activity;sid:83923197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060094)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.206.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060094/; classtype:trojan-activity;sid:83923194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.74.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060093/; classtype:trojan-activity;sid:83923193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.21.156"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060091/; classtype:trojan-activity;sid:83923191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.84.88.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060092/; classtype:trojan-activity;sid:83923192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.225.111.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060089/; classtype:trojan-activity;sid:83923189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.2.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060090/; classtype:trojan-activity;sid:83923190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.103.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060088/; classtype:trojan-activity;sid:83923188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.8.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060087/; classtype:trojan-activity;sid:83923187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.44.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060086/; classtype:trojan-activity;sid:83923186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.191.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060084/; classtype:trojan-activity;sid:83923184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.34.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060085/; classtype:trojan-activity;sid:83923185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.215.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060083/; classtype:trojan-activity;sid:83923183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.182.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060082/; classtype:trojan-activity;sid:83923182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.57.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060081/; classtype:trojan-activity;sid:83923181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.8.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060080/; classtype:trojan-activity;sid:83923180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.167.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060079/; classtype:trojan-activity;sid:83923179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.222.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060078/; classtype:trojan-activity;sid:83923178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.127.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060076/; classtype:trojan-activity;sid:83923176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.40.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060077/; classtype:trojan-activity;sid:83923177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.85.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060075/; classtype:trojan-activity;sid:83923175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060074)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.218.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060074/; classtype:trojan-activity;sid:83923174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060073)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.112.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060073/; classtype:trojan-activity;sid:83923173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060072)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.86.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060072/; classtype:trojan-activity;sid:83923172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.185.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060070/; classtype:trojan-activity;sid:83923170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060071)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.222.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060071/; classtype:trojan-activity;sid:83923171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.197.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060069/; classtype:trojan-activity;sid:83923169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.41.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060068/; classtype:trojan-activity;sid:83923168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.152.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060067/; classtype:trojan-activity;sid:83923167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060066)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.218.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060066/; classtype:trojan-activity;sid:83923166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.18.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060065/; classtype:trojan-activity;sid:83923165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.34.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060064/; classtype:trojan-activity;sid:83923164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060063)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.244.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060063/; classtype:trojan-activity;sid:83923163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.44.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060062/; classtype:trojan-activity;sid:83923162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060061)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.161.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060061/; classtype:trojan-activity;sid:83923161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.204.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060060/; classtype:trojan-activity;sid:83923160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060059)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.101.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060059/; classtype:trojan-activity;sid:83923159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.254.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060056/; classtype:trojan-activity;sid:83923156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.62.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060057/; classtype:trojan-activity;sid:83923157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.250.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060058/; classtype:trojan-activity;sid:83923158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.225.111.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060055/; classtype:trojan-activity;sid:83923155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.249.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060054/; classtype:trojan-activity;sid:83923154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.2.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060053/; classtype:trojan-activity;sid:83923153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.248.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060052/; classtype:trojan-activity;sid:83923152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060051)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.84.88.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060051/; classtype:trojan-activity;sid:83923151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.236.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060050/; classtype:trojan-activity;sid:83923150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.251.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060049/; classtype:trojan-activity;sid:83923149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.191.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060048/; classtype:trojan-activity;sid:83923148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.57.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060047/; classtype:trojan-activity;sid:83923147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.187.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060046/; classtype:trojan-activity;sid:83923146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.213.69.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060045/; classtype:trojan-activity;sid:83923145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060044)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.160.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060044/; classtype:trojan-activity;sid:83923144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.187.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060043/; classtype:trojan-activity;sid:83923143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.85.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060042/; classtype:trojan-activity;sid:83923142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.255.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060041/; classtype:trojan-activity;sid:83923141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060039)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.141.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060039/; classtype:trojan-activity;sid:83923139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.254.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060040/; classtype:trojan-activity;sid:83923140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.34.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060038/; classtype:trojan-activity;sid:83923138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.115.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060037/; classtype:trojan-activity;sid:83923137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.202.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060036/; classtype:trojan-activity;sid:83923136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.59.107.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060035/; classtype:trojan-activity;sid:83923135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.82.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060034/; classtype:trojan-activity;sid:83923134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060033)"; flow:established,from_client; content:"GET"; http_method; content:"/8usa.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.239.34.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060033/; classtype:trojan-activity;sid:83923133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.216.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060032/; classtype:trojan-activity;sid:83923132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.249.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060031/; classtype:trojan-activity;sid:83923131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.20.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060030/; classtype:trojan-activity;sid:83923130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.217.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060029/; classtype:trojan-activity;sid:83923129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060028)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.213.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060028/; classtype:trojan-activity;sid:83923128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060027)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.215.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060027/; classtype:trojan-activity;sid:83923127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.204.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060026/; classtype:trojan-activity;sid:83923126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060025)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.189.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060025/; classtype:trojan-activity;sid:83923125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.250.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060024/; classtype:trojan-activity;sid:83923124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.41.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060023/; classtype:trojan-activity;sid:83923123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.45.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060022/; classtype:trojan-activity;sid:83923122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.178.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060019/; classtype:trojan-activity;sid:83923119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.84.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060020/; classtype:trojan-activity;sid:83923120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.181.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060021/; classtype:trojan-activity;sid:83923121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.10.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060018/; classtype:trojan-activity;sid:83923118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060017/; classtype:trojan-activity;sid:83923117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.48.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060016/; classtype:trojan-activity;sid:83923116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.221.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060015/; classtype:trojan-activity;sid:83923115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.168.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060013/; classtype:trojan-activity;sid:83923113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.10.61"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060014/; classtype:trojan-activity;sid:83923114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.255.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060012/; classtype:trojan-activity;sid:83923112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.27.87"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060011/; classtype:trojan-activity;sid:83923111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.203.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060010/; classtype:trojan-activity;sid:83923110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.145.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060009/; classtype:trojan-activity;sid:83923109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060008)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060008/; classtype:trojan-activity;sid:83923108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.98.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060007/; classtype:trojan-activity;sid:83923107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.227.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060006/; classtype:trojan-activity;sid:83923106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.71.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060005/; classtype:trojan-activity;sid:83923105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060004)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060004/; classtype:trojan-activity;sid:83923104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.2.164"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060003/; classtype:trojan-activity;sid:83923103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.176.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060002/; classtype:trojan-activity;sid:83923102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060001)"; flow:established,from_client; content:"GET"; http_method; content:"/orderreview"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"zcmkd.award.vuheritagefoundation.org"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060001/; classtype:trojan-activity;sid:83923101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3060000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.5.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3060000/; classtype:trojan-activity;sid:83923100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059999)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.249.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059999/; classtype:trojan-activity;sid:83923099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.152.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059997/; classtype:trojan-activity;sid:83923097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.81.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059998/; classtype:trojan-activity;sid:83923098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059996)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.238.25.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059996/; classtype:trojan-activity;sid:83923096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059995)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.237.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059995/; classtype:trojan-activity;sid:83923095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059994/; classtype:trojan-activity;sid:83923094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059993/; classtype:trojan-activity;sid:83923093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.181.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059991/; classtype:trojan-activity;sid:83923091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.13.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059992/; classtype:trojan-activity;sid:83923092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.164.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059990/; classtype:trojan-activity;sid:83923090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.8.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059989/; classtype:trojan-activity;sid:83923089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.178.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059988/; classtype:trojan-activity;sid:83923088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.110.20.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059986/; classtype:trojan-activity;sid:83923086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.191.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059987/; classtype:trojan-activity;sid:83923087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.145.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059985/; classtype:trojan-activity;sid:83923085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.50.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059984/; classtype:trojan-activity;sid:83923084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.168.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059983/; classtype:trojan-activity;sid:83923083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.27.87"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059982/; classtype:trojan-activity;sid:83923082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.111.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059981/; classtype:trojan-activity;sid:83923081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059980)"; flow:established,from_client; content:"GET"; http_method; content:"/selectex-file-host/deepweb2.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"185.196.10.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059980/; classtype:trojan-activity;sid:83923080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.133.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059979/; classtype:trojan-activity;sid:83923079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.203.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059977/; classtype:trojan-activity;sid:83923077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.41.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059978/; classtype:trojan-activity;sid:83923078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.187.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059976/; classtype:trojan-activity;sid:83923076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.247.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059975/; classtype:trojan-activity;sid:83923075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.63.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059973/; classtype:trojan-activity;sid:83923073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.216.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059974/; classtype:trojan-activity;sid:83923074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059972)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.23.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059972/; classtype:trojan-activity;sid:83923072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.254.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059971/; classtype:trojan-activity;sid:83923071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059970)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.168.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059970/; classtype:trojan-activity;sid:83923070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059969)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.127.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059969/; classtype:trojan-activity;sid:83923069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.6.233"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059968/; classtype:trojan-activity;sid:83923068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.98.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059967/; classtype:trojan-activity;sid:83923067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.123.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059966/; classtype:trojan-activity;sid:83923066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.227.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059965/; classtype:trojan-activity;sid:83923065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.185.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059964/; classtype:trojan-activity;sid:83923064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059963)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.152.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059963/; classtype:trojan-activity;sid:83923063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059962)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.17.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059962/; classtype:trojan-activity;sid:83923062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.131.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059961/; classtype:trojan-activity;sid:83923061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.176.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059960/; classtype:trojan-activity;sid:83923060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.97.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059959/; classtype:trojan-activity;sid:83923059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.88.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059958/; classtype:trojan-activity;sid:83923058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059956)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.40.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059956/; classtype:trojan-activity;sid:83923056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.81.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059957/; classtype:trojan-activity;sid:83923057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059955/; classtype:trojan-activity;sid:83923055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059954/; classtype:trojan-activity;sid:83923054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059953)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.1.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059953/; classtype:trojan-activity;sid:83923053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059952)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.205.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059952/; classtype:trojan-activity;sid:83923052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.199.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059951/; classtype:trojan-activity;sid:83923051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059949)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.195.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059949/; classtype:trojan-activity;sid:83923049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059950)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.66.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059950/; classtype:trojan-activity;sid:83923050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.8.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059948/; classtype:trojan-activity;sid:83923048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.239.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059947/; classtype:trojan-activity;sid:83923047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.5.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059946/; classtype:trojan-activity;sid:83923046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059945)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.82.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059945/; classtype:trojan-activity;sid:83923045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.232.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059942/; classtype:trojan-activity;sid:83923042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.105.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059943/; classtype:trojan-activity;sid:83923043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.244.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059944/; classtype:trojan-activity;sid:83923044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.210.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059941/; classtype:trojan-activity;sid:83923041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059940)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.55.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059940/; classtype:trojan-activity;sid:83923040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.216.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059939/; classtype:trojan-activity;sid:83923039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.244.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059938/; classtype:trojan-activity;sid:83923038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.217.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059937/; classtype:trojan-activity;sid:83923037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.236.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059936/; classtype:trojan-activity;sid:83923036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.133.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059935/; classtype:trojan-activity;sid:83923035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.154.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059934/; classtype:trojan-activity;sid:83923034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.81.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059933/; classtype:trojan-activity;sid:83923033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059932)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.15.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059932/; classtype:trojan-activity;sid:83923032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059931)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.94.193.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059931/; classtype:trojan-activity;sid:83923031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059930)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.92.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059930/; classtype:trojan-activity;sid:83923030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059929)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.52.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059929/; classtype:trojan-activity;sid:83923029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.18.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059928/; classtype:trojan-activity;sid:83923028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.250.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059927/; classtype:trojan-activity;sid:83923027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.185.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059926/; classtype:trojan-activity;sid:83923026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.131.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059925/; classtype:trojan-activity;sid:83923025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.193.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059924/; classtype:trojan-activity;sid:83923024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.130.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059922/; classtype:trojan-activity;sid:83923022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.173.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059923/; classtype:trojan-activity;sid:83923023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.97.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059921/; classtype:trojan-activity;sid:83923021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.10.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059920/; classtype:trojan-activity;sid:83923020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.171.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059919/; classtype:trojan-activity;sid:83923019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.11.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059918/; classtype:trojan-activity;sid:83923018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.194.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059916/; classtype:trojan-activity;sid:83923016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059917)"; flow:established,from_client; content:"GET"; http_method; content:"/doc869877400_678949873|3f|hash=vigzxn1c2civzolxg1azyta9dgh6zqng8zb249hpmsz|7c|26|7c|dl=eudxfzjnmmzeey5uqekoshhpibfsjruf1z6h1tuppst|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059917/; classtype:trojan-activity;sid:83923017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.77.3.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059915/; classtype:trojan-activity;sid:83923015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059913)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.61.169.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059913/; classtype:trojan-activity;sid:83923013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.239.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059914/; classtype:trojan-activity;sid:83923014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059912)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.43.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059912/; classtype:trojan-activity;sid:83923012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059909)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.251.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059909/; classtype:trojan-activity;sid:83923009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059910)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.33.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059910/; classtype:trojan-activity;sid:83923010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059911)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.208.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059911/; classtype:trojan-activity;sid:83923011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059908)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.203.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059908/; classtype:trojan-activity;sid:83923008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059906)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059906/; classtype:trojan-activity;sid:83923006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059907)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.242.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059907/; classtype:trojan-activity;sid:83923007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059904)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.74.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059904/; classtype:trojan-activity;sid:83923004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059905)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.97.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059905/; classtype:trojan-activity;sid:83923005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059903)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.41.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059903/; classtype:trojan-activity;sid:83923003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.110.20.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059902/; classtype:trojan-activity;sid:83923002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.82.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059899/; classtype:trojan-activity;sid:83922999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.163.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059900/; classtype:trojan-activity;sid:83923000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.105.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059901/; classtype:trojan-activity;sid:83923001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.229.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059898/; classtype:trojan-activity;sid:83922998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.114.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059897/; classtype:trojan-activity;sid:83922997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.232.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059896/; classtype:trojan-activity;sid:83922996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.244.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059895/; classtype:trojan-activity;sid:83922995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.73.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059894/; classtype:trojan-activity;sid:83922994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.217.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059893/; classtype:trojan-activity;sid:83922993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.197.175.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059892/; classtype:trojan-activity;sid:83922992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.236.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059891/; classtype:trojan-activity;sid:83922991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.156.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059890/; classtype:trojan-activity;sid:83922990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.175.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059889/; classtype:trojan-activity;sid:83922989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.130.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059887/; classtype:trojan-activity;sid:83922987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059888)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.113.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059888/; classtype:trojan-activity;sid:83922988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.152.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059886/; classtype:trojan-activity;sid:83922986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.167.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059885/; classtype:trojan-activity;sid:83922985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.18.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059884/; classtype:trojan-activity;sid:83922984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.173.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059883/; classtype:trojan-activity;sid:83922983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.250.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059882/; classtype:trojan-activity;sid:83922982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.193.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059881/; classtype:trojan-activity;sid:83922981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.194.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059880/; classtype:trojan-activity;sid:83922980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.133.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059878/; classtype:trojan-activity;sid:83922978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.7.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059879/; classtype:trojan-activity;sid:83922979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.87.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059877/; classtype:trojan-activity;sid:83922977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059876)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.255.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059876/; classtype:trojan-activity;sid:83922976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.143.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059875/; classtype:trojan-activity;sid:83922975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.233.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059874/; classtype:trojan-activity;sid:83922974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059873)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.78.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059873/; classtype:trojan-activity;sid:83922973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.160.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059872/; classtype:trojan-activity;sid:83922972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.223.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059871/; classtype:trojan-activity;sid:83922971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.155.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059870/; classtype:trojan-activity;sid:83922970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.73.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059869/; classtype:trojan-activity;sid:83922969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.41.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059868/; classtype:trojan-activity;sid:83922968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.96.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059867/; classtype:trojan-activity;sid:83922967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.172.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059866/; classtype:trojan-activity;sid:83922966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.169.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059865/; classtype:trojan-activity;sid:83922965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.65.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059863/; classtype:trojan-activity;sid:83922963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.120.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059864/; classtype:trojan-activity;sid:83922964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059862/; classtype:trojan-activity;sid:83922962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.167.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059861/; classtype:trojan-activity;sid:83922961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.131.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059860/; classtype:trojan-activity;sid:83922960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.152.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059859/; classtype:trojan-activity;sid:83922959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059858)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.189.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059858/; classtype:trojan-activity;sid:83922958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059857)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.83.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059857/; classtype:trojan-activity;sid:83922957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059856)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.174.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059856/; classtype:trojan-activity;sid:83922956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.175.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059855/; classtype:trojan-activity;sid:83922955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.175.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059854/; classtype:trojan-activity;sid:83922954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059853)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.251.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059853/; classtype:trojan-activity;sid:83922953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059852/; classtype:trojan-activity;sid:83922952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.243.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059851/; classtype:trojan-activity;sid:83922951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.127.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059850/; classtype:trojan-activity;sid:83922950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.87.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059849/; classtype:trojan-activity;sid:83922949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.233.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059848/; classtype:trojan-activity;sid:83922948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.102.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059847/; classtype:trojan-activity;sid:83922947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.207.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059846/; classtype:trojan-activity;sid:83922946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059845)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.1.180"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059845/; classtype:trojan-activity;sid:83922945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059844)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.133.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059844/; classtype:trojan-activity;sid:83922944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.53.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059843/; classtype:trojan-activity;sid:83922943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059841)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.225.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059841/; classtype:trojan-activity;sid:83922941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.160.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059842/; classtype:trojan-activity;sid:83922942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.74.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059840/; classtype:trojan-activity;sid:83922940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.113.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059839/; classtype:trojan-activity;sid:83922939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.219.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059838/; classtype:trojan-activity;sid:83922938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.155.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059837/; classtype:trojan-activity;sid:83922937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.41.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059836/; classtype:trojan-activity;sid:83922936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.227.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059835/; classtype:trojan-activity;sid:83922935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.120.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059834/; classtype:trojan-activity;sid:83922934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059833)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.96.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059833/; classtype:trojan-activity;sid:83922933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.22.0"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059831/; classtype:trojan-activity;sid:83922931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059832/; classtype:trojan-activity;sid:83922932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.110.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059830/; classtype:trojan-activity;sid:83922930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.1.112"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059829/; classtype:trojan-activity;sid:83922929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059828)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.236.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059828/; classtype:trojan-activity;sid:83922928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.221.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059826/; classtype:trojan-activity;sid:83922926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.100.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059827/; classtype:trojan-activity;sid:83922927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.211.225.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059825/; classtype:trojan-activity;sid:83922925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.185.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059824/; classtype:trojan-activity;sid:83922924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.48.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059823/; classtype:trojan-activity;sid:83922923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.127.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059822/; classtype:trojan-activity;sid:83922922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.102.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059821/; classtype:trojan-activity;sid:83922921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.165.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059820/; classtype:trojan-activity;sid:83922920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059819)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.159.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059819/; classtype:trojan-activity;sid:83922919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.110.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059818/; classtype:trojan-activity;sid:83922918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.7.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059817/; classtype:trojan-activity;sid:83922917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.196.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059816/; classtype:trojan-activity;sid:83922916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.28.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059815/; classtype:trojan-activity;sid:83922915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.119.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059814/; classtype:trojan-activity;sid:83922914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.189.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059813/; classtype:trojan-activity;sid:83922913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.113.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059811/; classtype:trojan-activity;sid:83922911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.215.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059812/; classtype:trojan-activity;sid:83922912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.137.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059810/; classtype:trojan-activity;sid:83922910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059808)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.225.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059808/; classtype:trojan-activity;sid:83922908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059809)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.200.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059809/; classtype:trojan-activity;sid:83922909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.74.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059807/; classtype:trojan-activity;sid:83922907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.227.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059806/; classtype:trojan-activity;sid:83922906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.19.176.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059805/; classtype:trojan-activity;sid:83922905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059804/; classtype:trojan-activity;sid:83922904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.202.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059803/; classtype:trojan-activity;sid:83922903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.219.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059802/; classtype:trojan-activity;sid:83922902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.209.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059801/; classtype:trojan-activity;sid:83922901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.160.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059800/; classtype:trojan-activity;sid:83922900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.22.0"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059799/; classtype:trojan-activity;sid:83922899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.124.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059798/; classtype:trojan-activity;sid:83922898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.59.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059796/; classtype:trojan-activity;sid:83922896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.25.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059797/; classtype:trojan-activity;sid:83922897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.32.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059795/; classtype:trojan-activity;sid:83922895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059794/; classtype:trojan-activity;sid:83922894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.1.112"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059793/; classtype:trojan-activity;sid:83922893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.213.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059792/; classtype:trojan-activity;sid:83922892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059790/; classtype:trojan-activity;sid:83922890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.127.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059791/; classtype:trojan-activity;sid:83922891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059789)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.30.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059789/; classtype:trojan-activity;sid:83922889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059788)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.10.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059788/; classtype:trojan-activity;sid:83922888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.211.225.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059787/; classtype:trojan-activity;sid:83922887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.221.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059786/; classtype:trojan-activity;sid:83922886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059785)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.190.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059785/; classtype:trojan-activity;sid:83922885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.179.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059784/; classtype:trojan-activity;sid:83922884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.226.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059783/; classtype:trojan-activity;sid:83922883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.215.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059782/; classtype:trojan-activity;sid:83922882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.48.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059780/; classtype:trojan-activity;sid:83922880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.170.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059781/; classtype:trojan-activity;sid:83922881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.196.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059779/; classtype:trojan-activity;sid:83922879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.119.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059778/; classtype:trojan-activity;sid:83922878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.23.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059777/; classtype:trojan-activity;sid:83922877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059776)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.26.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059776/; classtype:trojan-activity;sid:83922876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059775)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.139.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059775/; classtype:trojan-activity;sid:83922875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"38.137.248.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059774/; classtype:trojan-activity;sid:83922874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.202.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059773/; classtype:trojan-activity;sid:83922873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.173.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059770/; classtype:trojan-activity;sid:83922870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.51.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059771/; classtype:trojan-activity;sid:83922871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.179.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059772/; classtype:trojan-activity;sid:83922872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.201.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059769/; classtype:trojan-activity;sid:83922869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.25.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059768/; classtype:trojan-activity;sid:83922868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.200.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059767/; classtype:trojan-activity;sid:83922867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059766/; classtype:trojan-activity;sid:83922866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.190.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059765/; classtype:trojan-activity;sid:83922865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.101.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059764/; classtype:trojan-activity;sid:83922864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.7.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059763/; classtype:trojan-activity;sid:83922863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.157.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059762/; classtype:trojan-activity;sid:83922862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.100.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059761/; classtype:trojan-activity;sid:83922861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.25.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059760/; classtype:trojan-activity;sid:83922860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.150.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059759/; classtype:trojan-activity;sid:83922859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059758)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.182.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059758/; classtype:trojan-activity;sid:83922858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.70.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059756/; classtype:trojan-activity;sid:83922856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059757)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.88.4.56"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059757/; classtype:trojan-activity;sid:83922857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.137.248.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059755/; classtype:trojan-activity;sid:83922855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059754)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.spc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"85.239.34.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059754/; classtype:trojan-activity;sid:83922854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.233.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059753/; classtype:trojan-activity;sid:83922853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.170.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059752/; classtype:trojan-activity;sid:83922852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.23.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059751/; classtype:trojan-activity;sid:83922851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.22.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059750/; classtype:trojan-activity;sid:83922850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.234.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059748/; classtype:trojan-activity;sid:83922848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.123.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059749/; classtype:trojan-activity;sid:83922849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.179.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059747/; classtype:trojan-activity;sid:83922847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.51.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059746/; classtype:trojan-activity;sid:83922846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.40.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059745/; classtype:trojan-activity;sid:83922845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.181.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059744/; classtype:trojan-activity;sid:83922844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.4.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059743/; classtype:trojan-activity;sid:83922843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.230.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059742/; classtype:trojan-activity;sid:83922842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.81.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059741/; classtype:trojan-activity;sid:83922841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.7.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059740/; classtype:trojan-activity;sid:83922840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.69.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059739/; classtype:trojan-activity;sid:83922839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.101.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059738/; classtype:trojan-activity;sid:83922838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.200.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059737/; classtype:trojan-activity;sid:83922837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.32.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059735/; classtype:trojan-activity;sid:83922835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.218.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059736/; classtype:trojan-activity;sid:83922836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.218.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059734/; classtype:trojan-activity;sid:83922834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.25.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059733/; classtype:trojan-activity;sid:83922833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059732)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"85.239.34.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059732/; classtype:trojan-activity;sid:83922832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059731)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.26.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059731/; classtype:trojan-activity;sid:83922831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059729)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.128.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059729/; classtype:trojan-activity;sid:83922829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059730)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.99.94"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059730/; classtype:trojan-activity;sid:83922830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.157.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059728/; classtype:trojan-activity;sid:83922828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059727)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.188.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059727/; classtype:trojan-activity;sid:83922827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.150.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059725/; classtype:trojan-activity;sid:83922825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.249.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059726/; classtype:trojan-activity;sid:83922826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.29.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059724/; classtype:trojan-activity;sid:83922824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.69.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059723/; classtype:trojan-activity;sid:83922823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.147.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059722/; classtype:trojan-activity;sid:83922822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.181.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059720/; classtype:trojan-activity;sid:83922820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.15.97"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059721/; classtype:trojan-activity;sid:83922821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.163.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059719/; classtype:trojan-activity;sid:83922819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.190.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059718/; classtype:trojan-activity;sid:83922818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.72.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059717/; classtype:trojan-activity;sid:83922817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.56.43.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059716/; classtype:trojan-activity;sid:83922816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.110.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059715/; classtype:trojan-activity;sid:83922815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059713)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.224.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059713/; classtype:trojan-activity;sid:83922813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059714)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.14.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059714/; classtype:trojan-activity;sid:83922814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059711)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.172.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059711/; classtype:trojan-activity;sid:83922811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059712)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.115.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059712/; classtype:trojan-activity;sid:83922812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.107.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059710/; classtype:trojan-activity;sid:83922810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.81.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059709/; classtype:trojan-activity;sid:83922809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.40.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059708/; classtype:trojan-activity;sid:83922808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.230.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059707/; classtype:trojan-activity;sid:83922807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.44.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_22; reference:url, urlhaus.abuse.ch/url/3059706/; classtype:trojan-activity;sid:83922806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059704)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.20.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059704/; classtype:trojan-activity;sid:83922804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.179.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059705/; classtype:trojan-activity;sid:83922805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.216.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059703/; classtype:trojan-activity;sid:83922803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.57.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059702/; classtype:trojan-activity;sid:83922802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059701)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.173.88.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059701/; classtype:trojan-activity;sid:83922801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.68.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059700/; classtype:trojan-activity;sid:83922800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059699)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.133.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059699/; classtype:trojan-activity;sid:83922799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.152.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059698/; classtype:trojan-activity;sid:83922798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.168.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059697/; classtype:trojan-activity;sid:83922797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.163.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059696/; classtype:trojan-activity;sid:83922796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059695)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"171.249.153.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059695/; classtype:trojan-activity;sid:83922795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.86.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059694/; classtype:trojan-activity;sid:83922794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.9.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059693/; classtype:trojan-activity;sid:83922793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.164.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059692/; classtype:trojan-activity;sid:83922792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.44.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059691/; classtype:trojan-activity;sid:83922791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059690)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.196.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059690/; classtype:trojan-activity;sid:83922790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.56.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059689/; classtype:trojan-activity;sid:83922789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.147.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059687/; classtype:trojan-activity;sid:83922787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059688)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.161.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059688/; classtype:trojan-activity;sid:83922788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.94.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059686/; classtype:trojan-activity;sid:83922786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.205.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059685/; classtype:trojan-activity;sid:83922785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.177.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059684/; classtype:trojan-activity;sid:83922784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.79.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059683/; classtype:trojan-activity;sid:83922783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.164.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059682/; classtype:trojan-activity;sid:83922782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.216.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059681/; classtype:trojan-activity;sid:83922781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.209.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059680/; classtype:trojan-activity;sid:83922780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.189.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059679/; classtype:trojan-activity;sid:83922779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059678)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.189.31.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059678/; classtype:trojan-activity;sid:83922778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059677)"; flow:established,from_client; content:"GET"; http_method; content:"/48055"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"xz.nimade.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059677/; classtype:trojan-activity;sid:83922777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059673)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mips"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"194.124.227.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059673/; classtype:trojan-activity;sid:83922773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059674)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.85.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059674/; classtype:trojan-activity;sid:83922774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059675)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.123.85.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059675/; classtype:trojan-activity;sid:83922775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059676)"; flow:established,from_client; content:"GET"; http_method; content:"/48055"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"198.98.59.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059676/; classtype:trojan-activity;sid:83922776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059668)"; flow:established,from_client; content:"GET"; http_method; content:"/586"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.238.235.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059668/; classtype:trojan-activity;sid:83922768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059669)"; flow:established,from_client; content:"GET"; http_method; content:"/co"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.238.235.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059669/; classtype:trojan-activity;sid:83922769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059670)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"93.123.85.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059670/; classtype:trojan-activity;sid:83922770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059671)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.armv5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5.253.246.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059671/; classtype:trojan-activity;sid:83922771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059672)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.168.173.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059672/; classtype:trojan-activity;sid:83922772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059662)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"95.214.27.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059662/; classtype:trojan-activity;sid:83922762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059663)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.i686"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"194.124.227.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059663/; classtype:trojan-activity;sid:83922763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059664)"; flow:established,from_client; content:"GET"; http_method; content:"/xi.arm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"209.141.58.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059664/; classtype:trojan-activity;sid:83922764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059665)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.123.85.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059665/; classtype:trojan-activity;sid:83922765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059666)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.238.235.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059666/; classtype:trojan-activity;sid:83922766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059667)"; flow:established,from_client; content:"GET"; http_method; content:"/arm61"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.238.235.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059667/; classtype:trojan-activity;sid:83922767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059659)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.238.235.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059659/; classtype:trojan-activity;sid:83922759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059660)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"194.124.227.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059660/; classtype:trojan-activity;sid:83922760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059661)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.56.212.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059661/; classtype:trojan-activity;sid:83922761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059653)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm6"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"194.124.227.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059653/; classtype:trojan-activity;sid:83922753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059654)"; flow:established,from_client; content:"GET"; http_method; content:"/dc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.238.235.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059654/; classtype:trojan-activity;sid:83922754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059655)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.238.235.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059655/; classtype:trojan-activity;sid:83922755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059656)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"85.239.34.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059656/; classtype:trojan-activity;sid:83922756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059657)"; flow:established,from_client; content:"GET"; http_method; content:"/stokers.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.17.42.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059657/; classtype:trojan-activity;sid:83922757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059658)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.11.149.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059658/; classtype:trojan-activity;sid:83922758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059649)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.123.85.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059649/; classtype:trojan-activity;sid:83922749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059650)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.56.212.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059650/; classtype:trojan-activity;sid:83922750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059651)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.189.31.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059651/; classtype:trojan-activity;sid:83922751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059652)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"162.33.179.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059652/; classtype:trojan-activity;sid:83922752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059643)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"85.239.34.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059643/; classtype:trojan-activity;sid:83922743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059644)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"93.123.85.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059644/; classtype:trojan-activity;sid:83922744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059645)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.85.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059645/; classtype:trojan-activity;sid:83922745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059646)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"85.239.34.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059646/; classtype:trojan-activity;sid:83922746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059647)"; flow:established,from_client; content:"GET"; http_method; content:"/.sm68k"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.128.232.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059647/; classtype:trojan-activity;sid:83922747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059648)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.128.232.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059648/; classtype:trojan-activity;sid:83922748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059640)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.i586"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.253.246.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059640/; classtype:trojan-activity;sid:83922740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059641)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"209.141.58.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059641/; classtype:trojan-activity;sid:83922741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059642)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.98.7.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059642/; classtype:trojan-activity;sid:83922742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059637)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"95.214.27.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059637/; classtype:trojan-activity;sid:83922737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059638)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"93.123.85.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059638/; classtype:trojan-activity;sid:83922738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059639)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sparc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"2.56.212.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059639/; classtype:trojan-activity;sid:83922739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059635)"; flow:established,from_client; content:"GET"; http_method; content:"/xi.sh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"209.141.58.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059635/; classtype:trojan-activity;sid:83922735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059636)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.67.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059636/; classtype:trojan-activity;sid:83922736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059630)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"93.123.85.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059630/; classtype:trojan-activity;sid:83922730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059631)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"162.33.179.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059631/; classtype:trojan-activity;sid:83922731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059632)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.98.7.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059632/; classtype:trojan-activity;sid:83922732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059633)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"95.214.27.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059633/; classtype:trojan-activity;sid:83922733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059634)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.56.212.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059634/; classtype:trojan-activity;sid:83922734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059626)"; flow:established,from_client; content:"GET"; http_method; content:"/dss"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.57.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059626/; classtype:trojan-activity;sid:83922726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059627)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"85.239.34.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059627/; classtype:trojan-activity;sid:83922727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059628)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.168.173.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059628/; classtype:trojan-activity;sid:83922728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059629)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.253.246.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059629/; classtype:trojan-activity;sid:83922729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059620)"; flow:established,from_client; content:"GET"; http_method; content:"/stokers.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.17.42.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059620/; classtype:trojan-activity;sid:83922720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059622)"; flow:established,from_client; content:"GET"; http_method; content:"/.sspc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.128.232.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059622/; classtype:trojan-activity;sid:83922722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059623)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"37.221.67.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059623/; classtype:trojan-activity;sid:83922723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059624)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.238.235.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059624/; classtype:trojan-activity;sid:83922724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059625)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.168.173.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059625/; classtype:trojan-activity;sid:83922725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059615)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.57.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059615/; classtype:trojan-activity;sid:83922715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059616)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.57.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059616/; classtype:trojan-activity;sid:83922716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059617)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.11.149.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059617/; classtype:trojan-activity;sid:83922717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059618)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.189.31.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059618/; classtype:trojan-activity;sid:83922718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059619)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.sparc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5.253.246.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059619/; classtype:trojan-activity;sid:83922719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059611)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm5n"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"95.214.27.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059611/; classtype:trojan-activity;sid:83922711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059612)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"37.221.67.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059612/; classtype:trojan-activity;sid:83922712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059613)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.57.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059613/; classtype:trojan-activity;sid:83922713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059614)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arc"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"194.124.227.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059614/; classtype:trojan-activity;sid:83922714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059609)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.67.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059609/; classtype:trojan-activity;sid:83922709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059610)"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.95.169.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059610/; classtype:trojan-activity;sid:83922710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059606)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"37.221.67.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059606/; classtype:trojan-activity;sid:83922706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059607)"; flow:established,from_client; content:"GET"; http_method; content:"/xi.x86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"209.141.58.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059607/; classtype:trojan-activity;sid:83922707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059608)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.armv4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5.253.246.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059608/; classtype:trojan-activity;sid:83922708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059603)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"85.239.34.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059603/; classtype:trojan-activity;sid:83922703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059604)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.11.149.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059604/; classtype:trojan-activity;sid:83922704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059605)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"95.214.27.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059605/; classtype:trojan-activity;sid:83922705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059601)"; flow:established,from_client; content:"GET"; http_method; content:"/stokers.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.17.42.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059601/; classtype:trojan-activity;sid:83922701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059602)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.98.7.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059602/; classtype:trojan-activity;sid:83922702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059599)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.98.7.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059599/; classtype:trojan-activity;sid:83922699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059600)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"85.239.34.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059600/; classtype:trojan-activity;sid:83922700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059594)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.spc"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"194.124.227.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059594/; classtype:trojan-activity;sid:83922694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059595)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"2.56.212.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059595/; classtype:trojan-activity;sid:83922695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059596)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.189.31.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059596/; classtype:trojan-activity;sid:83922696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059597)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.95.169.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059597/; classtype:trojan-activity;sid:83922697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059589)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"37.221.67.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059589/; classtype:trojan-activity;sid:83922689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059590)"; flow:established,from_client; content:"GET"; http_method; content:"/xi.x86_64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"209.141.58.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059590/; classtype:trojan-activity;sid:83922690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059591)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.168.173.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059591/; classtype:trojan-activity;sid:83922691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059592)"; flow:established,from_client; content:"GET"; http_method; content:"/xi.arm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"209.141.58.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059592/; classtype:trojan-activity;sid:83922692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059593)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"85.239.34.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059593/; classtype:trojan-activity;sid:83922693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059586)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pm68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"162.33.179.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059586/; classtype:trojan-activity;sid:83922686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059587)"; flow:established,from_client; content:"GET"; http_method; content:"/dss"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.238.235.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059587/; classtype:trojan-activity;sid:83922687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059588)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"93.123.85.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059588/; classtype:trojan-activity;sid:83922688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059584)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.238.235.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059584/; classtype:trojan-activity;sid:83922684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059585)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.238.235.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059585/; classtype:trojan-activity;sid:83922685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059581)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.85.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059581/; classtype:trojan-activity;sid:83922681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059582)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"141.98.7.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059582/; classtype:trojan-activity;sid:83922682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059583)"; flow:established,from_client; content:"GET"; http_method; content:"/stokers.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.17.42.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059583/; classtype:trojan-activity;sid:83922683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059575)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm5"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"194.124.227.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059575/; classtype:trojan-activity;sid:83922675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059576)"; flow:established,from_client; content:"GET"; http_method; content:"/stokers.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.17.42.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059576/; classtype:trojan-activity;sid:83922676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059577)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.168.173.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059577/; classtype:trojan-activity;sid:83922677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059578)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"93.123.85.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059578/; classtype:trojan-activity;sid:83922678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059579)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.56.212.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059579/; classtype:trojan-activity;sid:83922679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059580)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"95.214.27.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059580/; classtype:trojan-activity;sid:83922680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059571)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.11.149.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059571/; classtype:trojan-activity;sid:83922671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059572)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"162.33.179.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059572/; classtype:trojan-activity;sid:83922672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059573)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.11.149.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059573/; classtype:trojan-activity;sid:83922673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059574)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.98.7.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059574/; classtype:trojan-activity;sid:83922674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059565)"; flow:established,from_client; content:"GET"; http_method; content:"/stokers.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.17.42.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059565/; classtype:trojan-activity;sid:83922665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059566)"; flow:established,from_client; content:"GET"; http_method; content:"/stokers.i586"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.17.42.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059566/; classtype:trojan-activity;sid:83922666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059567)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.27.62.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059567/; classtype:trojan-activity;sid:83922667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059568)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.253.246.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059568/; classtype:trojan-activity;sid:83922668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059569)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.123.85.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059569/; classtype:trojan-activity;sid:83922669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059570)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.x86"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"147.78.103.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059570/; classtype:trojan-activity;sid:83922670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059563)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.128.232.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059563/; classtype:trojan-activity;sid:83922663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059564)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.156.67.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059564/; classtype:trojan-activity;sid:83922664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059559)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.67.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059559/; classtype:trojan-activity;sid:83922659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059560)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"37.221.67.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059560/; classtype:trojan-activity;sid:83922660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059561)"; flow:established,from_client; content:"GET"; http_method; content:"/pftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.95.169.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059561/; classtype:trojan-activity;sid:83922661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059562)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.128.232.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059562/; classtype:trojan-activity;sid:83922662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059557)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.98.7.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059557/; classtype:trojan-activity;sid:83922657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059558)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.56.212.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059558/; classtype:trojan-activity;sid:83922658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059555)"; flow:established,from_client; content:"GET"; http_method; content:"/.sx86"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.128.232.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059555/; classtype:trojan-activity;sid:83922655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059556)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.11.149.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059556/; classtype:trojan-activity;sid:83922656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059550)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"93.123.85.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059550/; classtype:trojan-activity;sid:83922650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059551)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.189.31.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059551/; classtype:trojan-activity;sid:83922651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059552)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"162.33.179.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059552/; classtype:trojan-activity;sid:83922652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059553)"; flow:established,from_client; content:"GET"; http_method; content:"/xi.m68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"209.141.58.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059553/; classtype:trojan-activity;sid:83922653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059554)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.189.31.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059554/; classtype:trojan-activity;sid:83922654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059548)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.85.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059548/; classtype:trojan-activity;sid:83922648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059549)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.armv6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5.253.246.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059549/; classtype:trojan-activity;sid:83922649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059544)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.95.169.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059544/; classtype:trojan-activity;sid:83922644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059545)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"85.239.34.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059545/; classtype:trojan-activity;sid:83922645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059547)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm7"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"194.124.227.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059547/; classtype:trojan-activity;sid:83922647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059541)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"194.124.227.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059541/; classtype:trojan-activity;sid:83922641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059542)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"209.141.57.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059542/; classtype:trojan-activity;sid:83922642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059543)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"162.33.179.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059543/; classtype:trojan-activity;sid:83922643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059534)"; flow:established,from_client; content:"GET"; http_method; content:"/.sx86_64"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.128.232.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059534/; classtype:trojan-activity;sid:83922634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059535)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.98.7.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059535/; classtype:trojan-activity;sid:83922635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059536)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"141.98.7.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059536/; classtype:trojan-activity;sid:83922636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059537)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.168.173.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059537/; classtype:trojan-activity;sid:83922637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059538)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.156.67.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059538/; classtype:trojan-activity;sid:83922638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059539)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.189.31.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059539/; classtype:trojan-activity;sid:83922639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059540)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.95.169.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059540/; classtype:trojan-activity;sid:83922640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059527)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.sh4"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"194.124.227.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059527/; classtype:trojan-activity;sid:83922627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059528)"; flow:established,from_client; content:"GET"; http_method; content:"/stokers.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.17.42.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059528/; classtype:trojan-activity;sid:83922628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059529)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.56.212.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059529/; classtype:trojan-activity;sid:83922629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059530)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.189.31.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059530/; classtype:trojan-activity;sid:83922630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.21.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059531/; classtype:trojan-activity;sid:83922631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059532)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"2.56.212.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059532/; classtype:trojan-activity;sid:83922632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059533)"; flow:established,from_client; content:"GET"; http_method; content:"/apache2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.95.169.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059533/; classtype:trojan-activity;sid:83922633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.193.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059522/; classtype:trojan-activity;sid:83922622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059523)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.168.173.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059523/; classtype:trojan-activity;sid:83922623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059524)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.axis"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"149.50.116.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059524/; classtype:trojan-activity;sid:83922624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059525)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"141.98.7.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059525/; classtype:trojan-activity;sid:83922625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059526)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.95.169.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059526/; classtype:trojan-activity;sid:83922626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059518)"; flow:established,from_client; content:"GET"; http_method; content:"/xi.mips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"209.141.58.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059518/; classtype:trojan-activity;sid:83922618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059519)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.123.85.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059519/; classtype:trojan-activity;sid:83922619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059520)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.67.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059520/; classtype:trojan-activity;sid:83922620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059521)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.168.173.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059521/; classtype:trojan-activity;sid:83922621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059513)"; flow:established,from_client; content:"GET"; http_method; content:"/xi.arm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"209.141.58.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059513/; classtype:trojan-activity;sid:83922613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059514)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.67.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059514/; classtype:trojan-activity;sid:83922614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059515)"; flow:established,from_client; content:"GET"; http_method; content:"/openssh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.95.169.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059515/; classtype:trojan-activity;sid:83922615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059516)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.85.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059516/; classtype:trojan-activity;sid:83922616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059517)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.156.67.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059517/; classtype:trojan-activity;sid:83922617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059509)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"85.239.34.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059509/; classtype:trojan-activity;sid:83922609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059510)"; flow:established,from_client; content:"GET"; http_method; content:"/xi.arm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"209.141.58.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059510/; classtype:trojan-activity;sid:83922610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059511)"; flow:established,from_client; content:"GET"; http_method; content:"/wget"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.95.169.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059511/; classtype:trojan-activity;sid:83922611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059512)"; flow:established,from_client; content:"GET"; http_method; content:"/stokers.sparc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"46.17.42.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059512/; classtype:trojan-activity;sid:83922612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059503)"; flow:established,from_client; content:"GET"; http_method; content:"/nginx_mpel"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"204.93.201.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059503/; classtype:trojan-activity;sid:83922603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059504)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.67.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059504/; classtype:trojan-activity;sid:83922604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059505)"; flow:established,from_client; content:"GET"; http_method; content:"/xi.mpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"209.141.58.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059505/; classtype:trojan-activity;sid:83922605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059506)"; flow:established,from_client; content:"GET"; http_method; content:"/xi.ppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"209.141.58.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059506/; classtype:trojan-activity;sid:83922606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059507)"; flow:established,from_client; content:"GET"; http_method; content:"/nginx_nap"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"204.93.201.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059507/; classtype:trojan-activity;sid:83922607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059508)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.67.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059508/; classtype:trojan-activity;sid:83922608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059497)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"2.56.212.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059497/; classtype:trojan-activity;sid:83922597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059498)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.33.179.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059498/; classtype:trojan-activity;sid:83922598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059499)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"37.221.67.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059499/; classtype:trojan-activity;sid:83922599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059500)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.168.173.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059500/; classtype:trojan-activity;sid:83922600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059501)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"141.98.7.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059501/; classtype:trojan-activity;sid:83922601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059502)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"93.123.85.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059502/; classtype:trojan-activity;sid:83922602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059496)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.123.85.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059496/; classtype:trojan-activity;sid:83922596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059489)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.253.246.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059489/; classtype:trojan-activity;sid:83922589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059490)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.168.173.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059490/; classtype:trojan-activity;sid:83922590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059491)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mpsl"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"194.124.227.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059491/; classtype:trojan-activity;sid:83922591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059492)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.11.149.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059492/; classtype:trojan-activity;sid:83922592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059493)"; flow:established,from_client; content:"GET"; http_method; content:"/stokers.arm4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.17.42.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059493/; classtype:trojan-activity;sid:83922593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059494)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.168.173.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059494/; classtype:trojan-activity;sid:83922594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059495)"; flow:established,from_client; content:"GET"; http_method; content:"/arm61"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"209.141.57.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059495/; classtype:trojan-activity;sid:83922595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059483)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.27.62.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059483/; classtype:trojan-activity;sid:83922583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059484)"; flow:established,from_client; content:"GET"; http_method; content:"/stokers.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.17.42.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059484/; classtype:trojan-activity;sid:83922584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059485)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.95.169.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059485/; classtype:trojan-activity;sid:83922585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059486)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.168.173.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059486/; classtype:trojan-activity;sid:83922586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059487)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.98.7.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059487/; classtype:trojan-activity;sid:83922587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059488)"; flow:established,from_client; content:"GET"; http_method; content:"/co"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"209.141.57.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059488/; classtype:trojan-activity;sid:83922588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059481)"; flow:established,from_client; content:"GET"; http_method; content:"/nginx_p"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"204.93.201.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059481/; classtype:trojan-activity;sid:83922581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.93.109.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059482/; classtype:trojan-activity;sid:83922582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059478)"; flow:established,from_client; content:"GET"; http_method; content:"/nginx_86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"204.93.201.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059478/; classtype:trojan-activity;sid:83922578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059479)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"93.123.85.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059479/; classtype:trojan-activity;sid:83922579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059480)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.189.31.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059480/; classtype:trojan-activity;sid:83922580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059475)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.156.67.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059475/; classtype:trojan-activity;sid:83922575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059476)"; flow:established,from_client; content:"GET"; http_method; content:"/ntpd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.95.169.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059476/; classtype:trojan-activity;sid:83922576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059477)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.253.246.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059477/; classtype:trojan-activity;sid:83922577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059464)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"37.221.67.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059464/; classtype:trojan-activity;sid:83922564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059465)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"37.221.67.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059465/; classtype:trojan-activity;sid:83922565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059466)"; flow:established,from_client; content:"GET"; http_method; content:"/.ssh4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.128.232.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059466/; classtype:trojan-activity;sid:83922566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059467)"; flow:established,from_client; content:"GET"; http_method; content:"/.smpsl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.128.232.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059467/; classtype:trojan-activity;sid:83922567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059468)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"95.214.27.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059468/; classtype:trojan-activity;sid:83922568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059469)"; flow:established,from_client; content:"GET"; http_method; content:"/.smips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.128.232.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059469/; classtype:trojan-activity;sid:83922569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059470)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.253.246.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059470/; classtype:trojan-activity;sid:83922570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059471)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.253.246.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059471/; classtype:trojan-activity;sid:83922571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059472)"; flow:established,from_client; content:"GET"; http_method; content:"/586"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.57.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059472/; classtype:trojan-activity;sid:83922572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059473)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.253.246.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059473/; classtype:trojan-activity;sid:83922573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059474)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.189.31.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059474/; classtype:trojan-activity;sid:83922574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059462)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.sparc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"37.221.67.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059462/; classtype:trojan-activity;sid:83922562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059463)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.57.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059463/; classtype:trojan-activity;sid:83922563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059461)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.189.31.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059461/; classtype:trojan-activity;sid:83922561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059453)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"141.98.7.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059453/; classtype:trojan-activity;sid:83922553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059454)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"2.56.212.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059454/; classtype:trojan-activity;sid:83922554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059455)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.123.85.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059455/; classtype:trojan-activity;sid:83922555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059456)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.85.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059456/; classtype:trojan-activity;sid:83922556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059457)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.123.85.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059457/; classtype:trojan-activity;sid:83922557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059458)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.m68k"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"194.124.227.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059458/; classtype:trojan-activity;sid:83922558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059459)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"2.56.212.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059459/; classtype:trojan-activity;sid:83922559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059460)"; flow:established,from_client; content:"GET"; http_method; content:"/xi.spc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"209.141.58.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059460/; classtype:trojan-activity;sid:83922560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059451)"; flow:established,from_client; content:"GET"; http_method; content:"/main"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.44.25.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059451/; classtype:trojan-activity;sid:83922551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059446)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.11.149.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059446/; classtype:trojan-activity;sid:83922546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059447)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.11.149.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059447/; classtype:trojan-activity;sid:83922547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059448)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.11.149.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059448/; classtype:trojan-activity;sid:83922548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059449)"; flow:established,from_client; content:"GET"; http_method; content:"/p.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"104.218.236.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059449/; classtype:trojan-activity;sid:83922549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059440)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.95.169.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059440/; classtype:trojan-activity;sid:83922540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059441)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"147.78.103.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059441/; classtype:trojan-activity;sid:83922541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059442)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"147.78.103.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059442/; classtype:trojan-activity;sid:83922542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059443)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.95.169.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059443/; classtype:trojan-activity;sid:83922543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059444)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"147.78.103.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059444/; classtype:trojan-activity;sid:83922544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059445)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"104.218.235.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059445/; classtype:trojan-activity;sid:83922545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059435)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"147.78.103.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059435/; classtype:trojan-activity;sid:83922535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059436)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.sparc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.95.169.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059436/; classtype:trojan-activity;sid:83922536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059437)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"147.78.103.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059437/; classtype:trojan-activity;sid:83922537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059438)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"147.78.103.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059438/; classtype:trojan-activity;sid:83922538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059439)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.95.169.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059439/; classtype:trojan-activity;sid:83922539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059427)"; flow:established,from_client; content:"GET"; http_method; content:"/lc2"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.32.8.100"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059427/; classtype:trojan-activity;sid:83922527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059428)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.196.10.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059428/; classtype:trojan-activity;sid:83922528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059429)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpcx440fp"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"147.78.103.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059429/; classtype:trojan-activity;sid:83922529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059430)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"147.78.103.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059430/; classtype:trojan-activity;sid:83922530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059431)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"147.78.103.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059431/; classtype:trojan-activity;sid:83922531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059432)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"147.78.103.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059432/; classtype:trojan-activity;sid:83922532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059433)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"147.78.103.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059433/; classtype:trojan-activity;sid:83922533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059434)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"147.78.103.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059434/; classtype:trojan-activity;sid:83922534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059425)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.196.10.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059425/; classtype:trojan-activity;sid:83922525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059426)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.196.10.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059426/; classtype:trojan-activity;sid:83922526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059423)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.95.169.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059423/; classtype:trojan-activity;sid:83922523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059424)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.196.10.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059424/; classtype:trojan-activity;sid:83922524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059422)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"158.69.129.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059422/; classtype:trojan-activity;sid:83922522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059419)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.84.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059419/; classtype:trojan-activity;sid:83922519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059420)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.101.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059420/; classtype:trojan-activity;sid:83922520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059421)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.87.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059421/; classtype:trojan-activity;sid:83922521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.241.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059417/; classtype:trojan-activity;sid:83922517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059418)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.138.137.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059418/; classtype:trojan-activity;sid:83922518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.9.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059416/; classtype:trojan-activity;sid:83922516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.86.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059415/; classtype:trojan-activity;sid:83922515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.34.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059413/; classtype:trojan-activity;sid:83922513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.168.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059414/; classtype:trojan-activity;sid:83922514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.218.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059411/; classtype:trojan-activity;sid:83922511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.165.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059412/; classtype:trojan-activity;sid:83922512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.41.138.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059409/; classtype:trojan-activity;sid:83922509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.255.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059410/; classtype:trojan-activity;sid:83922510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.56.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059408/; classtype:trojan-activity;sid:83922508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.193.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059407/; classtype:trojan-activity;sid:83922507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.122.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059406/; classtype:trojan-activity;sid:83922506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.80.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059405/; classtype:trojan-activity;sid:83922505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.28.147"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059404/; classtype:trojan-activity;sid:83922504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059403)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.202.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059403/; classtype:trojan-activity;sid:83922503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.80.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059402/; classtype:trojan-activity;sid:83922502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.93.109.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059401/; classtype:trojan-activity;sid:83922501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.177.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059400/; classtype:trojan-activity;sid:83922500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.209.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059399/; classtype:trojan-activity;sid:83922499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.66.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059398/; classtype:trojan-activity;sid:83922498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.77.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059397/; classtype:trojan-activity;sid:83922497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.32.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059396/; classtype:trojan-activity;sid:83922496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.241.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059395/; classtype:trojan-activity;sid:83922495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.79.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059393/; classtype:trojan-activity;sid:83922493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.21.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059394/; classtype:trojan-activity;sid:83922494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.218.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059392/; classtype:trojan-activity;sid:83922492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059391)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.205.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059391/; classtype:trojan-activity;sid:83922491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059390)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.172.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059390/; classtype:trojan-activity;sid:83922490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059388)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.178.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059388/; classtype:trojan-activity;sid:83922488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059389)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.119.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059389/; classtype:trojan-activity;sid:83922489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.138.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059387/; classtype:trojan-activity;sid:83922487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.120.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059386/; classtype:trojan-activity;sid:83922486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.12.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059385/; classtype:trojan-activity;sid:83922485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.122.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059384/; classtype:trojan-activity;sid:83922484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.255.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059383/; classtype:trojan-activity;sid:83922483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.105.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059382/; classtype:trojan-activity;sid:83922482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.129.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059381/; classtype:trojan-activity;sid:83922481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059379)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.134.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059379/; classtype:trojan-activity;sid:83922479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059380)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.107.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059380/; classtype:trojan-activity;sid:83922480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.172.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059378/; classtype:trojan-activity;sid:83922478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059376)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.208.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059376/; classtype:trojan-activity;sid:83922476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059377)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.86.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059377/; classtype:trojan-activity;sid:83922477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.80.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059375/; classtype:trojan-activity;sid:83922475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.66.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059374/; classtype:trojan-activity;sid:83922474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.32.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059373/; classtype:trojan-activity;sid:83922473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.38.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059372/; classtype:trojan-activity;sid:83922472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.65.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059371/; classtype:trojan-activity;sid:83922471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.89.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059370/; classtype:trojan-activity;sid:83922470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.172.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059369/; classtype:trojan-activity;sid:83922469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.138.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059368/; classtype:trojan-activity;sid:83922468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059367)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.47.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059367/; classtype:trojan-activity;sid:83922467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.2.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059366/; classtype:trojan-activity;sid:83922466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.120.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059363/; classtype:trojan-activity;sid:83922463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059364)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.65.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059364/; classtype:trojan-activity;sid:83922464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.193.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059365/; classtype:trojan-activity;sid:83922465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.215.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059361/; classtype:trojan-activity;sid:83922461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059362)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.93.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059362/; classtype:trojan-activity;sid:83922462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.193.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059360/; classtype:trojan-activity;sid:83922460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.12.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059359/; classtype:trojan-activity;sid:83922459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.201.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059358/; classtype:trojan-activity;sid:83922458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.129.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059357/; classtype:trojan-activity;sid:83922457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.106.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059356/; classtype:trojan-activity;sid:83922456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.71.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059355/; classtype:trojan-activity;sid:83922455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059354)"; flow:established,from_client; content:"GET"; http_method; content:"/doc869877400_678949085|3f|hash=kqfvkjehoknoofds4ukd2gbjkg9yjmiamdphqlh4vpp|7c|26|7c|dl=5f3ibyfktz50cfnykzqiqcjekyflnl09w1uxznubsss|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059354/; classtype:trojan-activity;sid:83922454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059353)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.138.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059353/; classtype:trojan-activity;sid:83922453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.215.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059352/; classtype:trojan-activity;sid:83922452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.25.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059351/; classtype:trojan-activity;sid:83922451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059349)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.172.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059349/; classtype:trojan-activity;sid:83922449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.83.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059350/; classtype:trojan-activity;sid:83922450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.153.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059348/; classtype:trojan-activity;sid:83922448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.175.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059347/; classtype:trojan-activity;sid:83922447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.92.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059346/; classtype:trojan-activity;sid:83922446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.193.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059345/; classtype:trojan-activity;sid:83922445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059344)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.255.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059344/; classtype:trojan-activity;sid:83922444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059343)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.129.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059343/; classtype:trojan-activity;sid:83922443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059341)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.229.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059341/; classtype:trojan-activity;sid:83922441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059342)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.160.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059342/; classtype:trojan-activity;sid:83922442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.144.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059340/; classtype:trojan-activity;sid:83922440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.178.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059339/; classtype:trojan-activity;sid:83922439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.201.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059338/; classtype:trojan-activity;sid:83922438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059337)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.189.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059337/; classtype:trojan-activity;sid:83922437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.27.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059336/; classtype:trojan-activity;sid:83922436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.175.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059335/; classtype:trojan-activity;sid:83922435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059331)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.139.104.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059331/; classtype:trojan-activity;sid:83922431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059332)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.139.104.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059332/; classtype:trojan-activity;sid:83922432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059333)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.139.104.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059333/; classtype:trojan-activity;sid:83922433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059334)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.139.104.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059334/; classtype:trojan-activity;sid:83922434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059326)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.139.104.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059326/; classtype:trojan-activity;sid:83922426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059327)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.139.104.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059327/; classtype:trojan-activity;sid:83922427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059328)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.139.104.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059328/; classtype:trojan-activity;sid:83922428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059329)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.139.104.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059329/; classtype:trojan-activity;sid:83922429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059330)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.139.104.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059330/; classtype:trojan-activity;sid:83922430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.138.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059325/; classtype:trojan-activity;sid:83922425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059322)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.139.104.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059322/; classtype:trojan-activity;sid:83922422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059323)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.139.104.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059323/; classtype:trojan-activity;sid:83922423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059324)"; flow:established,from_client; content:"GET"; http_method; content:"/sensi.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.139.104.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059324/; classtype:trojan-activity;sid:83922424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.233.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059321/; classtype:trojan-activity;sid:83922421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059317)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.61.218.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059317/; classtype:trojan-activity;sid:83922417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059318)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.55.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059318/; classtype:trojan-activity;sid:83922418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059319)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.222.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059319/; classtype:trojan-activity;sid:83922419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.8.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059320/; classtype:trojan-activity;sid:83922420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.137.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059316/; classtype:trojan-activity;sid:83922416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.146.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059315/; classtype:trojan-activity;sid:83922415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"206.85.167.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059314/; classtype:trojan-activity;sid:83922414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.140.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059313/; classtype:trojan-activity;sid:83922413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.25.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059312/; classtype:trojan-activity;sid:83922412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.195.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059311/; classtype:trojan-activity;sid:83922411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.92.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059310/; classtype:trojan-activity;sid:83922410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.52.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059309/; classtype:trojan-activity;sid:83922409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.198.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059308/; classtype:trojan-activity;sid:83922408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059307)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.188.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059307/; classtype:trojan-activity;sid:83922407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059305)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.80.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059305/; classtype:trojan-activity;sid:83922405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059306)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.19.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059306/; classtype:trojan-activity;sid:83922406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.214.34.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059304/; classtype:trojan-activity;sid:83922404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.27.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059303/; classtype:trojan-activity;sid:83922403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.146.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059302/; classtype:trojan-activity;sid:83922402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.242.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059301/; classtype:trojan-activity;sid:83922401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.126.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059300/; classtype:trojan-activity;sid:83922400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.199.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059299/; classtype:trojan-activity;sid:83922399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.9.224"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059297/; classtype:trojan-activity;sid:83922397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.50.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059298/; classtype:trojan-activity;sid:83922398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.119.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059296/; classtype:trojan-activity;sid:83922396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059295)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.191.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059295/; classtype:trojan-activity;sid:83922395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059294)"; flow:established,from_client; content:"GET"; http_method; content:"/s/jvktcsf5ypoak5aucs6fn6noqgga/crowdstrikesupport/update.zip|3f|download=1"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"link.storjshare.io"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059294/; classtype:trojan-activity;sid:83922394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059293)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.174.238.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059293/; classtype:trojan-activity;sid:83922393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059292)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.241.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059292/; classtype:trojan-activity;sid:83922392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059290)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.212.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059290/; classtype:trojan-activity;sid:83922390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059291)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"159.242.36.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059291/; classtype:trojan-activity;sid:83922391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.173.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059289/; classtype:trojan-activity;sid:83922389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059288)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.254.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059288/; classtype:trojan-activity;sid:83922388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059287)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.126.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059287/; classtype:trojan-activity;sid:83922387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059285)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.41.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059285/; classtype:trojan-activity;sid:83922385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059286)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.173.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059286/; classtype:trojan-activity;sid:83922386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.178.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059284/; classtype:trojan-activity;sid:83922384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059283)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.170.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059283/; classtype:trojan-activity;sid:83922383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.137.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059280/; classtype:trojan-activity;sid:83922380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"206.85.167.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059281/; classtype:trojan-activity;sid:83922381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059282)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.190.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059282/; classtype:trojan-activity;sid:83922382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059279/; classtype:trojan-activity;sid:83922379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059278)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.87.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059278/; classtype:trojan-activity;sid:83922378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.140.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059277/; classtype:trojan-activity;sid:83922377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.191.82.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059276/; classtype:trojan-activity;sid:83922376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.140.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059275/; classtype:trojan-activity;sid:83922375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.168.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059274/; classtype:trojan-activity;sid:83922374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.170.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059273/; classtype:trojan-activity;sid:83922373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059272)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.139.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059272/; classtype:trojan-activity;sid:83922372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.199.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059271/; classtype:trojan-activity;sid:83922371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.195.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059270/; classtype:trojan-activity;sid:83922370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.214.34.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059269/; classtype:trojan-activity;sid:83922369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.118.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059268/; classtype:trojan-activity;sid:83922368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.208.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059267/; classtype:trojan-activity;sid:83922367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.248.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059266/; classtype:trojan-activity;sid:83922366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059265)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.248.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059265/; classtype:trojan-activity;sid:83922365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.41.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059264/; classtype:trojan-activity;sid:83922364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.101.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059263/; classtype:trojan-activity;sid:83922363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.134.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059262/; classtype:trojan-activity;sid:83922362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.126.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059261/; classtype:trojan-activity;sid:83922361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.242.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059260/; classtype:trojan-activity;sid:83922360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.7.144"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059259/; classtype:trojan-activity;sid:83922359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.165.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059258/; classtype:trojan-activity;sid:83922358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.119.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059256/; classtype:trojan-activity;sid:83922356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.50.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059257/; classtype:trojan-activity;sid:83922357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059255)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.42.49.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059255/; classtype:trojan-activity;sid:83922355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.223.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059254/; classtype:trojan-activity;sid:83922354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.213.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059253/; classtype:trojan-activity;sid:83922353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.173.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059252/; classtype:trojan-activity;sid:83922352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.223.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059251/; classtype:trojan-activity;sid:83922351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059250)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.133.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059250/; classtype:trojan-activity;sid:83922350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.55.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059249/; classtype:trojan-activity;sid:83922349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059246)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.55.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059246/; classtype:trojan-activity;sid:83922346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059247)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.94.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059247/; classtype:trojan-activity;sid:83922347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059248)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.232.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059248/; classtype:trojan-activity;sid:83922348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.101.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059245/; classtype:trojan-activity;sid:83922345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.95.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059244/; classtype:trojan-activity;sid:83922344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.140.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059243/; classtype:trojan-activity;sid:83922343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.148.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059242/; classtype:trojan-activity;sid:83922342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.168.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059241/; classtype:trojan-activity;sid:83922341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.215.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059240/; classtype:trojan-activity;sid:83922340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.170.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059239/; classtype:trojan-activity;sid:83922339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.199.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059238/; classtype:trojan-activity;sid:83922338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.189.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059237/; classtype:trojan-activity;sid:83922337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.70.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059236/; classtype:trojan-activity;sid:83922336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.20.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059235/; classtype:trojan-activity;sid:83922335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.34.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059234/; classtype:trojan-activity;sid:83922334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.208.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059233/; classtype:trojan-activity;sid:83922333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059232)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.239.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059232/; classtype:trojan-activity;sid:83922332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059231)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059231/; classtype:trojan-activity;sid:83922331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059228)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.150.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059228/; classtype:trojan-activity;sid:83922328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.127.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059229/; classtype:trojan-activity;sid:83922329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059230)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.227.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059230/; classtype:trojan-activity;sid:83922330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.134.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059227/; classtype:trojan-activity;sid:83922327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.255.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059226/; classtype:trojan-activity;sid:83922326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.17.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059225/; classtype:trojan-activity;sid:83922325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.12.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059224/; classtype:trojan-activity;sid:83922324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.128.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059222/; classtype:trojan-activity;sid:83922322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.253.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059223/; classtype:trojan-activity;sid:83922323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.7.144"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059221/; classtype:trojan-activity;sid:83922321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.214.224.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059220/; classtype:trojan-activity;sid:83922320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.249.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059217/; classtype:trojan-activity;sid:83922317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.213.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059218/; classtype:trojan-activity;sid:83922318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059219/; classtype:trojan-activity;sid:83922319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.4.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059216/; classtype:trojan-activity;sid:83922316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.243.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059215/; classtype:trojan-activity;sid:83922315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.212.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059214/; classtype:trojan-activity;sid:83922314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.95.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059213/; classtype:trojan-activity;sid:83922313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059212)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059212/; classtype:trojan-activity;sid:83922312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059211)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.201.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059211/; classtype:trojan-activity;sid:83922311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.189.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059210/; classtype:trojan-activity;sid:83922310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.206.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059209/; classtype:trojan-activity;sid:83922309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.17.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059208/; classtype:trojan-activity;sid:83922308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.228.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059206/; classtype:trojan-activity;sid:83922306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.1.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059207/; classtype:trojan-activity;sid:83922307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059205)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.63.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059205/; classtype:trojan-activity;sid:83922305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059204)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.220.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059204/; classtype:trojan-activity;sid:83922304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.218.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059203/; classtype:trojan-activity;sid:83922303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.224.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059202/; classtype:trojan-activity;sid:83922302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.243.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059201/; classtype:trojan-activity;sid:83922301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.9.224"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059200/; classtype:trojan-activity;sid:83922300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.70.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059199/; classtype:trojan-activity;sid:83922299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.34.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059198/; classtype:trojan-activity;sid:83922298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.249.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059196/; classtype:trojan-activity;sid:83922296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.233.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059197/; classtype:trojan-activity;sid:83922297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059195)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.190.227.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059195/; classtype:trojan-activity;sid:83922295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.181.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059194/; classtype:trojan-activity;sid:83922294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.238.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059193/; classtype:trojan-activity;sid:83922293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.26.211"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059192/; classtype:trojan-activity;sid:83922292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.206.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059191/; classtype:trojan-activity;sid:83922291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.189.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059190/; classtype:trojan-activity;sid:83922290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.27.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059188/; classtype:trojan-activity;sid:83922288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.87.125"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059189/; classtype:trojan-activity;sid:83922289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.1.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059187/; classtype:trojan-activity;sid:83922287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.34.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059186/; classtype:trojan-activity;sid:83922286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.218.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059185/; classtype:trojan-activity;sid:83922285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.89.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059184/; classtype:trojan-activity;sid:83922284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059182)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.233.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059182/; classtype:trojan-activity;sid:83922282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.122.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059183/; classtype:trojan-activity;sid:83922283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059181)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.159.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059181/; classtype:trojan-activity;sid:83922281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.133.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059178/; classtype:trojan-activity;sid:83922278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059179)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.164.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059179/; classtype:trojan-activity;sid:83922279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059180)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.71.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059180/; classtype:trojan-activity;sid:83922280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.57.166.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059177/; classtype:trojan-activity;sid:83922277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059176)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.184.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059176/; classtype:trojan-activity;sid:83922276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.166.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059175/; classtype:trojan-activity;sid:83922275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.96.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059174/; classtype:trojan-activity;sid:83922274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.150.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059173/; classtype:trojan-activity;sid:83922273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.91.151"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059172/; classtype:trojan-activity;sid:83922272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.8.66"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059171/; classtype:trojan-activity;sid:83922271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059170/; classtype:trojan-activity;sid:83922270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059168)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.38.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059168/; classtype:trojan-activity;sid:83922268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.22.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059169/; classtype:trojan-activity;sid:83922269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.138.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059167/; classtype:trojan-activity;sid:83922267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059165)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.137.248.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059165/; classtype:trojan-activity;sid:83922265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059166)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.81.87.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059166/; classtype:trojan-activity;sid:83922266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059164)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.76.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059164/; classtype:trojan-activity;sid:83922264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059163)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.169.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059163/; classtype:trojan-activity;sid:83922263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.77.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059162/; classtype:trojan-activity;sid:83922262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.205.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059161/; classtype:trojan-activity;sid:83922261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.220.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059160/; classtype:trojan-activity;sid:83922260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.189.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059159/; classtype:trojan-activity;sid:83922259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.27.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059158/; classtype:trojan-activity;sid:83922258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.49.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059156/; classtype:trojan-activity;sid:83922256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.35.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059157/; classtype:trojan-activity;sid:83922257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.184.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059155/; classtype:trojan-activity;sid:83922255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059154)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.58.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059154/; classtype:trojan-activity;sid:83922254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059152)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.76.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059152/; classtype:trojan-activity;sid:83922252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059153)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.231.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059153/; classtype:trojan-activity;sid:83922253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.253.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059151/; classtype:trojan-activity;sid:83922251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059150)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.152.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059150/; classtype:trojan-activity;sid:83922250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059148)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.113.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059148/; classtype:trojan-activity;sid:83922248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059149)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.79.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059149/; classtype:trojan-activity;sid:83922249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.159.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059147/; classtype:trojan-activity;sid:83922247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"172.95.161.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059146/; classtype:trojan-activity;sid:83922246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.127.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059145/; classtype:trojan-activity;sid:83922245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.96.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059144/; classtype:trojan-activity;sid:83922244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.91.151"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059143/; classtype:trojan-activity;sid:83922243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.150.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059142/; classtype:trojan-activity;sid:83922242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.206.243.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059141/; classtype:trojan-activity;sid:83922241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.215.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059140/; classtype:trojan-activity;sid:83922240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059139/; classtype:trojan-activity;sid:83922239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.237.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059138/; classtype:trojan-activity;sid:83922238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059137)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.168.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059137/; classtype:trojan-activity;sid:83922237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059136/; classtype:trojan-activity;sid:83922236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.193.204.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059135/; classtype:trojan-activity;sid:83922235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.220.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059134/; classtype:trojan-activity;sid:83922234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.35.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059133/; classtype:trojan-activity;sid:83922233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"172.95.161.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059132/; classtype:trojan-activity;sid:83922232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.88.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059131/; classtype:trojan-activity;sid:83922231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.242.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059130/; classtype:trojan-activity;sid:83922230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059129)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.25.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059129/; classtype:trojan-activity;sid:83922229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059127)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.132.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059127/; classtype:trojan-activity;sid:83922227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059128)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.136.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059128/; classtype:trojan-activity;sid:83922228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059126)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.237.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059126/; classtype:trojan-activity;sid:83922226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.84.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059125/; classtype:trojan-activity;sid:83922225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.12.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059124/; classtype:trojan-activity;sid:83922224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.80.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059123/; classtype:trojan-activity;sid:83922223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.53.105.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059122/; classtype:trojan-activity;sid:83922222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.102.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059121/; classtype:trojan-activity;sid:83922221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.50.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059119/; classtype:trojan-activity;sid:83922219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.145.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059120/; classtype:trojan-activity;sid:83922220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.237.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059118/; classtype:trojan-activity;sid:83922218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.152.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059117/; classtype:trojan-activity;sid:83922217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059116)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.223.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059116/; classtype:trojan-activity;sid:83922216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059115)"; flow:established,from_client; content:"GET"; http_method; content:"/doc869877400_678937609|3f|hash=3yhnghvzrddzyoqsvaxxyfzhwsb6ruuwyx6eyobeu0d|7c|26|7c|dl=yptbxnwute8bqa10ik7fq4umiohuorbsrb9ywwljbel|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059115/; classtype:trojan-activity;sid:83922215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.218.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059114/; classtype:trojan-activity;sid:83922214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.164.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059113/; classtype:trojan-activity;sid:83922213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059112)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.74.23.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059112/; classtype:trojan-activity;sid:83922212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.88.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059111/; classtype:trojan-activity;sid:83922211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.68.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059110/; classtype:trojan-activity;sid:83922210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.88.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059109/; classtype:trojan-activity;sid:83922209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.28.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059107/; classtype:trojan-activity;sid:83922207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.84.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059108/; classtype:trojan-activity;sid:83922208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059106)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.17.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059106/; classtype:trojan-activity;sid:83922206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.199.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059104/; classtype:trojan-activity;sid:83922204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059105)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.219.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059105/; classtype:trojan-activity;sid:83922205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059103)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.119.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059103/; classtype:trojan-activity;sid:83922203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.83.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059102/; classtype:trojan-activity;sid:83922202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.50.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059101/; classtype:trojan-activity;sid:83922201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.80.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059100/; classtype:trojan-activity;sid:83922200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059099)"; flow:established,from_client; content:"GET"; http_method; content:"/doc869877400_678935493|3f|hash=m40cbogspsxyng25ip4pwfzloyeevg7i5vfevvitha4|7c|26|7c|dl=aat0xjxmpuxsdrvebdi8wvu8zzhf0qqqgiaxqarrdvk|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059099/; classtype:trojan-activity;sid:83922199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.39.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059098/; classtype:trojan-activity;sid:83922198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059097)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.92.246.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059097/; classtype:trojan-activity;sid:83922197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059095)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.92.246.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059095/; classtype:trojan-activity;sid:83922195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059096)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.246.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059096/; classtype:trojan-activity;sid:83922196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059088)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.246.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059088/; classtype:trojan-activity;sid:83922188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059089)"; flow:established,from_client; content:"GET"; http_method; content:"/hoho.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.92.246.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059089/; classtype:trojan-activity;sid:83922189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059090)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.92.246.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059090/; classtype:trojan-activity;sid:83922190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059091)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.92.246.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059091/; classtype:trojan-activity;sid:83922191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059092)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.i486"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.92.246.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059092/; classtype:trojan-activity;sid:83922192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059093)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.92.246.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059093/; classtype:trojan-activity;sid:83922193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059094)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.246.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059094/; classtype:trojan-activity;sid:83922194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059082)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.92.241.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059082/; classtype:trojan-activity;sid:83922182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059083)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.92.241.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059083/; classtype:trojan-activity;sid:83922183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059084)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.92.241.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059084/; classtype:trojan-activity;sid:83922184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059085)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.92.241.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059085/; classtype:trojan-activity;sid:83922185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059086)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pm68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.92.241.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059086/; classtype:trojan-activity;sid:83922186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059087)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.92.241.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059087/; classtype:trojan-activity;sid:83922187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059081)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.92.241.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059081/; classtype:trojan-activity;sid:83922181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059080)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.152.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059080/; classtype:trojan-activity;sid:83922180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.145.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059078/; classtype:trojan-activity;sid:83922178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.223.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059079/; classtype:trojan-activity;sid:83922179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.204.126.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059077/; classtype:trojan-activity;sid:83922177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059076)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.212.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059076/; classtype:trojan-activity;sid:83922176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.138.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059075/; classtype:trojan-activity;sid:83922175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.194.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059073/; classtype:trojan-activity;sid:83922173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.223.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059074/; classtype:trojan-activity;sid:83922174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.157.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059072/; classtype:trojan-activity;sid:83922172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.18.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059071/; classtype:trojan-activity;sid:83922171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059070)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.105.172.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059070/; classtype:trojan-activity;sid:83922170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.28.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059069/; classtype:trojan-activity;sid:83922169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059068)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.172.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059068/; classtype:trojan-activity;sid:83922168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059067)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.125.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059067/; classtype:trojan-activity;sid:83922167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.156.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059065/; classtype:trojan-activity;sid:83922165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059066)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.116.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059066/; classtype:trojan-activity;sid:83922166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.142.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059064/; classtype:trojan-activity;sid:83922164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059063)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.83.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059063/; classtype:trojan-activity;sid:83922163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.140.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059062/; classtype:trojan-activity;sid:83922162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.48.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059061/; classtype:trojan-activity;sid:83922161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.112.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059060/; classtype:trojan-activity;sid:83922160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.225.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059059/; classtype:trojan-activity;sid:83922159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.138.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059058/; classtype:trojan-activity;sid:83922158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.187.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059057/; classtype:trojan-activity;sid:83922157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.142.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059056/; classtype:trojan-activity;sid:83922156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059054)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.196.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059054/; classtype:trojan-activity;sid:83922154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059055)"; flow:established,from_client; content:"GET"; http_method; content:"/orderreview"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"eqht.award.vuheritagefoundation.org"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059055/; classtype:trojan-activity;sid:83922155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059049)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.173.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059049/; classtype:trojan-activity;sid:83922149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059050)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059050/; classtype:trojan-activity;sid:83922150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059051)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.164.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059051/; classtype:trojan-activity;sid:83922151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059052)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.33.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059052/; classtype:trojan-activity;sid:83922152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.212.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059053/; classtype:trojan-activity;sid:83922153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.204.126.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059048/; classtype:trojan-activity;sid:83922148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.127.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059047/; classtype:trojan-activity;sid:83922147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.194.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059045/; classtype:trojan-activity;sid:83922145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.5.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059046/; classtype:trojan-activity;sid:83922146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059044)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"42.200.105.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059044/; classtype:trojan-activity;sid:83922144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.161.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059042/; classtype:trojan-activity;sid:83922142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.225.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059043/; classtype:trojan-activity;sid:83922143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.21.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059041/; classtype:trojan-activity;sid:83922141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.142.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059040/; classtype:trojan-activity;sid:83922140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059039)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.226.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059039/; classtype:trojan-activity;sid:83922139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059037)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.33.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059037/; classtype:trojan-activity;sid:83922137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.156.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059038/; classtype:trojan-activity;sid:83922138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.199.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059036/; classtype:trojan-activity;sid:83922136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.220.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059034/; classtype:trojan-activity;sid:83922134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059035)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.93.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059035/; classtype:trojan-activity;sid:83922135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.18.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059032/; classtype:trojan-activity;sid:83922132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.155.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059033/; classtype:trojan-activity;sid:83922133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.48.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059031/; classtype:trojan-activity;sid:83922131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.91.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059030/; classtype:trojan-activity;sid:83922130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.138.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059029/; classtype:trojan-activity;sid:83922129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.142.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059028/; classtype:trojan-activity;sid:83922128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.173.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059027/; classtype:trojan-activity;sid:83922127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.239.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059026/; classtype:trojan-activity;sid:83922126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.161.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059025/; classtype:trojan-activity;sid:83922125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.127.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059024/; classtype:trojan-activity;sid:83922124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059022)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.207.174.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059022/; classtype:trojan-activity;sid:83922122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.194.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059023/; classtype:trojan-activity;sid:83922123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059021)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.189.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059021/; classtype:trojan-activity;sid:83922121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.168.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059020/; classtype:trojan-activity;sid:83922120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.5.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059019/; classtype:trojan-activity;sid:83922119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.61.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059018/; classtype:trojan-activity;sid:83922118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.12.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059017/; classtype:trojan-activity;sid:83922117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.221.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059016/; classtype:trojan-activity;sid:83922116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.184.183.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059015/; classtype:trojan-activity;sid:83922115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.21.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059014/; classtype:trojan-activity;sid:83922114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.155.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059013/; classtype:trojan-activity;sid:83922113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059012)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.163.249.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059012/; classtype:trojan-activity;sid:83922112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059011)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.219.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059011/; classtype:trojan-activity;sid:83922111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059010)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.247.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059010/; classtype:trojan-activity;sid:83922110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059008)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.201.146.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059008/; classtype:trojan-activity;sid:83922108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.12.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059009/; classtype:trojan-activity;sid:83922109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059007)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.37.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059007/; classtype:trojan-activity;sid:83922107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059006/; classtype:trojan-activity;sid:83922106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.4.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059005/; classtype:trojan-activity;sid:83922105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.208.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059004/; classtype:trojan-activity;sid:83922104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.59.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059002/; classtype:trojan-activity;sid:83922102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.175.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059003/; classtype:trojan-activity;sid:83922103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.82.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059001/; classtype:trojan-activity;sid:83922101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.14.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059000/; classtype:trojan-activity;sid:83922100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058999)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"3.106.41.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058999/; classtype:trojan-activity;sid:83922099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058998)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"64.227.190.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058998/; classtype:trojan-activity;sid:83922098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058997)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/msvcp140.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"45.153.231.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058997/; classtype:trojan-activity;sid:83922097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058996)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"104.194.154.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058996/; classtype:trojan-activity;sid:83922096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058993)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/msvcp140.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"104.194.154.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058993/; classtype:trojan-activity;sid:83922093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058994)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/softokn3.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"104.194.154.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058994/; classtype:trojan-activity;sid:83922094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058995)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/freebl3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"104.194.154.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058995/; classtype:trojan-activity;sid:83922095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058990)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/mozglue.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"104.194.154.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058990/; classtype:trojan-activity;sid:83922090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058991)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/vcruntime140.dll"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"104.194.154.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058991/; classtype:trojan-activity;sid:83922091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058992)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dll"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"104.194.154.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058992/; classtype:trojan-activity;sid:83922092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058987)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dll"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"45.153.231.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058987/; classtype:trojan-activity;sid:83922087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058988)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dll"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"193.29.104.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058988/; classtype:trojan-activity;sid:83922088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058989)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dll"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"193.56.255.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058989/; classtype:trojan-activity;sid:83922089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058982)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dll"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"37.120.247.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058982/; classtype:trojan-activity;sid:83922082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058983)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/freebl3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"193.56.255.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058983/; classtype:trojan-activity;sid:83922083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058984)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"193.56.255.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058984/; classtype:trojan-activity;sid:83922084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058985)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"37.120.247.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058985/; classtype:trojan-activity;sid:83922085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058986)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/mozglue.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"193.56.255.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058986/; classtype:trojan-activity;sid:83922086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058979)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/softokn3.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"193.56.255.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058979/; classtype:trojan-activity;sid:83922079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058980)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/msvcp140.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"193.56.255.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058980/; classtype:trojan-activity;sid:83922080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.117.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058981/; classtype:trojan-activity;sid:83922081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058975)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/freebl3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"45.153.231.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058975/; classtype:trojan-activity;sid:83922075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058976)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/softokn3.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"193.29.104.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058976/; classtype:trojan-activity;sid:83922076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058977)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/mozglue.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"45.153.231.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058977/; classtype:trojan-activity;sid:83922077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058978)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"45.153.231.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058978/; classtype:trojan-activity;sid:83922078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058973)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/softokn3.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"45.153.231.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058973/; classtype:trojan-activity;sid:83922073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058974)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/vcruntime140.dll"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"45.153.231.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058974/; classtype:trojan-activity;sid:83922074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058969)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/msvcp140.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"37.120.247.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058969/; classtype:trojan-activity;sid:83922069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058970)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/freebl3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"193.29.104.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058970/; classtype:trojan-activity;sid:83922070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058971)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/vcruntime140.dll"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"193.56.255.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058971/; classtype:trojan-activity;sid:83922071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058972)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"193.29.104.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058972/; classtype:trojan-activity;sid:83922072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058968)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/freebl3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"37.120.247.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058968/; classtype:trojan-activity;sid:83922068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058966)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/mozglue.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"193.29.104.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058966/; classtype:trojan-activity;sid:83922066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058967)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/mozglue.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"37.120.247.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058967/; classtype:trojan-activity;sid:83922067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058965)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/vcruntime140.dll"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"37.120.247.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058965/; classtype:trojan-activity;sid:83922065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058964)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/softokn3.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"37.120.247.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058964/; classtype:trojan-activity;sid:83922064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058962)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/vcruntime140.dll"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"193.29.104.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058962/; classtype:trojan-activity;sid:83922062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058963)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/msvcp140.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"193.29.104.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058963/; classtype:trojan-activity;sid:83922063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058961)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dll"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"147.45.44.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058961/; classtype:trojan-activity;sid:83922061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058955)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/softokn3.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"147.45.44.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058955/; classtype:trojan-activity;sid:83922055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058956)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/vcruntime140.dll"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"147.45.44.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058956/; classtype:trojan-activity;sid:83922056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058957)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"147.45.44.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058957/; classtype:trojan-activity;sid:83922057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058958)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/msvcp140.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"147.45.44.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058958/; classtype:trojan-activity;sid:83922058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058959)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/freebl3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"147.45.44.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058959/; classtype:trojan-activity;sid:83922059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058960)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/mozglue.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"147.45.44.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058960/; classtype:trojan-activity;sid:83922060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058951)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/freebl3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"77.91.77.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058951/; classtype:trojan-activity;sid:83922051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058952)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/mozglue.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"77.91.77.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058952/; classtype:trojan-activity;sid:83922052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058953)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"77.91.77.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058953/; classtype:trojan-activity;sid:83922053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058954)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dll"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"77.91.77.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058954/; classtype:trojan-activity;sid:83922054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058943)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/softokn3.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"85.28.47.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058943/; classtype:trojan-activity;sid:83922043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058944)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dll"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"85.28.47.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058944/; classtype:trojan-activity;sid:83922044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058945)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/msvcp140.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"85.28.47.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058945/; classtype:trojan-activity;sid:83922045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058946)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"85.28.47.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058946/; classtype:trojan-activity;sid:83922046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058947)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/softokn3.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"77.91.77.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058947/; classtype:trojan-activity;sid:83922047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058948)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/mozglue.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"85.28.47.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058948/; classtype:trojan-activity;sid:83922048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058949)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/vcruntime140.dll"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"77.91.77.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058949/; classtype:trojan-activity;sid:83922049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058950)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/msvcp140.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"77.91.77.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058950/; classtype:trojan-activity;sid:83922050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058941)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/freebl3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"85.28.47.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058941/; classtype:trojan-activity;sid:83922041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058942)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/vcruntime140.dll"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"85.28.47.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058942/; classtype:trojan-activity;sid:83922042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058940)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dll"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"192.121.23.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058940/; classtype:trojan-activity;sid:83922040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058938)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"192.121.23.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058938/; classtype:trojan-activity;sid:83922038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058939)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dll"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"134.209.88.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058939/; classtype:trojan-activity;sid:83922039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058930)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/msvcp140.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"134.209.88.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058930/; classtype:trojan-activity;sid:83922030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058931)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/freebl3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"192.121.23.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058931/; classtype:trojan-activity;sid:83922031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058932)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/softokn3.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"192.121.23.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058932/; classtype:trojan-activity;sid:83922032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058933)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"134.209.88.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058933/; classtype:trojan-activity;sid:83922033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058934)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/mozglue.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"192.121.23.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058934/; classtype:trojan-activity;sid:83922034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058935)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/mozglue.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"134.209.88.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058935/; classtype:trojan-activity;sid:83922035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.221.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058936/; classtype:trojan-activity;sid:83922036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058937)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/freebl3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"134.209.88.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058937/; classtype:trojan-activity;sid:83922037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058926)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/vcruntime140.dll"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"192.121.23.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058926/; classtype:trojan-activity;sid:83922026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058927)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/vcruntime140.dll"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"134.209.88.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058927/; classtype:trojan-activity;sid:83922027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058928)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/softokn3.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"134.209.88.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058928/; classtype:trojan-activity;sid:83922028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058929)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/msvcp140.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"192.121.23.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058929/; classtype:trojan-activity;sid:83922029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.248.102.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058925/; classtype:trojan-activity;sid:83922025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.157.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058924/; classtype:trojan-activity;sid:83922024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058920)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"86.106.119.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058920/; classtype:trojan-activity;sid:83922020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058921)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dll"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"86.106.119.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058921/; classtype:trojan-activity;sid:83922021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058922)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"89.147.111.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058922/; classtype:trojan-activity;sid:83922022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058923)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dll"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"89.147.111.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058923/; classtype:trojan-activity;sid:83922023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058916)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/mozglue.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"89.147.111.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058916/; classtype:trojan-activity;sid:83922016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058917)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/msvcp140.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"89.147.111.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058917/; classtype:trojan-activity;sid:83922017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058918)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/mozglue.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"86.106.119.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058918/; classtype:trojan-activity;sid:83922018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058919)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/freebl3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"89.147.111.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058919/; classtype:trojan-activity;sid:83922019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058913)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/vcruntime140.dll"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"89.147.111.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058913/; classtype:trojan-activity;sid:83922013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058914)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/msvcp140.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"86.106.119.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058914/; classtype:trojan-activity;sid:83922014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058915)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/softokn3.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"89.147.111.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058915/; classtype:trojan-activity;sid:83922015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058911)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/freebl3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"86.106.119.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058911/; classtype:trojan-activity;sid:83922011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058912)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/softokn3.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"86.106.119.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058912/; classtype:trojan-activity;sid:83922012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058910)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/vcruntime140.dll"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"86.106.119.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058910/; classtype:trojan-activity;sid:83922010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058903)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/softokn3.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"77.91.77.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058903/; classtype:trojan-activity;sid:83922003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.195.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058904/; classtype:trojan-activity;sid:83922004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058905)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/freebl3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"77.91.77.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058905/; classtype:trojan-activity;sid:83922005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058906)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/msvcp140.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"77.91.77.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058906/; classtype:trojan-activity;sid:83922006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058907)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/mozglue.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"77.91.77.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058907/; classtype:trojan-activity;sid:83922007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058908)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"77.91.77.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058908/; classtype:trojan-activity;sid:83922008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058909)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dll"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"77.91.77.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058909/; classtype:trojan-activity;sid:83922009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058902)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/vcruntime140.dll"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"77.91.77.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058902/; classtype:trojan-activity;sid:83922002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.42.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058901/; classtype:trojan-activity;sid:83922001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058900)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.49.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058900/; classtype:trojan-activity;sid:83922000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058899)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.152.9.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058899/; classtype:trojan-activity;sid:83921999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058898)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.3.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058898/; classtype:trojan-activity;sid:83921998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058897)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.187.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058897/; classtype:trojan-activity;sid:83921997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058896)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.5.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058896/; classtype:trojan-activity;sid:83921996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058895)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.46.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058895/; classtype:trojan-activity;sid:83921995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058894)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dll"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"147.45.44.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058894/; classtype:trojan-activity;sid:83921994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.84.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058887/; classtype:trojan-activity;sid:83921987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058888)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/softokn3.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"147.45.44.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058888/; classtype:trojan-activity;sid:83921988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058889)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/vcruntime140.dll"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"147.45.44.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058889/; classtype:trojan-activity;sid:83921989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058890)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/msvcp140.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"147.45.44.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058890/; classtype:trojan-activity;sid:83921990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058891)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/mozglue.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"147.45.44.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058891/; classtype:trojan-activity;sid:83921991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058892)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/freebl3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"147.45.44.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058892/; classtype:trojan-activity;sid:83921992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058893)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"147.45.44.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058893/; classtype:trojan-activity;sid:83921993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.34.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058886/; classtype:trojan-activity;sid:83921986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058885/; classtype:trojan-activity;sid:83921985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.208.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058884/; classtype:trojan-activity;sid:83921984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.78.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058883/; classtype:trojan-activity;sid:83921983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.175.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058882/; classtype:trojan-activity;sid:83921982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.233.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058881/; classtype:trojan-activity;sid:83921981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.42.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058880/; classtype:trojan-activity;sid:83921980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.14.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058879/; classtype:trojan-activity;sid:83921979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.22.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058878/; classtype:trojan-activity;sid:83921978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.13.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058876/; classtype:trojan-activity;sid:83921976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.157.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058877/; classtype:trojan-activity;sid:83921977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.11.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058873/; classtype:trojan-activity;sid:83921973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058874)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.241.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058874/; classtype:trojan-activity;sid:83921974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058875)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.212.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058875/; classtype:trojan-activity;sid:83921975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.110.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058872/; classtype:trojan-activity;sid:83921972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.107.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058870/; classtype:trojan-activity;sid:83921970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.63.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058871/; classtype:trojan-activity;sid:83921971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.205.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058869/; classtype:trojan-activity;sid:83921969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.195.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058868/; classtype:trojan-activity;sid:83921968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.111.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058867/; classtype:trojan-activity;sid:83921967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058866)"; flow:established,from_client; content:"GET"; http_method; content:"/cve-2023-36874.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"51.255.46.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058866/; classtype:trojan-activity;sid:83921966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058861)"; flow:established,from_client; content:"GET"; http_method; content:"/printnightmare"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"51.255.46.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058861/; classtype:trojan-activity;sid:83921961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058862)"; flow:established,from_client; content:"GET"; http_method; content:"/nc64.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51.255.46.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058862/; classtype:trojan-activity;sid:83921962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058863)"; flow:established,from_client; content:"GET"; http_method; content:"/nc64.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51.255.46.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058863/; classtype:trojan-activity;sid:83921963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058864)"; flow:established,from_client; content:"GET"; http_method; content:"/b64"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"51.255.46.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058864/; classtype:trojan-activity;sid:83921964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.189.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058865/; classtype:trojan-activity;sid:83921965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.234.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058857/; classtype:trojan-activity;sid:83921957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058858)"; flow:established,from_client; content:"GET"; http_method; content:"/bp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"34.102.78.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058858/; classtype:trojan-activity;sid:83921958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058859)"; flow:established,from_client; content:"GET"; http_method; content:"/nc64.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"34.102.78.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058859/; classtype:trojan-activity;sid:83921959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058860)"; flow:established,from_client; content:"GET"; http_method; content:"/jp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"34.102.78.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058860/; classtype:trojan-activity;sid:83921960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058854)"; flow:established,from_client; content:"GET"; http_method; content:"/ncat.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"165.232.37.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058854/; classtype:trojan-activity;sid:83921954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.109.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058855/; classtype:trojan-activity;sid:83921955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.159.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058856/; classtype:trojan-activity;sid:83921956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058851)"; flow:established,from_client; content:"GET"; http_method; content:"/r2.ps1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"34.102.78.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058851/; classtype:trojan-activity;sid:83921951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058852)"; flow:established,from_client; content:"GET"; http_method; content:"/f.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"34.102.78.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058852/; classtype:trojan-activity;sid:83921952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058853)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws.ps1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"34.102.78.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058853/; classtype:trojan-activity;sid:83921953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058850)"; flow:established,from_client; content:"GET"; http_method; content:"/fscan"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"8.137.103.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058850/; classtype:trojan-activity;sid:83921950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058849)"; flow:established,from_client; content:"GET"; http_method; content:"/kubectl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"8.137.103.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058849/; classtype:trojan-activity;sid:83921949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058848)"; flow:established,from_client; content:"GET"; http_method; content:"/cdk_linux_amd64_upx"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"8.137.103.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058848/; classtype:trojan-activity;sid:83921948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058847)"; flow:established,from_client; content:"GET"; http_method; content:"/exploit"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"8.137.103.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058847/; classtype:trojan-activity;sid:83921947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058846)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_x64_agent"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"8.137.103.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058846/; classtype:trojan-activity;sid:83921946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058844)"; flow:established,from_client; content:"GET"; http_method; content:"/c2-test"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"8.137.103.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058844/; classtype:trojan-activity;sid:83921944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058845)"; flow:established,from_client; content:"GET"; http_method; content:"/nohup.out"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"8.137.103.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058845/; classtype:trojan-activity;sid:83921945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058843)"; flow:established,from_client; content:"GET"; http_method; content:"/ubuntu.elf"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"8.137.103.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058843/; classtype:trojan-activity;sid:83921943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.3.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058842/; classtype:trojan-activity;sid:83921942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058841)"; flow:established,from_client; content:"GET"; http_method; content:"/47167.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"8.137.103.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058841/; classtype:trojan-activity;sid:83921941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058834)"; flow:established,from_client; content:"GET"; http_method; content:"/47164.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"8.137.103.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058834/; classtype:trojan-activity;sid:83921934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058835)"; flow:established,from_client; content:"GET"; http_method; content:"/47165.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"8.137.103.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058835/; classtype:trojan-activity;sid:83921935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058836)"; flow:established,from_client; content:"GET"; http_method; content:"/exploit.c"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"8.137.103.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058836/; classtype:trojan-activity;sid:83921936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058837)"; flow:established,from_client; content:"GET"; http_method; content:"/50135.c"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"8.137.103.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058837/; classtype:trojan-activity;sid:83921937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058838)"; flow:established,from_client; content:"GET"; http_method; content:"/47166.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"8.137.103.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058838/; classtype:trojan-activity;sid:83921938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058839)"; flow:established,from_client; content:"GET"; http_method; content:"/47163.c"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"8.137.103.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058839/; classtype:trojan-activity;sid:83921939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058840)"; flow:established,from_client; content:"GET"; http_method; content:"/linux-exploit-suggester.sh"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"8.137.103.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058840/; classtype:trojan-activity;sid:83921940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058831)"; flow:established,from_client; content:"GET"; http_method; content:"/god.php"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"8.137.103.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058831/; classtype:trojan-activity;sid:83921931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058832)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_exploit_suggester.pl"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"8.137.103.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058832/; classtype:trojan-activity;sid:83921932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058833)"; flow:established,from_client; content:"GET"; http_method; content:"/2.6.9"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"8.137.103.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058833/; classtype:trojan-activity;sid:83921933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058826)"; flow:established,from_client; content:"GET"; http_method; content:"/dirty"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058826/; classtype:trojan-activity;sid:83921926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058827)"; flow:established,from_client; content:"GET"; http_method; content:"/dirtyc0w"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058827/; classtype:trojan-activity;sid:83921927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058828)"; flow:established,from_client; content:"GET"; http_method; content:"/pwnkit"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"8.137.103.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058828/; classtype:trojan-activity;sid:83921928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058829)"; flow:established,from_client; content:"GET"; http_method; content:"/rev_50001.elf"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"8.137.103.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058829/; classtype:trojan-activity;sid:83921929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058830)"; flow:established,from_client; content:"GET"; http_method; content:"/exp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"8.137.103.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058830/; classtype:trojan-activity;sid:83921930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058825)"; flow:established,from_client; content:"GET"; http_method; content:"/phpstudy_64.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058825/; classtype:trojan-activity;sid:83921925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058817)"; flow:established,from_client; content:"GET"; http_method; content:"/wap.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058817/; classtype:trojan-activity;sid:83921917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058818)"; flow:established,from_client; content:"GET"; http_method; content:"/wap2.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058818/; classtype:trojan-activity;sid:83921918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058819)"; flow:established,from_client; content:"GET"; http_method; content:"/1.py"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058819/; classtype:trojan-activity;sid:83921919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058820)"; flow:established,from_client; content:"GET"; http_method; content:"/dnmr1.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058820/; classtype:trojan-activity;sid:83921920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058821)"; flow:established,from_client; content:"GET"; http_method; content:"/40847.cpp"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058821/; classtype:trojan-activity;sid:83921921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058822)"; flow:established,from_client; content:"GET"; http_method; content:"/22.php"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058822/; classtype:trojan-activity;sid:83921922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058823)"; flow:established,from_client; content:"GET"; http_method; content:"/exploit.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058823/; classtype:trojan-activity;sid:83921923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058824)"; flow:established,from_client; content:"GET"; http_method; content:"/pw.php"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058824/; classtype:trojan-activity;sid:83921924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058805)"; flow:established,from_client; content:"GET"; http_method; content:"/linux-exploit-suggester.sh"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058805/; classtype:trojan-activity;sid:83921905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058806)"; flow:established,from_client; content:"GET"; http_method; content:"/ali_ps.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058806/; classtype:trojan-activity;sid:83921906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058807)"; flow:established,from_client; content:"GET"; http_method; content:"/paused.conf"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058807/; classtype:trojan-activity;sid:83921907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058808)"; flow:established,from_client; content:"GET"; http_method; content:"/dirtyc0w.c"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058808/; classtype:trojan-activity;sid:83921908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058809)"; flow:established,from_client; content:"GET"; http_method; content:"/pa0.php"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058809/; classtype:trojan-activity;sid:83921909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058810)"; flow:established,from_client; content:"GET"; http_method; content:"/wso.php"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058810/; classtype:trojan-activity;sid:83921910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058811)"; flow:established,from_client; content:"GET"; http_method; content:"/u8.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058811/; classtype:trojan-activity;sid:83921911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058812)"; flow:established,from_client; content:"GET"; http_method; content:"/6.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058812/; classtype:trojan-activity;sid:83921912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058813)"; flow:established,from_client; content:"GET"; http_method; content:"/wpeas.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058813/; classtype:trojan-activity;sid:83921913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058814)"; flow:established,from_client; content:"GET"; http_method; content:"/ppw.php"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058814/; classtype:trojan-activity;sid:83921914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058815)"; flow:established,from_client; content:"GET"; http_method; content:"/up/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058815/; classtype:trojan-activity;sid:83921915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058816)"; flow:established,from_client; content:"GET"; http_method; content:"/linpeas.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058816/; classtype:trojan-activity;sid:83921916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058792)"; flow:established,from_client; content:"GET"; http_method; content:"/wap.txt.css"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058792/; classtype:trojan-activity;sid:83921892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058793)"; flow:established,from_client; content:"GET"; http_method; content:"/smp.php"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058793/; classtype:trojan-activity;sid:83921893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058794)"; flow:established,from_client; content:"GET"; http_method; content:"/dog.php"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058794/; classtype:trojan-activity;sid:83921894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058795)"; flow:established,from_client; content:"GET"; http_method; content:"/wps.png"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058795/; classtype:trojan-activity;sid:83921895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058796)"; flow:established,from_client; content:"GET"; http_method; content:"/dcow"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058796/; classtype:trojan-activity;sid:83921896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058797)"; flow:established,from_client; content:"GET"; http_method; content:"/ofs"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058797/; classtype:trojan-activity;sid:83921897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058798)"; flow:established,from_client; content:"GET"; http_method; content:"/pwnkit"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058798/; classtype:trojan-activity;sid:83921898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058799)"; flow:established,from_client; content:"GET"; http_method; content:"/wpea.bat"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058799/; classtype:trojan-activity;sid:83921899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058800)"; flow:established,from_client; content:"GET"; http_method; content:"/udf.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058800/; classtype:trojan-activity;sid:83921900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058801)"; flow:established,from_client; content:"GET"; http_method; content:"/lib_mysqludf_sys_64.so"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058801/; classtype:trojan-activity;sid:83921901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058802)"; flow:established,from_client; content:"GET"; http_method; content:"/mr1.php"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058802/; classtype:trojan-activity;sid:83921902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058803)"; flow:established,from_client; content:"GET"; http_method; content:"/1.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058803/; classtype:trojan-activity;sid:83921903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058804)"; flow:established,from_client; content:"GET"; http_method; content:"/ps.png"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058804/; classtype:trojan-activity;sid:83921904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058790)"; flow:established,from_client; content:"GET"; http_method; content:"/phpinfo.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058790/; classtype:trojan-activity;sid:83921890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058791)"; flow:established,from_client; content:"GET"; http_method; content:"/inc.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"37.228.129.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058791/; classtype:trojan-activity;sid:83921891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.78.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058789/; classtype:trojan-activity;sid:83921889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.84.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058785/; classtype:trojan-activity;sid:83921885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058786)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.1.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058786/; classtype:trojan-activity;sid:83921886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058787)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.139.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058787/; classtype:trojan-activity;sid:83921887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058788)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.130.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058788/; classtype:trojan-activity;sid:83921888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.85.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058784/; classtype:trojan-activity;sid:83921884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.91.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058783/; classtype:trojan-activity;sid:83921883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.233.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058782/; classtype:trojan-activity;sid:83921882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.34.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058781/; classtype:trojan-activity;sid:83921881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.186.178.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058780/; classtype:trojan-activity;sid:83921880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.10.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058779/; classtype:trojan-activity;sid:83921879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.13.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058778/; classtype:trojan-activity;sid:83921878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.101.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058777/; classtype:trojan-activity;sid:83921877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.164.201.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058776/; classtype:trojan-activity;sid:83921876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.188.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058774/; classtype:trojan-activity;sid:83921874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058775)"; flow:established,from_client; content:"GET"; http_method; content:"/657/winiti.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"107.172.4.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058775/; classtype:trojan-activity;sid:83921875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.63.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058773/; classtype:trojan-activity;sid:83921873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.157.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058772/; classtype:trojan-activity;sid:83921872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058771)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.111.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058771/; classtype:trojan-activity;sid:83921871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.105.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058770/; classtype:trojan-activity;sid:83921870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058769)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.217.63.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058769/; classtype:trojan-activity;sid:83921869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.205.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058768/; classtype:trojan-activity;sid:83921868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058767)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.250.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058767/; classtype:trojan-activity;sid:83921867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058766)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.235.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058766/; classtype:trojan-activity;sid:83921866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058765)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.181.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058765/; classtype:trojan-activity;sid:83921865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058764)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.61.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058764/; classtype:trojan-activity;sid:83921864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058761/; classtype:trojan-activity;sid:83921861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058762)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.89.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058762/; classtype:trojan-activity;sid:83921862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058763)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.62.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058763/; classtype:trojan-activity;sid:83921863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058759)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058759/; classtype:trojan-activity;sid:83921859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058760)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.113.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058760/; classtype:trojan-activity;sid:83921860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.234.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058757/; classtype:trojan-activity;sid:83921857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.112.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058758/; classtype:trojan-activity;sid:83921858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058755)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.167.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058755/; classtype:trojan-activity;sid:83921855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058756)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.182.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058756/; classtype:trojan-activity;sid:83921856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.107.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058754/; classtype:trojan-activity;sid:83921854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.3.27.122"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058751/; classtype:trojan-activity;sid:83921851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.159.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058752/; classtype:trojan-activity;sid:83921852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.234.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058753/; classtype:trojan-activity;sid:83921853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.94.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058750/; classtype:trojan-activity;sid:83921850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.209.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058749/; classtype:trojan-activity;sid:83921849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.214.12.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058748/; classtype:trojan-activity;sid:83921848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058746)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.240.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058746/; classtype:trojan-activity;sid:83921846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.0.92"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058747/; classtype:trojan-activity;sid:83921847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058745)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.3.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058745/; classtype:trojan-activity;sid:83921845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058743)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.63.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058743/; classtype:trojan-activity;sid:83921843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058744)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.85.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058744/; classtype:trojan-activity;sid:83921844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.186.178.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058742/; classtype:trojan-activity;sid:83921842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.168.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058740/; classtype:trojan-activity;sid:83921840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.105.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058741/; classtype:trojan-activity;sid:83921841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.85.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058739/; classtype:trojan-activity;sid:83921839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.233.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058735/; classtype:trojan-activity;sid:83921835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.247.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058734/; classtype:trojan-activity;sid:83921834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.26.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058732/; classtype:trojan-activity;sid:83921832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.164.201.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058733/; classtype:trojan-activity;sid:83921833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.80.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058731/; classtype:trojan-activity;sid:83921831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.6.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058730/; classtype:trojan-activity;sid:83921830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.198.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058729/; classtype:trojan-activity;sid:83921829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.155.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058727/; classtype:trojan-activity;sid:83921827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.116.194.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058728/; classtype:trojan-activity;sid:83921828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.3.27.122"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058726/; classtype:trojan-activity;sid:83921826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058725)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.149.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058725/; classtype:trojan-activity;sid:83921825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.214.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058723/; classtype:trojan-activity;sid:83921823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.28.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058724/; classtype:trojan-activity;sid:83921824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.34.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058722/; classtype:trojan-activity;sid:83921822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.44.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058721/; classtype:trojan-activity;sid:83921821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.66.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058720/; classtype:trojan-activity;sid:83921820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.212.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058718/; classtype:trojan-activity;sid:83921818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.7.206"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058719/; classtype:trojan-activity;sid:83921819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.109.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058717/; classtype:trojan-activity;sid:83921817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.209.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058716/; classtype:trojan-activity;sid:83921816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.1.56"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058715/; classtype:trojan-activity;sid:83921815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.12.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058714/; classtype:trojan-activity;sid:83921814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.62.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058713/; classtype:trojan-activity;sid:83921813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.141.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058711/; classtype:trojan-activity;sid:83921811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.7.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058712/; classtype:trojan-activity;sid:83921812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.90.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058710/; classtype:trojan-activity;sid:83921810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058709)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.220.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058709/; classtype:trojan-activity;sid:83921809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.222.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058708/; classtype:trojan-activity;sid:83921808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058707)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.251.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058707/; classtype:trojan-activity;sid:83921807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.89.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058706/; classtype:trojan-activity;sid:83921806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.176.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058705/; classtype:trojan-activity;sid:83921805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.85.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058704/; classtype:trojan-activity;sid:83921804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058703)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.190.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058703/; classtype:trojan-activity;sid:83921803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.168.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058702/; classtype:trojan-activity;sid:83921802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.192.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058701/; classtype:trojan-activity;sid:83921801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.40.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058700/; classtype:trojan-activity;sid:83921800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.243.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058699/; classtype:trojan-activity;sid:83921799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.162.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058698/; classtype:trojan-activity;sid:83921798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.139.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058697/; classtype:trojan-activity;sid:83921797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.194.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058696/; classtype:trojan-activity;sid:83921796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.155.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058695/; classtype:trojan-activity;sid:83921795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.7.206"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058694/; classtype:trojan-activity;sid:83921794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.175.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058693/; classtype:trojan-activity;sid:83921793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.212.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058692/; classtype:trojan-activity;sid:83921792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058690)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.185.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058690/; classtype:trojan-activity;sid:83921790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058691)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.243.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058691/; classtype:trojan-activity;sid:83921791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058689)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.227.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058689/; classtype:trojan-activity;sid:83921789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.44.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058688/; classtype:trojan-activity;sid:83921788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.66.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058687/; classtype:trojan-activity;sid:83921787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.85.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058686/; classtype:trojan-activity;sid:83921786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.47.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058685/; classtype:trojan-activity;sid:83921785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.1.56"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058684/; classtype:trojan-activity;sid:83921784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.167.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058683/; classtype:trojan-activity;sid:83921783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.62.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058682/; classtype:trojan-activity;sid:83921782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.7.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058681/; classtype:trojan-activity;sid:83921781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.134.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058680/; classtype:trojan-activity;sid:83921780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.243.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058679/; classtype:trojan-activity;sid:83921779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058677)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.15.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058677/; classtype:trojan-activity;sid:83921777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.16.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058678/; classtype:trojan-activity;sid:83921778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.24.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058676/; classtype:trojan-activity;sid:83921776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.192.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058675/; classtype:trojan-activity;sid:83921775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.27.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058674/; classtype:trojan-activity;sid:83921774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.118.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058673/; classtype:trojan-activity;sid:83921773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.85.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058672/; classtype:trojan-activity;sid:83921772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.152.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058671/; classtype:trojan-activity;sid:83921771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.78.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058670/; classtype:trojan-activity;sid:83921770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058668)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.95.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058668/; classtype:trojan-activity;sid:83921768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058669)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.214.34.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058669/; classtype:trojan-activity;sid:83921769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.169.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058667/; classtype:trojan-activity;sid:83921767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.223.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058666/; classtype:trojan-activity;sid:83921766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.116.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058665/; classtype:trojan-activity;sid:83921765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.182.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058664/; classtype:trojan-activity;sid:83921764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.136.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058663/; classtype:trojan-activity;sid:83921763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.17.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058662/; classtype:trojan-activity;sid:83921762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.92.240.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058661/; classtype:trojan-activity;sid:83921761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.167.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058660/; classtype:trojan-activity;sid:83921760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.162.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058659/; classtype:trojan-activity;sid:83921759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.177.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058658/; classtype:trojan-activity;sid:83921758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.145.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058657/; classtype:trojan-activity;sid:83921757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.16.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058655/; classtype:trojan-activity;sid:83921755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.24.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058656/; classtype:trojan-activity;sid:83921756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058654)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.214.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058654/; classtype:trojan-activity;sid:83921754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058653)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.203.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058653/; classtype:trojan-activity;sid:83921753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058652)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.8.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058652/; classtype:trojan-activity;sid:83921752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058651)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.163.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058651/; classtype:trojan-activity;sid:83921751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.129.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058650/; classtype:trojan-activity;sid:83921750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058649)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.126.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058649/; classtype:trojan-activity;sid:83921749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.208.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058648/; classtype:trojan-activity;sid:83921748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058647)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.118.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058647/; classtype:trojan-activity;sid:83921747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.60.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058646/; classtype:trojan-activity;sid:83921746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.74.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058645/; classtype:trojan-activity;sid:83921745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.182.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058644/; classtype:trojan-activity;sid:83921744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.229.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058642/; classtype:trojan-activity;sid:83921742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.223.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058643/; classtype:trojan-activity;sid:83921743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.110.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058641/; classtype:trojan-activity;sid:83921741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058640)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.222.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058640/; classtype:trojan-activity;sid:83921740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.17.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058635/; classtype:trojan-activity;sid:83921735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.136.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058636/; classtype:trojan-activity;sid:83921736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.84.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058637/; classtype:trojan-activity;sid:83921737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.152.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058638/; classtype:trojan-activity;sid:83921738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058639)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.7.168.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058639/; classtype:trojan-activity;sid:83921739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.155.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058633/; classtype:trojan-activity;sid:83921733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.95.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058634/; classtype:trojan-activity;sid:83921734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058632)"; flow:established,from_client; content:"GET"; http_method; content:"/download/multibit-0.19.0-win64-setup.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"multibitpay.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058632/; classtype:trojan-activity;sid:83921732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058631)"; flow:established,from_client; content:"GET"; http_method; content:"/download/multibit-0.19.0-win64-setup.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"37.120.238.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058631/; classtype:trojan-activity;sid:83921731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058630)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.222.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058630/; classtype:trojan-activity;sid:83921730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058628)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.4.7"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058628/; classtype:trojan-activity;sid:83921728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058629)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.235.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058629/; classtype:trojan-activity;sid:83921729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058627)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.244.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058627/; classtype:trojan-activity;sid:83921727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.214.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058626/; classtype:trojan-activity;sid:83921726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058625)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.168.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058625/; classtype:trojan-activity;sid:83921725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058624)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.207.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058624/; classtype:trojan-activity;sid:83921724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058623)"; flow:established,from_client; content:"GET"; http_method; content:"/archsirsuppoat/sp.png"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"imgbb.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058623/; classtype:trojan-activity;sid:83921723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058622)"; flow:established,from_client; content:"GET"; http_method; content:"/screenshot.jpeg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"imgbb.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058622/; classtype:trojan-activity;sid:83921722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058621)"; flow:established,from_client; content:"GET"; http_method; content:"/archsirsuppoat/arch.ps1"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"imgbb.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058621/; classtype:trojan-activity;sid:83921721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058620)"; flow:established,from_client; content:"GET"; http_method; content:"/arch.ps1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"imgbb.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058620/; classtype:trojan-activity;sid:83921720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058618)"; flow:established,from_client; content:"GET"; http_method; content:"/archsirsuppoat/anyclesk.ps1"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"imgbb.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058618/; classtype:trojan-activity;sid:83921718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058619)"; flow:established,from_client; content:"GET"; http_method; content:"/attack.jpeg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"imgbb.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058619/; classtype:trojan-activity;sid:83921719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058617)"; flow:established,from_client; content:"GET"; http_method; content:"/archcwload/archcw.ps1"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"imgbb.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058617/; classtype:trojan-activity;sid:83921717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058616)"; flow:established,from_client; content:"GET"; http_method; content:"/archcwload/archcwbat.ps1"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"imgbb.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058616/; classtype:trojan-activity;sid:83921716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058615)"; flow:established,from_client; content:"GET"; http_method; content:"/systray.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"imgbb.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058615/; classtype:trojan-activity;sid:83921715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.168.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058614/; classtype:trojan-activity;sid:83921714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.151.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058613/; classtype:trojan-activity;sid:83921713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.173.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058612/; classtype:trojan-activity;sid:83921712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.208.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058611/; classtype:trojan-activity;sid:83921711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.126.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058609/; classtype:trojan-activity;sid:83921709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.29.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058610/; classtype:trojan-activity;sid:83921710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058608/; classtype:trojan-activity;sid:83921708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.92.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058607/; classtype:trojan-activity;sid:83921707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.45.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058606/; classtype:trojan-activity;sid:83921706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.37.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058605/; classtype:trojan-activity;sid:83921705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.74.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058603/; classtype:trojan-activity;sid:83921703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.46.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058604/; classtype:trojan-activity;sid:83921704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.214.12.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058602/; classtype:trojan-activity;sid:83921702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.84.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058601/; classtype:trojan-activity;sid:83921701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058600)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.67.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058600/; classtype:trojan-activity;sid:83921700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.95.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058598/; classtype:trojan-activity;sid:83921698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058599)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.224.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058599/; classtype:trojan-activity;sid:83921699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058597)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.30.110.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058597/; classtype:trojan-activity;sid:83921697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.225.55.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058596/; classtype:trojan-activity;sid:83921696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.155.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058594/; classtype:trojan-activity;sid:83921694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.66.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058595/; classtype:trojan-activity;sid:83921695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.145.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058593/; classtype:trojan-activity;sid:83921693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.56.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058592/; classtype:trojan-activity;sid:83921692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.71.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058591/; classtype:trojan-activity;sid:83921691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058590)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.187.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058590/; classtype:trojan-activity;sid:83921690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.234.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058589/; classtype:trojan-activity;sid:83921689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.94.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058588/; classtype:trojan-activity;sid:83921688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.115.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058587/; classtype:trojan-activity;sid:83921687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.164.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058586/; classtype:trojan-activity;sid:83921686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058585)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.65.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058585/; classtype:trojan-activity;sid:83921685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.173.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058584/; classtype:trojan-activity;sid:83921684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.125.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058582/; classtype:trojan-activity;sid:83921682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058583/; classtype:trojan-activity;sid:83921683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058581)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.bsa.bsafesafety.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058581/; classtype:trojan-activity;sid:83921681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.77.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058580/; classtype:trojan-activity;sid:83921680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.168.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058579/; classtype:trojan-activity;sid:83921679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.92.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058578/; classtype:trojan-activity;sid:83921678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058566)"; flow:established,from_client; content:"GET"; http_method; content:"/lg"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"ns1.tiktekmarketing.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058566/; classtype:trojan-activity;sid:83921666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058568)"; flow:established,from_client; content:"GET"; http_method; content:"/lg"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"mail.bsa.bsafesafety.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058568/; classtype:trojan-activity;sid:83921668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058569)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ns1.tiktekmarketing.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058569/; classtype:trojan-activity;sid:83921669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058570)"; flow:established,from_client; content:"GET"; http_method; content:"/thinkphp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bsa.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058570/; classtype:trojan-activity;sid:83921670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058571)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mail.bsa.bsafesafety.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058571/; classtype:trojan-activity;sid:83921671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058572)"; flow:established,from_client; content:"GET"; http_method; content:"/gpon443"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bsa.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058572/; classtype:trojan-activity;sid:83921672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058573)"; flow:established,from_client; content:"GET"; http_method; content:"/huawei"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ns1.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058573/; classtype:trojan-activity;sid:83921673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058574)"; flow:established,from_client; content:"GET"; http_method; content:"/huawei"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.bsa.bsafesafety.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058574/; classtype:trojan-activity;sid:83921674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058575)"; flow:established,from_client; content:"GET"; http_method; content:"/thinkphp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ns1.tiktekmarketing.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058575/; classtype:trojan-activity;sid:83921675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058576)"; flow:established,from_client; content:"GET"; http_method; content:"/realtek"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.bsa.bsafesafety.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058576/; classtype:trojan-activity;sid:83921676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058577)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mail.bsa.bsafesafety.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058577/; classtype:trojan-activity;sid:83921677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058549)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mail.bsa.bsafesafety.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058549/; classtype:trojan-activity;sid:83921649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058553)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ns1.tiktekmarketing.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058553/; classtype:trojan-activity;sid:83921653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058559)"; flow:established,from_client; content:"GET"; http_method; content:"/lg"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"www.bsa.bsafesafety.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058559/; classtype:trojan-activity;sid:83921659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mail.bsa.bsafesafety.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058560/; classtype:trojan-activity;sid:83921660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058562)"; flow:established,from_client; content:"GET"; http_method; content:"/pulse"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ns1.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058562/; classtype:trojan-activity;sid:83921662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058536)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ns1.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058536/; classtype:trojan-activity;sid:83921636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058539)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ns1.tiktekmarketing.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058539/; classtype:trojan-activity;sid:83921639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058544)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bsa.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058544/; classtype:trojan-activity;sid:83921644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058547)"; flow:established,from_client; content:"GET"; http_method; content:"/thinkphp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mail.bsa.bsafesafety.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058547/; classtype:trojan-activity;sid:83921647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058530)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"bsa.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058530/; classtype:trojan-activity;sid:83921630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058533)"; flow:established,from_client; content:"GET"; http_method; content:"/aws"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ns1.tiktekmarketing.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058533/; classtype:trojan-activity;sid:83921633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058534)"; flow:established,from_client; content:"GET"; http_method; content:"/hnap"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mail.bsa.bsafesafety.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058534/; classtype:trojan-activity;sid:83921634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058510)"; flow:established,from_client; content:"GET"; http_method; content:"/pulse"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"bsa.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058510/; classtype:trojan-activity;sid:83921610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.bsa.bsafesafety.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058514/; classtype:trojan-activity;sid:83921614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058521)"; flow:established,from_client; content:"GET"; http_method; content:"/zte"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bsa.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058521/; classtype:trojan-activity;sid:83921621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058497)"; flow:established,from_client; content:"GET"; http_method; content:"/aws"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ns1.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058497/; classtype:trojan-activity;sid:83921597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058498)"; flow:established,from_client; content:"GET"; http_method; content:"/lg"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"ns1.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058498/; classtype:trojan-activity;sid:83921598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058503)"; flow:established,from_client; content:"GET"; http_method; content:"/thinkphp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.bsa.bsafesafety.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058503/; classtype:trojan-activity;sid:83921603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058504)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bsa.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058504/; classtype:trojan-activity;sid:83921604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058506)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ns1.tiktekmarketing.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058506/; classtype:trojan-activity;sid:83921606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058507)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ns1.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058507/; classtype:trojan-activity;sid:83921607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058481)"; flow:established,from_client; content:"GET"; http_method; content:"/aws"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.bsa.bsafesafety.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058481/; classtype:trojan-activity;sid:83921581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058484)"; flow:established,from_client; content:"GET"; http_method; content:"/hnap"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.bsa.bsafesafety.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058484/; classtype:trojan-activity;sid:83921584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058492)"; flow:established,from_client; content:"GET"; http_method; content:"/realtek"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bsa.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058492/; classtype:trojan-activity;sid:83921592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058495)"; flow:established,from_client; content:"GET"; http_method; content:"/lg"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"bsa.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058495/; classtype:trojan-activity;sid:83921595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058472)"; flow:established,from_client; content:"GET"; http_method; content:"/pulse"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ns1.tiktekmarketing.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058472/; classtype:trojan-activity;sid:83921572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058476)"; flow:established,from_client; content:"GET"; http_method; content:"/zte"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mail.bsa.bsafesafety.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058476/; classtype:trojan-activity;sid:83921576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058477)"; flow:established,from_client; content:"GET"; http_method; content:"/aws"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bsa.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058477/; classtype:trojan-activity;sid:83921577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058455)"; flow:established,from_client; content:"GET"; http_method; content:"/zte"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ns1.tiktekmarketing.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058455/; classtype:trojan-activity;sid:83921555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058462)"; flow:established,from_client; content:"GET"; http_method; content:"/pulse"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"www.bsa.bsafesafety.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058462/; classtype:trojan-activity;sid:83921562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058464)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mail.bsa.bsafesafety.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058464/; classtype:trojan-activity;sid:83921564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058469)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bsa.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058469/; classtype:trojan-activity;sid:83921569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058470)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"www.bsa.bsafesafety.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058470/; classtype:trojan-activity;sid:83921570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058452)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ns1.tiktekmarketing.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058452/; classtype:trojan-activity;sid:83921552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058434)"; flow:established,from_client; content:"GET"; http_method; content:"/hnap"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bsa.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058434/; classtype:trojan-activity;sid:83921534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058435)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.bsa.bsafesafety.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058435/; classtype:trojan-activity;sid:83921535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058436)"; flow:established,from_client; content:"GET"; http_method; content:"/aws"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mail.bsa.bsafesafety.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058436/; classtype:trojan-activity;sid:83921536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058440)"; flow:established,from_client; content:"GET"; http_method; content:"/pulse"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mail.bsa.bsafesafety.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058440/; classtype:trojan-activity;sid:83921540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058441)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ns1.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058441/; classtype:trojan-activity;sid:83921541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058447)"; flow:established,from_client; content:"GET"; http_method; content:"/realtek"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mail.bsa.bsafesafety.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058447/; classtype:trojan-activity;sid:83921547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058448)"; flow:established,from_client; content:"GET"; http_method; content:"/gpon443"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mail.bsa.bsafesafety.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058448/; classtype:trojan-activity;sid:83921548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058423)"; flow:established,from_client; content:"GET"; http_method; content:"/realtek"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ns1.tiktekmarketing.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058423/; classtype:trojan-activity;sid:83921523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ns1.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058424/; classtype:trojan-activity;sid:83921524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058426)"; flow:established,from_client; content:"GET"; http_method; content:"/zte"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.bsa.bsafesafety.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058426/; classtype:trojan-activity;sid:83921526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058403)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ns1.tiktekmarketing.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058403/; classtype:trojan-activity;sid:83921503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058406)"; flow:established,from_client; content:"GET"; http_method; content:"/gpon443"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ns1.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058406/; classtype:trojan-activity;sid:83921506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058412)"; flow:established,from_client; content:"GET"; http_method; content:"/thinkphp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ns1.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058412/; classtype:trojan-activity;sid:83921512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058413)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mail.bsa.bsafesafety.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058413/; classtype:trojan-activity;sid:83921513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058414)"; flow:established,from_client; content:"GET"; http_method; content:"/gpon443"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.bsa.bsafesafety.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058414/; classtype:trojan-activity;sid:83921514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058419)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.bsa.bsafesafety.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058419/; classtype:trojan-activity;sid:83921519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058401)"; flow:established,from_client; content:"GET"; http_method; content:"/gpon443"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ns1.tiktekmarketing.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058401/; classtype:trojan-activity;sid:83921501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058384)"; flow:established,from_client; content:"GET"; http_method; content:"/hnap"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ns1.tiktekmarketing.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058384/; classtype:trojan-activity;sid:83921484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058366)"; flow:established,from_client; content:"GET"; http_method; content:"/huawei"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bsa.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058366/; classtype:trojan-activity;sid:83921466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058367)"; flow:established,from_client; content:"GET"; http_method; content:"/huawei"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ns1.tiktekmarketing.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058367/; classtype:trojan-activity;sid:83921467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058368)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bsa.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058368/; classtype:trojan-activity;sid:83921468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058371)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ns1.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058371/; classtype:trojan-activity;sid:83921471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058374)"; flow:established,from_client; content:"GET"; http_method; content:"/realtek"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ns1.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058374/; classtype:trojan-activity;sid:83921474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ns1.tiktekmarketing.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058377/; classtype:trojan-activity;sid:83921477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058343)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.bsa.bsafesafety.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058343/; classtype:trojan-activity;sid:83921443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058344)"; flow:established,from_client; content:"GET"; http_method; content:"/hnap"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ns1.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058344/; classtype:trojan-activity;sid:83921444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058347)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mail.bsa.bsafesafety.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058347/; classtype:trojan-activity;sid:83921447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058351)"; flow:established,from_client; content:"GET"; http_method; content:"/zte"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ns1.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058351/; classtype:trojan-activity;sid:83921451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058353)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bsa.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058353/; classtype:trojan-activity;sid:83921453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058358)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ns1.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058358/; classtype:trojan-activity;sid:83921458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058360)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.bsa.bsafesafety.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058360/; classtype:trojan-activity;sid:83921460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058361)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ns1.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058361/; classtype:trojan-activity;sid:83921461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058364)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bsa.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058364/; classtype:trojan-activity;sid:83921464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058365)"; flow:established,from_client; content:"GET"; http_method; content:"/huawei"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mail.bsa.bsafesafety.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058365/; classtype:trojan-activity;sid:83921465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.46.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058305/; classtype:trojan-activity;sid:83921405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.45.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058304/; classtype:trojan-activity;sid:83921404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.37.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058303/; classtype:trojan-activity;sid:83921403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.66.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058302/; classtype:trojan-activity;sid:83921402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058300)"; flow:established,from_client; content:"GET"; http_method; content:"/realtek"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"216.172.177.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058300/; classtype:trojan-activity;sid:83921400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.77.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058301/; classtype:trojan-activity;sid:83921401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.82.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058299/; classtype:trojan-activity;sid:83921399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058298)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.99.97.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058298/; classtype:trojan-activity;sid:83921398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058297)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.180.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058297/; classtype:trojan-activity;sid:83921397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058295)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.74.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058295/; classtype:trojan-activity;sid:83921395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.24.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058296/; classtype:trojan-activity;sid:83921396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058294)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.26.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058294/; classtype:trojan-activity;sid:83921394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058293)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058293/; classtype:trojan-activity;sid:83921393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.165.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058292/; classtype:trojan-activity;sid:83921392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.109.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058291/; classtype:trojan-activity;sid:83921391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.225.55.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058290/; classtype:trojan-activity;sid:83921390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.56.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058289/; classtype:trojan-activity;sid:83921389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.118.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058287/; classtype:trojan-activity;sid:83921387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.43.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058288/; classtype:trojan-activity;sid:83921388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058278)"; flow:established,from_client; content:"GET"; http_method; content:"/aws"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ns2.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058278/; classtype:trojan-activity;sid:83921378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058279)"; flow:established,from_client; content:"GET"; http_method; content:"/lg"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"ns2.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058279/; classtype:trojan-activity;sid:83921379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058280)"; flow:established,from_client; content:"GET"; http_method; content:"/huawei"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ns2.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058280/; classtype:trojan-activity;sid:83921380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058281)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ns2.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058281/; classtype:trojan-activity;sid:83921381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058282)"; flow:established,from_client; content:"GET"; http_method; content:"/lg"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"ns2.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058282/; classtype:trojan-activity;sid:83921382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058283)"; flow:established,from_client; content:"GET"; http_method; content:"/hnap"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ns2.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058283/; classtype:trojan-activity;sid:83921383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058284)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ns2.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058284/; classtype:trojan-activity;sid:83921384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058285)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ns2.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058285/; classtype:trojan-activity;sid:83921385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058286)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ns2.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058286/; classtype:trojan-activity;sid:83921386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058275)"; flow:established,from_client; content:"GET"; http_method; content:"/hnap"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ns2.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058275/; classtype:trojan-activity;sid:83921375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058276)"; flow:established,from_client; content:"GET"; http_method; content:"/thinkphp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ns2.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058276/; classtype:trojan-activity;sid:83921376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058277)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ns2.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058277/; classtype:trojan-activity;sid:83921377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ns2.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058258/; classtype:trojan-activity;sid:83921358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058259)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ns2.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058259/; classtype:trojan-activity;sid:83921359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058260)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ns2.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058260/; classtype:trojan-activity;sid:83921360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058261)"; flow:established,from_client; content:"GET"; http_method; content:"/huawei"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ns2.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058261/; classtype:trojan-activity;sid:83921361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058262)"; flow:established,from_client; content:"GET"; http_method; content:"/realtek"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ns2.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058262/; classtype:trojan-activity;sid:83921362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058263)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ns2.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058263/; classtype:trojan-activity;sid:83921363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058264)"; flow:established,from_client; content:"GET"; http_method; content:"/thinkphp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ns2.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058264/; classtype:trojan-activity;sid:83921364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058265)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ns2.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058265/; classtype:trojan-activity;sid:83921365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058266)"; flow:established,from_client; content:"GET"; http_method; content:"/pulse"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ns2.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058266/; classtype:trojan-activity;sid:83921366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058267)"; flow:established,from_client; content:"GET"; http_method; content:"/gpon443"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ns2.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058267/; classtype:trojan-activity;sid:83921367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058268)"; flow:established,from_client; content:"GET"; http_method; content:"/pulse"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ns2.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058268/; classtype:trojan-activity;sid:83921368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058269)"; flow:established,from_client; content:"GET"; http_method; content:"/zte"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ns2.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058269/; classtype:trojan-activity;sid:83921369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058270)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ns2.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058270/; classtype:trojan-activity;sid:83921370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ns2.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058271/; classtype:trojan-activity;sid:83921371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058272)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ns2.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058272/; classtype:trojan-activity;sid:83921372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058273)"; flow:established,from_client; content:"GET"; http_method; content:"/aws"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ns2.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058273/; classtype:trojan-activity;sid:83921373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058274)"; flow:established,from_client; content:"GET"; http_method; content:"/zte"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ns2.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058274/; classtype:trojan-activity;sid:83921374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058253)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.94.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058253/; classtype:trojan-activity;sid:83921353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.199.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058254/; classtype:trojan-activity;sid:83921354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058255)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ns2.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058255/; classtype:trojan-activity;sid:83921355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058256)"; flow:established,from_client; content:"GET"; http_method; content:"/gpon443"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ns2.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058256/; classtype:trojan-activity;sid:83921356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058257)"; flow:established,from_client; content:"GET"; http_method; content:"/realtek"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ns2.bsafesafety.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058257/; classtype:trojan-activity;sid:83921357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.168.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058251/; classtype:trojan-activity;sid:83921351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.175.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058252/; classtype:trojan-activity;sid:83921352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058246)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"108.167.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058246/; classtype:trojan-activity;sid:83921346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058247)"; flow:established,from_client; content:"GET"; http_method; content:"/lg"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"108.167.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058247/; classtype:trojan-activity;sid:83921347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058248)"; flow:established,from_client; content:"GET"; http_method; content:"/zte"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"108.167.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058248/; classtype:trojan-activity;sid:83921348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058249)"; flow:established,from_client; content:"GET"; http_method; content:"/huawei"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"108.167.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058249/; classtype:trojan-activity;sid:83921349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058250)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"108.167.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058250/; classtype:trojan-activity;sid:83921350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058234)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"108.167.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058234/; classtype:trojan-activity;sid:83921334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058235)"; flow:established,from_client; content:"GET"; http_method; content:"/pulse"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"108.167.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058235/; classtype:trojan-activity;sid:83921335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058236)"; flow:established,from_client; content:"GET"; http_method; content:"/aws"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"108.167.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058236/; classtype:trojan-activity;sid:83921336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058237)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"108.167.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058237/; classtype:trojan-activity;sid:83921337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058238)"; flow:established,from_client; content:"GET"; http_method; content:"/realtek"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"108.167.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058238/; classtype:trojan-activity;sid:83921338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058239)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"108.167.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058239/; classtype:trojan-activity;sid:83921339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058240)"; flow:established,from_client; content:"GET"; http_method; content:"/gpon443"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"108.167.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058240/; classtype:trojan-activity;sid:83921340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058241)"; flow:established,from_client; content:"GET"; http_method; content:"/thinkphp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"108.167.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058241/; classtype:trojan-activity;sid:83921341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"108.167.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058242/; classtype:trojan-activity;sid:83921342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058243)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"108.167.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058243/; classtype:trojan-activity;sid:83921343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058244)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"108.167.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058244/; classtype:trojan-activity;sid:83921344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058245)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"108.167.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058245/; classtype:trojan-activity;sid:83921345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058226)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"108.167.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058226/; classtype:trojan-activity;sid:83921326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058227)"; flow:established,from_client; content:"GET"; http_method; content:"/hnap"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"108.167.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058227/; classtype:trojan-activity;sid:83921327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"108.167.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058228/; classtype:trojan-activity;sid:83921328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058229)"; flow:established,from_client; content:"GET"; http_method; content:"/thinkphp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"108.167.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058229/; classtype:trojan-activity;sid:83921329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058230)"; flow:established,from_client; content:"GET"; http_method; content:"/huawei"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"108.167.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058230/; classtype:trojan-activity;sid:83921330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058231)"; flow:established,from_client; content:"GET"; http_method; content:"/lg"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"108.167.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058231/; classtype:trojan-activity;sid:83921331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058232)"; flow:established,from_client; content:"GET"; http_method; content:"/aws"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"108.167.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058232/; classtype:trojan-activity;sid:83921332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058233)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"108.167.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058233/; classtype:trojan-activity;sid:83921333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058218)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"108.167.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058218/; classtype:trojan-activity;sid:83921318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058219)"; flow:established,from_client; content:"GET"; http_method; content:"/zte"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"108.167.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058219/; classtype:trojan-activity;sid:83921319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058220)"; flow:established,from_client; content:"GET"; http_method; content:"/realtek"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"108.167.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058220/; classtype:trojan-activity;sid:83921320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058221)"; flow:established,from_client; content:"GET"; http_method; content:"/hnap"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"108.167.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058221/; classtype:trojan-activity;sid:83921321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.229.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058222/; classtype:trojan-activity;sid:83921322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058223)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"108.167.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058223/; classtype:trojan-activity;sid:83921323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058224)"; flow:established,from_client; content:"GET"; http_method; content:"/pulse"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"108.167.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058224/; classtype:trojan-activity;sid:83921324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058225)"; flow:established,from_client; content:"GET"; http_method; content:"/gpon443"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"108.167.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058225/; classtype:trojan-activity;sid:83921325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.9.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058215/; classtype:trojan-activity;sid:83921315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058214)"; flow:established,from_client; content:"GET"; http_method; content:"/doc869877400_678937573|3f|hash=hcwddqfsmcp7hz0yzz6zgmga06wxsacdvogggsjnhwd|7c|26|7c|dl=ydoxqwejic9vsoh3t3ddgzz5jrwjjfuzo5q3arblguw|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058214/; classtype:trojan-activity;sid:83921314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.165.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058213/; classtype:trojan-activity;sid:83921313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.225.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058212/; classtype:trojan-activity;sid:83921312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058211)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.89.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058211/; classtype:trojan-activity;sid:83921311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058207)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.184.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058207/; classtype:trojan-activity;sid:83921307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058208)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.161.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058208/; classtype:trojan-activity;sid:83921308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"73.171.230.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058209/; classtype:trojan-activity;sid:83921309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058210)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.87.45.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058210/; classtype:trojan-activity;sid:83921310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.139.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058206/; classtype:trojan-activity;sid:83921306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058205)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058205/; classtype:trojan-activity;sid:83921305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058203)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc/drpbrpa"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.216.68.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058203/; classtype:trojan-activity;sid:83921303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058204)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips/drpbrma"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.216.68.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058204/; classtype:trojan-activity;sid:83921304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058195)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058195/; classtype:trojan-activity;sid:83921295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058196)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058196/; classtype:trojan-activity;sid:83921296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058197)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.i586"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058197/; classtype:trojan-activity;sid:83921297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058198)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.i486"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058198/; classtype:trojan-activity;sid:83921298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058199)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.i586"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058199/; classtype:trojan-activity;sid:83921299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058200)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058200/; classtype:trojan-activity;sid:83921300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058201)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058201/; classtype:trojan-activity;sid:83921301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058202)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.i486"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058202/; classtype:trojan-activity;sid:83921302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058194)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.i686"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058194/; classtype:trojan-activity;sid:83921294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058187)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv4l"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058187/; classtype:trojan-activity;sid:83921287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058188)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.armv6l"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058188/; classtype:trojan-activity;sid:83921288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058189)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv6l"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058189/; classtype:trojan-activity;sid:83921289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058190)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv7l"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058190/; classtype:trojan-activity;sid:83921290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058191)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.armv7l"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058191/; classtype:trojan-activity;sid:83921291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058192)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv5l"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058192/; classtype:trojan-activity;sid:83921292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058193)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.armv4l"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058193/; classtype:trojan-activity;sid:83921293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058186)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.armv5l"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058186/; classtype:trojan-activity;sid:83921286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058173)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.mipsel"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058173/; classtype:trojan-activity;sid:83921273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058174)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058174/; classtype:trojan-activity;sid:83921274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058175)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.mipsel"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058175/; classtype:trojan-activity;sid:83921275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058176)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.aarch64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058176/; classtype:trojan-activity;sid:83921276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058177)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058177/; classtype:trojan-activity;sid:83921277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058178)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.powerpc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058178/; classtype:trojan-activity;sid:83921278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058179)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058179/; classtype:trojan-activity;sid:83921279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058180)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.powerpc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058180/; classtype:trojan-activity;sid:83921280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058181)"; flow:established,from_client; content:"GET"; http_method; content:"/loadbot.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058181/; classtype:trojan-activity;sid:83921281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058182)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058182/; classtype:trojan-activity;sid:83921282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058183)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.sparc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058183/; classtype:trojan-activity;sid:83921283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058184)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.sparc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058184/; classtype:trojan-activity;sid:83921284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058185)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.aarch64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058185/; classtype:trojan-activity;sid:83921285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058171)"; flow:established,from_client; content:"GET"; http_method; content:"/dzen/hohol.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"77.91.77.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058171/; classtype:trojan-activity;sid:83921271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.50.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058172/; classtype:trojan-activity;sid:83921272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058169)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.59.248.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058169/; classtype:trojan-activity;sid:83921269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058170)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.59.248.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058170/; classtype:trojan-activity;sid:83921270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.160.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058168/; classtype:trojan-activity;sid:83921268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058167/; classtype:trojan-activity;sid:83921267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058165/; classtype:trojan-activity;sid:83921265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.168.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058166/; classtype:trojan-activity;sid:83921266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.255.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058164/; classtype:trojan-activity;sid:83921264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.153.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058163/; classtype:trojan-activity;sid:83921263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058162)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.174.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058162/; classtype:trojan-activity;sid:83921262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.109.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058161/; classtype:trojan-activity;sid:83921261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.192.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058159/; classtype:trojan-activity;sid:83921259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.166.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058160/; classtype:trojan-activity;sid:83921260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.66.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058158/; classtype:trojan-activity;sid:83921258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.116.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058156/; classtype:trojan-activity;sid:83921256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.118.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058157/; classtype:trojan-activity;sid:83921257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.199.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058155/; classtype:trojan-activity;sid:83921255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.119.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058154/; classtype:trojan-activity;sid:83921254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.50.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058153/; classtype:trojan-activity;sid:83921253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.190.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058152/; classtype:trojan-activity;sid:83921252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.139.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058151/; classtype:trojan-activity;sid:83921251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.225.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058150/; classtype:trojan-activity;sid:83921250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"73.171.230.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058149/; classtype:trojan-activity;sid:83921249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058148)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.198.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058148/; classtype:trojan-activity;sid:83921248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058147)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.84.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058147/; classtype:trojan-activity;sid:83921247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058146)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.175.161.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058146/; classtype:trojan-activity;sid:83921246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058145)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv7l/drpbraa"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.216.68.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058145/; classtype:trojan-activity;sid:83921245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.77.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058144/; classtype:trojan-activity;sid:83921244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.58.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058143/; classtype:trojan-activity;sid:83921243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.119.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058142/; classtype:trojan-activity;sid:83921242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.165.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058141/; classtype:trojan-activity;sid:83921241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.200.16.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058140/; classtype:trojan-activity;sid:83921240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058111)"; flow:established,from_client; content:"GET"; http_method; content:"/5685636510042.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058111/; classtype:trojan-activity;sid:83921211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058112)"; flow:established,from_client; content:"GET"; http_method; content:"/17283221221217.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058112/; classtype:trojan-activity;sid:83921212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058113)"; flow:established,from_client; content:"GET"; http_method; content:"/28792574431684.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058113/; classtype:trojan-activity;sid:83921213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058114)"; flow:established,from_client; content:"GET"; http_method; content:"/162173226519808.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058114/; classtype:trojan-activity;sid:83921214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058115)"; flow:established,from_client; content:"GET"; http_method; content:"/159642403518699.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058115/; classtype:trojan-activity;sid:83921215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058116)"; flow:established,from_client; content:"GET"; http_method; content:"/122302714028311.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058116/; classtype:trojan-activity;sid:83921216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058117)"; flow:established,from_client; content:"GET"; http_method; content:"/18301343424544.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058117/; classtype:trojan-activity;sid:83921217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058118)"; flow:established,from_client; content:"GET"; http_method; content:"/11401304018275.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058118/; classtype:trojan-activity;sid:83921218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058119)"; flow:established,from_client; content:"GET"; http_method; content:"/159642403518699.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058119/; classtype:trojan-activity;sid:83921219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058120)"; flow:established,from_client; content:"GET"; http_method; content:"/21854102773609.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058120/; classtype:trojan-activity;sid:83921220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058121)"; flow:established,from_client; content:"GET"; http_method; content:"/48111999325022.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058121/; classtype:trojan-activity;sid:83921221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058122)"; flow:established,from_client; content:"GET"; http_method; content:"/13228279724004.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058122/; classtype:trojan-activity;sid:83921222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058123)"; flow:established,from_client; content:"GET"; http_method; content:"/185382785731260.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058123/; classtype:trojan-activity;sid:83921223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058124)"; flow:established,from_client; content:"GET"; http_method; content:"/20831255771415.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058124/; classtype:trojan-activity;sid:83921224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058125)"; flow:established,from_client; content:"GET"; http_method; content:"/194642919326010.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058125/; classtype:trojan-activity;sid:83921225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058126)"; flow:established,from_client; content:"GET"; http_method; content:"/11401304018275.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058126/; classtype:trojan-activity;sid:83921226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058127)"; flow:established,from_client; content:"GET"; http_method; content:"/13505279848351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058127/; classtype:trojan-activity;sid:83921227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058128)"; flow:established,from_client; content:"GET"; http_method; content:"/86781133818144.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058128/; classtype:trojan-activity;sid:83921228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058129)"; flow:established,from_client; content:"GET"; http_method; content:"/14045293869401.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058129/; classtype:trojan-activity;sid:83921229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058130)"; flow:established,from_client; content:"GET"; http_method; content:"/17777753213985.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058130/; classtype:trojan-activity;sid:83921230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058131)"; flow:established,from_client; content:"GET"; http_method; content:"/721256141486.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058131/; classtype:trojan-activity;sid:83921231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058132)"; flow:established,from_client; content:"GET"; http_method; content:"/293581802922445.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058132/; classtype:trojan-activity;sid:83921232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058133)"; flow:established,from_client; content:"GET"; http_method; content:"/16134278330185.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058133/; classtype:trojan-activity;sid:83921233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058134)"; flow:established,from_client; content:"GET"; http_method; content:"/47141987620729.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058134/; classtype:trojan-activity;sid:83921234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058135)"; flow:established,from_client; content:"GET"; http_method; content:"/2645972026200.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058135/; classtype:trojan-activity;sid:83921235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058136)"; flow:established,from_client; content:"GET"; http_method; content:"/14240320923345.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058136/; classtype:trojan-activity;sid:83921236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058137)"; flow:established,from_client; content:"GET"; http_method; content:"/48111999325022.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058137/; classtype:trojan-activity;sid:83921237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058138)"; flow:established,from_client; content:"GET"; http_method; content:"/161101029419095.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058138/; classtype:trojan-activity;sid:83921238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058139)"; flow:established,from_client; content:"GET"; http_method; content:"/47312627127348.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058139/; classtype:trojan-activity;sid:83921239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058109)"; flow:established,from_client; content:"GET"; http_method; content:"/7450468614233.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058109/; classtype:trojan-activity;sid:83921209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058110)"; flow:established,from_client; content:"GET"; http_method; content:"/234647089425.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058110/; classtype:trojan-activity;sid:83921210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058074)"; flow:established,from_client; content:"GET"; http_method; content:"/19786138996700.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058074/; classtype:trojan-activity;sid:83921174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058075)"; flow:established,from_client; content:"GET"; http_method; content:"/9753910413140.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058075/; classtype:trojan-activity;sid:83921175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058076)"; flow:established,from_client; content:"GET"; http_method; content:"/2433346094121.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058076/; classtype:trojan-activity;sid:83921176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058077)"; flow:established,from_client; content:"GET"; http_method; content:"/196452519319596.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058077/; classtype:trojan-activity;sid:83921177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058078)"; flow:established,from_client; content:"GET"; http_method; content:"/904513631560.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058078/; classtype:trojan-activity;sid:83921178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058079)"; flow:established,from_client; content:"GET"; http_method; content:"/8623717231350.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058079/; classtype:trojan-activity;sid:83921179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058080)"; flow:established,from_client; content:"GET"; http_method; content:"/320611076628622.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058080/; classtype:trojan-activity;sid:83921180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058081)"; flow:established,from_client; content:"GET"; http_method; content:"/162173226519808.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058081/; classtype:trojan-activity;sid:83921181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058082)"; flow:established,from_client; content:"GET"; http_method; content:"/27732302912131.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058082/; classtype:trojan-activity;sid:83921182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058083)"; flow:established,from_client; content:"GET"; http_method; content:"/235132567015030.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058083/; classtype:trojan-activity;sid:83921183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058084)"; flow:established,from_client; content:"GET"; http_method; content:"/21218949518664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058084/; classtype:trojan-activity;sid:83921184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058085)"; flow:established,from_client; content:"GET"; http_method; content:"/295711304116423.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058085/; classtype:trojan-activity;sid:83921185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058086)"; flow:established,from_client; content:"GET"; http_method; content:"/219952090612375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058086/; classtype:trojan-activity;sid:83921186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058087)"; flow:established,from_client; content:"GET"; http_method; content:"/25909643110239.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058087/; classtype:trojan-activity;sid:83921187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058088)"; flow:established,from_client; content:"GET"; http_method; content:"/5685636510042.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058088/; classtype:trojan-activity;sid:83921188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058089)"; flow:established,from_client; content:"GET"; http_method; content:"/3572246549187.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058089/; classtype:trojan-activity;sid:83921189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058090)"; flow:established,from_client; content:"GET"; http_method; content:"/196452519319596.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058090/; classtype:trojan-activity;sid:83921190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058091)"; flow:established,from_client; content:"GET"; http_method; content:"/4942163781639.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058091/; classtype:trojan-activity;sid:83921191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058092)"; flow:established,from_client; content:"GET"; http_method; content:"/2645972026200.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058092/; classtype:trojan-activity;sid:83921192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058093)"; flow:established,from_client; content:"GET"; http_method; content:"/258321656031949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058093/; classtype:trojan-activity;sid:83921193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058094)"; flow:established,from_client; content:"GET"; http_method; content:"/140471797424079.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058094/; classtype:trojan-activity;sid:83921194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058095)"; flow:established,from_client; content:"GET"; http_method; content:"/162173226519808.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058095/; classtype:trojan-activity;sid:83921195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058096)"; flow:established,from_client; content:"GET"; http_method; content:"/202811428928372.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058096/; classtype:trojan-activity;sid:83921196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058097)"; flow:established,from_client; content:"GET"; http_method; content:"/4942163781639.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058097/; classtype:trojan-activity;sid:83921197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058098)"; flow:established,from_client; content:"GET"; http_method; content:"/293581802922445.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058098/; classtype:trojan-activity;sid:83921198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058099)"; flow:established,from_client; content:"GET"; http_method; content:"/163412250512119.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058099/; classtype:trojan-activity;sid:83921199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058100)"; flow:established,from_client; content:"GET"; http_method; content:"/6840784313807.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058100/; classtype:trojan-activity;sid:83921200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058101)"; flow:established,from_client; content:"GET"; http_method; content:"/141626646422.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058101/; classtype:trojan-activity;sid:83921201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058102)"; flow:established,from_client; content:"GET"; http_method; content:"/20772434815351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058102/; classtype:trojan-activity;sid:83921202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058103)"; flow:established,from_client; content:"GET"; http_method; content:"/297331327429949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058103/; classtype:trojan-activity;sid:83921203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058104)"; flow:established,from_client; content:"GET"; http_method; content:"/7285986021605.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058104/; classtype:trojan-activity;sid:83921204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058105)"; flow:established,from_client; content:"GET"; http_method; content:"/1905070293923.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058105/; classtype:trojan-activity;sid:83921205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058106)"; flow:established,from_client; content:"GET"; http_method; content:"/16433258548766.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058106/; classtype:trojan-activity;sid:83921206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058107)"; flow:established,from_client; content:"GET"; http_method; content:"/58121393721311.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058107/; classtype:trojan-activity;sid:83921207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058108)"; flow:established,from_client; content:"GET"; http_method; content:"/74612999010658.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058108/; classtype:trojan-activity;sid:83921208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058068)"; flow:established,from_client; content:"GET"; http_method; content:"/904513631560.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058068/; classtype:trojan-activity;sid:83921168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058069)"; flow:established,from_client; content:"GET"; http_method; content:"/140471797424079.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058069/; classtype:trojan-activity;sid:83921169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058070)"; flow:established,from_client; content:"GET"; http_method; content:"/240702223723210.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058070/; classtype:trojan-activity;sid:83921170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058071)"; flow:established,from_client; content:"GET"; http_method; content:"/186683159919091.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058071/; classtype:trojan-activity;sid:83921171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058072)"; flow:established,from_client; content:"GET"; http_method; content:"/4942163781639.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058072/; classtype:trojan-activity;sid:83921172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058073)"; flow:established,from_client; content:"GET"; http_method; content:"/28792574431684.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058073/; classtype:trojan-activity;sid:83921173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058067)"; flow:established,from_client; content:"GET"; http_method; content:"/234647089425.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058067/; classtype:trojan-activity;sid:83921167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058028)"; flow:established,from_client; content:"GET"; http_method; content:"/2799097265884.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058028/; classtype:trojan-activity;sid:83921128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058029)"; flow:established,from_client; content:"GET"; http_method; content:"/9753910413140.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058029/; classtype:trojan-activity;sid:83921129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058030)"; flow:established,from_client; content:"GET"; http_method; content:"/85112116625809.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058030/; classtype:trojan-activity;sid:83921130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058031)"; flow:established,from_client; content:"GET"; http_method; content:"/86781133818144.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058031/; classtype:trojan-activity;sid:83921131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058032)"; flow:established,from_client; content:"GET"; http_method; content:"/259802001812467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058032/; classtype:trojan-activity;sid:83921132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058033)"; flow:established,from_client; content:"GET"; http_method; content:"/294231561923485.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058033/; classtype:trojan-activity;sid:83921133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058034)"; flow:established,from_client; content:"GET"; http_method; content:"/208202596920014.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058034/; classtype:trojan-activity;sid:83921134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058035)"; flow:established,from_client; content:"GET"; http_method; content:"/1905070293923.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058035/; classtype:trojan-activity;sid:83921135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058036)"; flow:established,from_client; content:"GET"; http_method; content:"/74612999010658.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058036/; classtype:trojan-activity;sid:83921136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058037)"; flow:established,from_client; content:"GET"; http_method; content:"/904513631560.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058037/; classtype:trojan-activity;sid:83921137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058038)"; flow:established,from_client; content:"GET"; http_method; content:"/293453925026.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058038/; classtype:trojan-activity;sid:83921138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058039)"; flow:established,from_client; content:"GET"; http_method; content:"/275602608018447.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058039/; classtype:trojan-activity;sid:83921139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058040)"; flow:established,from_client; content:"GET"; http_method; content:"/2645972026200.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058040/; classtype:trojan-activity;sid:83921140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058041)"; flow:established,from_client; content:"GET"; http_method; content:"/6840784313807.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058041/; classtype:trojan-activity;sid:83921141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058042)"; flow:established,from_client; content:"GET"; http_method; content:"/22509121009108.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058042/; classtype:trojan-activity;sid:83921142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058043)"; flow:established,from_client; content:"GET"; http_method; content:"/122302714028311.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058043/; classtype:trojan-activity;sid:83921143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058044)"; flow:established,from_client; content:"GET"; http_method; content:"/7450468614233.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058044/; classtype:trojan-activity;sid:83921144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058045)"; flow:established,from_client; content:"GET"; http_method; content:"/140471797424079.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058045/; classtype:trojan-activity;sid:83921145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058046)"; flow:established,from_client; content:"GET"; http_method; content:"/95541017927181.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058046/; classtype:trojan-activity;sid:83921146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058047)"; flow:established,from_client; content:"GET"; http_method; content:"/23712160411586.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058047/; classtype:trojan-activity;sid:83921147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058048)"; flow:established,from_client; content:"GET"; http_method; content:"/3572246549187.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058048/; classtype:trojan-activity;sid:83921148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058049)"; flow:established,from_client; content:"GET"; http_method; content:"/19786138996700.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058049/; classtype:trojan-activity;sid:83921149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058050)"; flow:established,from_client; content:"GET"; http_method; content:"/26205218665271.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058050/; classtype:trojan-activity;sid:83921150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058051)"; flow:established,from_client; content:"GET"; http_method; content:"/22509121009108.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058051/; classtype:trojan-activity;sid:83921151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058052)"; flow:established,from_client; content:"GET"; http_method; content:"/1871393130833.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058052/; classtype:trojan-activity;sid:83921152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058053)"; flow:established,from_client; content:"GET"; http_method; content:"/48121709111246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058053/; classtype:trojan-activity;sid:83921153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058054)"; flow:established,from_client; content:"GET"; http_method; content:"/163412250512119.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058054/; classtype:trojan-activity;sid:83921154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058055)"; flow:established,from_client; content:"GET"; http_method; content:"/320611076628622.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058055/; classtype:trojan-activity;sid:83921155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058056)"; flow:established,from_client; content:"GET"; http_method; content:"/289341765223497.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058056/; classtype:trojan-activity;sid:83921156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058057)"; flow:established,from_client; content:"GET"; http_method; content:"/275602608018447.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058057/; classtype:trojan-activity;sid:83921157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058058)"; flow:established,from_client; content:"GET"; http_method; content:"/239382109316501.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058058/; classtype:trojan-activity;sid:83921158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058059)"; flow:established,from_client; content:"GET"; http_method; content:"/10021225958516.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058059/; classtype:trojan-activity;sid:83921159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058060)"; flow:established,from_client; content:"GET"; http_method; content:"/282882462825858.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058060/; classtype:trojan-activity;sid:83921160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058061)"; flow:established,from_client; content:"GET"; http_method; content:"/17777753213985.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058061/; classtype:trojan-activity;sid:83921161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058062)"; flow:established,from_client; content:"GET"; http_method; content:"/7285986021605.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058062/; classtype:trojan-activity;sid:83921162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058063)"; flow:established,from_client; content:"GET"; http_method; content:"/157732148715945.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058063/; classtype:trojan-activity;sid:83921163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058064)"; flow:established,from_client; content:"GET"; http_method; content:"/25909643110239.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058064/; classtype:trojan-activity;sid:83921164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058065)"; flow:established,from_client; content:"GET"; http_method; content:"/13228279724004.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058065/; classtype:trojan-activity;sid:83921165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058066)"; flow:established,from_client; content:"GET"; http_method; content:"/238881753218283.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058066/; classtype:trojan-activity;sid:83921166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058027)"; flow:established,from_client; content:"GET"; http_method; content:"/209012524319550.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058027/; classtype:trojan-activity;sid:83921127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057988)"; flow:established,from_client; content:"GET"; http_method; content:"/3418233547651.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057988/; classtype:trojan-activity;sid:83921088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057989)"; flow:established,from_client; content:"GET"; http_method; content:"/21209181316742.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057989/; classtype:trojan-activity;sid:83921089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057990)"; flow:established,from_client; content:"GET"; http_method; content:"/1111263555411.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057990/; classtype:trojan-activity;sid:83921090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057991)"; flow:established,from_client; content:"GET"; http_method; content:"/11401304018275.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057991/; classtype:trojan-activity;sid:83921091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057992)"; flow:established,from_client; content:"GET"; http_method; content:"/26203177426594.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057992/; classtype:trojan-activity;sid:83921092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057993)"; flow:established,from_client; content:"GET"; http_method; content:"/208202596920014.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057993/; classtype:trojan-activity;sid:83921093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057994)"; flow:established,from_client; content:"GET"; http_method; content:"/13505279848351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057994/; classtype:trojan-activity;sid:83921094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057995)"; flow:established,from_client; content:"GET"; http_method; content:"/8623717231350.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057995/; classtype:trojan-activity;sid:83921095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057996)"; flow:established,from_client; content:"GET"; http_method; content:"/27732302912131.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057996/; classtype:trojan-activity;sid:83921096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057997)"; flow:established,from_client; content:"GET"; http_method; content:"/9753910413140.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057997/; classtype:trojan-activity;sid:83921097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057998)"; flow:established,from_client; content:"GET"; http_method; content:"/186711723522606.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057998/; classtype:trojan-activity;sid:83921098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057999)"; flow:established,from_client; content:"GET"; http_method; content:"/95491831519039.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057999/; classtype:trojan-activity;sid:83921099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058000)"; flow:established,from_client; content:"GET"; http_method; content:"/62693180814501.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058000/; classtype:trojan-activity;sid:83921100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058001)"; flow:established,from_client; content:"GET"; http_method; content:"/225742142723127.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058001/; classtype:trojan-activity;sid:83921101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058002)"; flow:established,from_client; content:"GET"; http_method; content:"/25035723513366.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058002/; classtype:trojan-activity;sid:83921102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058003)"; flow:established,from_client; content:"GET"; http_method; content:"/240702223723210.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058003/; classtype:trojan-activity;sid:83921103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058004)"; flow:established,from_client; content:"GET"; http_method; content:"/9106210789637.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058004/; classtype:trojan-activity;sid:83921104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058005)"; flow:established,from_client; content:"GET"; http_method; content:"/20772434815351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058005/; classtype:trojan-activity;sid:83921105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058006)"; flow:established,from_client; content:"GET"; http_method; content:"/2230877325584.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058006/; classtype:trojan-activity;sid:83921106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058007)"; flow:established,from_client; content:"GET"; http_method; content:"/5336150120480.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058007/; classtype:trojan-activity;sid:83921107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058008)"; flow:established,from_client; content:"GET"; http_method; content:"/58121393721311.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058008/; classtype:trojan-activity;sid:83921108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058009)"; flow:established,from_client; content:"GET"; http_method; content:"/30742057426029.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058009/; classtype:trojan-activity;sid:83921109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058010)"; flow:established,from_client; content:"GET"; http_method; content:"/21854102773609.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058010/; classtype:trojan-activity;sid:83921110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058011)"; flow:established,from_client; content:"GET"; http_method; content:"/18301343424544.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058011/; classtype:trojan-activity;sid:83921111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058012)"; flow:established,from_client; content:"GET"; http_method; content:"/157732148715945.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058012/; classtype:trojan-activity;sid:83921112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058013)"; flow:established,from_client; content:"GET"; http_method; content:"/194642919326010.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058013/; classtype:trojan-activity;sid:83921113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058014)"; flow:established,from_client; content:"GET"; http_method; content:"/157732148715945.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058014/; classtype:trojan-activity;sid:83921114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058015)"; flow:established,from_client; content:"GET"; http_method; content:"/126951871630094.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058015/; classtype:trojan-activity;sid:83921115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058016)"; flow:established,from_client; content:"GET"; http_method; content:"/30742057426029.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058016/; classtype:trojan-activity;sid:83921116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058017)"; flow:established,from_client; content:"GET"; http_method; content:"/258321656031949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058017/; classtype:trojan-activity;sid:83921117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058018)"; flow:established,from_client; content:"GET"; http_method; content:"/185382785731260.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058018/; classtype:trojan-activity;sid:83921118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058019)"; flow:established,from_client; content:"GET"; http_method; content:"/179732851022052.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058019/; classtype:trojan-activity;sid:83921119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058020)"; flow:established,from_client; content:"GET"; http_method; content:"/238881753218283.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058020/; classtype:trojan-activity;sid:83921120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058021)"; flow:established,from_client; content:"GET"; http_method; content:"/5336150120480.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058021/; classtype:trojan-activity;sid:83921121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058022)"; flow:established,from_client; content:"GET"; http_method; content:"/47312627127348.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058022/; classtype:trojan-activity;sid:83921122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058023)"; flow:established,from_client; content:"GET"; http_method; content:"/6840784313807.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058023/; classtype:trojan-activity;sid:83921123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058024)"; flow:established,from_client; content:"GET"; http_method; content:"/58121393721311.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058024/; classtype:trojan-activity;sid:83921124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058025)"; flow:established,from_client; content:"GET"; http_method; content:"/162312656229872.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058025/; classtype:trojan-activity;sid:83921125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058026)"; flow:established,from_client; content:"GET"; http_method; content:"/133743007529826.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058026/; classtype:trojan-activity;sid:83921126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057987)"; flow:established,from_client; content:"GET"; http_method; content:"/95491831519039.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057987/; classtype:trojan-activity;sid:83921087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057983)"; flow:established,from_client; content:"GET"; http_method; content:"/62693180814501.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057983/; classtype:trojan-activity;sid:83921083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057984)"; flow:established,from_client; content:"GET"; http_method; content:"/2939869728525.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057984/; classtype:trojan-activity;sid:83921084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057985)"; flow:established,from_client; content:"GET"; http_method; content:"/7607213729806.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057985/; classtype:trojan-activity;sid:83921085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057986)"; flow:established,from_client; content:"GET"; http_method; content:"/1111263555411.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057986/; classtype:trojan-activity;sid:83921086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057948)"; flow:established,from_client; content:"GET"; http_method; content:"/20772434815351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057948/; classtype:trojan-activity;sid:83921048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057949)"; flow:established,from_client; content:"GET"; http_method; content:"/3418233547651.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057949/; classtype:trojan-activity;sid:83921049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057950)"; flow:established,from_client; content:"GET"; http_method; content:"/219952090612375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057950/; classtype:trojan-activity;sid:83921050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057951)"; flow:established,from_client; content:"GET"; http_method; content:"/219162541119066.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057951/; classtype:trojan-activity;sid:83921051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057952)"; flow:established,from_client; content:"GET"; http_method; content:"/293453925026.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057952/; classtype:trojan-activity;sid:83921052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057953)"; flow:established,from_client; content:"GET"; http_method; content:"/19786138996700.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057953/; classtype:trojan-activity;sid:83921053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057954)"; flow:established,from_client; content:"GET"; http_method; content:"/186683159919091.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057954/; classtype:trojan-activity;sid:83921054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057955)"; flow:established,from_client; content:"GET"; http_method; content:"/126402128422578.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057955/; classtype:trojan-activity;sid:83921055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057956)"; flow:established,from_client; content:"GET"; http_method; content:"/113883084112122.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057956/; classtype:trojan-activity;sid:83921056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057957)"; flow:established,from_client; content:"GET"; http_method; content:"/31852834330664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057957/; classtype:trojan-activity;sid:83921057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057958)"; flow:established,from_client; content:"GET"; http_method; content:"/141626646422.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057958/; classtype:trojan-activity;sid:83921058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057959)"; flow:established,from_client; content:"GET"; http_method; content:"/161101029419095.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057959/; classtype:trojan-activity;sid:83921059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057960)"; flow:established,from_client; content:"GET"; http_method; content:"/225742142723127.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057960/; classtype:trojan-activity;sid:83921060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057961)"; flow:established,from_client; content:"GET"; http_method; content:"/9074271717066.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057961/; classtype:trojan-activity;sid:83921061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057962)"; flow:established,from_client; content:"GET"; http_method; content:"/95541017927181.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057962/; classtype:trojan-activity;sid:83921062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057963)"; flow:established,from_client; content:"GET"; http_method; content:"/202811428928372.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057963/; classtype:trojan-activity;sid:83921063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057964)"; flow:established,from_client; content:"GET"; http_method; content:"/160551844320505.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057964/; classtype:trojan-activity;sid:83921064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057965)"; flow:established,from_client; content:"GET"; http_method; content:"/297331327429949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057965/; classtype:trojan-activity;sid:83921065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057966)"; flow:established,from_client; content:"GET"; http_method; content:"/28792574431684.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057966/; classtype:trojan-activity;sid:83921066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057967)"; flow:established,from_client; content:"GET"; http_method; content:"/13505279848351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057967/; classtype:trojan-activity;sid:83921067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057968)"; flow:established,from_client; content:"GET"; http_method; content:"/5685636510042.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057968/; classtype:trojan-activity;sid:83921068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057969)"; flow:established,from_client; content:"GET"; http_method; content:"/21218949518664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057969/; classtype:trojan-activity;sid:83921069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057970)"; flow:established,from_client; content:"GET"; http_method; content:"/16134278330185.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057970/; classtype:trojan-activity;sid:83921070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057971)"; flow:established,from_client; content:"GET"; http_method; content:"/9106210789637.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057971/; classtype:trojan-activity;sid:83921071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057972)"; flow:established,from_client; content:"GET"; http_method; content:"/209012524319550.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057972/; classtype:trojan-activity;sid:83921072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057973)"; flow:established,from_client; content:"GET"; http_method; content:"/202811428928372.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057973/; classtype:trojan-activity;sid:83921073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057974)"; flow:established,from_client; content:"GET"; http_method; content:"/234647089425.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057974/; classtype:trojan-activity;sid:83921074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057975)"; flow:established,from_client; content:"GET"; http_method; content:"/9753910413140.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057975/; classtype:trojan-activity;sid:83921075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057976)"; flow:established,from_client; content:"GET"; http_method; content:"/141626646422.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057976/; classtype:trojan-activity;sid:83921076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057977)"; flow:established,from_client; content:"GET"; http_method; content:"/5685636510042.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057977/; classtype:trojan-activity;sid:83921077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057978)"; flow:established,from_client; content:"GET"; http_method; content:"/154121319421467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057978/; classtype:trojan-activity;sid:83921078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057979)"; flow:established,from_client; content:"GET"; http_method; content:"/9106210789637.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057979/; classtype:trojan-activity;sid:83921079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057980)"; flow:established,from_client; content:"GET"; http_method; content:"/122302714028311.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057980/; classtype:trojan-activity;sid:83921080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057981)"; flow:established,from_client; content:"GET"; http_method; content:"/48121709111246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057981/; classtype:trojan-activity;sid:83921081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057982)"; flow:established,from_client; content:"GET"; http_method; content:"/199273075630702.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057982/; classtype:trojan-activity;sid:83921082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057941)"; flow:established,from_client; content:"GET"; http_method; content:"/86781133818144.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057941/; classtype:trojan-activity;sid:83921041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057942)"; flow:established,from_client; content:"GET"; http_method; content:"/1111263555411.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057942/; classtype:trojan-activity;sid:83921042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057943)"; flow:established,from_client; content:"GET"; http_method; content:"/14217940225195.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057943/; classtype:trojan-activity;sid:83921043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057944)"; flow:established,from_client; content:"GET"; http_method; content:"/6691249755586.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057944/; classtype:trojan-activity;sid:83921044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057945)"; flow:established,from_client; content:"GET"; http_method; content:"/25028894717122.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057945/; classtype:trojan-activity;sid:83921045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057946)"; flow:established,from_client; content:"GET"; http_method; content:"/238881753218283.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057946/; classtype:trojan-activity;sid:83921046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057947)"; flow:established,from_client; content:"GET"; http_method; content:"/14217940225195.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057947/; classtype:trojan-activity;sid:83921047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057920)"; flow:established,from_client; content:"GET"; http_method; content:"/219162541119066.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057920/; classtype:trojan-activity;sid:83921020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057921)"; flow:established,from_client; content:"GET"; http_method; content:"/70133027720297.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057921/; classtype:trojan-activity;sid:83921021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057922)"; flow:established,from_client; content:"GET"; http_method; content:"/4942163781639.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057922/; classtype:trojan-activity;sid:83921022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057923)"; flow:established,from_client; content:"GET"; http_method; content:"/85112116625809.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057923/; classtype:trojan-activity;sid:83921023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057924)"; flow:established,from_client; content:"GET"; http_method; content:"/23712160411586.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057924/; classtype:trojan-activity;sid:83921024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057925)"; flow:established,from_client; content:"GET"; http_method; content:"/196452519319596.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057925/; classtype:trojan-activity;sid:83921025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057926)"; flow:established,from_client; content:"GET"; http_method; content:"/154121319421467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057926/; classtype:trojan-activity;sid:83921026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057927)"; flow:established,from_client; content:"GET"; http_method; content:"/7450468614233.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057927/; classtype:trojan-activity;sid:83921027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057928)"; flow:established,from_client; content:"GET"; http_method; content:"/13228279724004.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057928/; classtype:trojan-activity;sid:83921028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057929)"; flow:established,from_client; content:"GET"; http_method; content:"/31852834330664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057929/; classtype:trojan-activity;sid:83921029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057930)"; flow:established,from_client; content:"GET"; http_method; content:"/295711304116423.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057930/; classtype:trojan-activity;sid:83921030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057931)"; flow:established,from_client; content:"GET"; http_method; content:"/14045293869401.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057931/; classtype:trojan-activity;sid:83921031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057932)"; flow:established,from_client; content:"GET"; http_method; content:"/14045293869401.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057932/; classtype:trojan-activity;sid:83921032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057933)"; flow:established,from_client; content:"GET"; http_method; content:"/26203177426594.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057933/; classtype:trojan-activity;sid:83921033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057934)"; flow:established,from_client; content:"GET"; http_method; content:"/160551844320505.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057934/; classtype:trojan-activity;sid:83921034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057935)"; flow:established,from_client; content:"GET"; http_method; content:"/5336150120480.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057935/; classtype:trojan-activity;sid:83921035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057936)"; flow:established,from_client; content:"GET"; http_method; content:"/25035723513366.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057936/; classtype:trojan-activity;sid:83921036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057937)"; flow:established,from_client; content:"GET"; http_method; content:"/221176234056.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057937/; classtype:trojan-activity;sid:83921037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057938)"; flow:established,from_client; content:"GET"; http_method; content:"/9074271717066.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057938/; classtype:trojan-activity;sid:83921038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057939)"; flow:established,from_client; content:"GET"; http_method; content:"/9106210789637.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057939/; classtype:trojan-activity;sid:83921039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057940)"; flow:established,from_client; content:"GET"; http_method; content:"/235132567015030.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057940/; classtype:trojan-activity;sid:83921040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057900)"; flow:established,from_client; content:"GET"; http_method; content:"/21209181316742.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057900/; classtype:trojan-activity;sid:83921000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057901)"; flow:established,from_client; content:"GET"; http_method; content:"/16433258548766.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057901/; classtype:trojan-activity;sid:83921001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057902)"; flow:established,from_client; content:"GET"; http_method; content:"/48121709111246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057902/; classtype:trojan-activity;sid:83921002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057903)"; flow:established,from_client; content:"GET"; http_method; content:"/14240320923345.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057903/; classtype:trojan-activity;sid:83921003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057904)"; flow:established,from_client; content:"GET"; http_method; content:"/289341765223497.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057904/; classtype:trojan-activity;sid:83921004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057905)"; flow:established,from_client; content:"GET"; http_method; content:"/2939869728525.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057905/; classtype:trojan-activity;sid:83921005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057906)"; flow:established,from_client; content:"GET"; http_method; content:"/17959616912130.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057906/; classtype:trojan-activity;sid:83921006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057907)"; flow:established,from_client; content:"GET"; http_method; content:"/258321656031949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057907/; classtype:trojan-activity;sid:83921007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057908)"; flow:established,from_client; content:"GET"; http_method; content:"/297331327429949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057908/; classtype:trojan-activity;sid:83921008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057909)"; flow:established,from_client; content:"GET"; http_method; content:"/62693180814501.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057909/; classtype:trojan-activity;sid:83921009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057910)"; flow:established,from_client; content:"GET"; http_method; content:"/113883084112122.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057910/; classtype:trojan-activity;sid:83921010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057911)"; flow:established,from_client; content:"GET"; http_method; content:"/9074271717066.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057911/; classtype:trojan-activity;sid:83921011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057912)"; flow:established,from_client; content:"GET"; http_method; content:"/8623717231350.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057912/; classtype:trojan-activity;sid:83921012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057913)"; flow:established,from_client; content:"GET"; http_method; content:"/239382109316501.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057913/; classtype:trojan-activity;sid:83921013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057914)"; flow:established,from_client; content:"GET"; http_method; content:"/6254308077500.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057914/; classtype:trojan-activity;sid:83921014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057915)"; flow:established,from_client; content:"GET"; http_method; content:"/208202596920014.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057915/; classtype:trojan-activity;sid:83921015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057916)"; flow:established,from_client; content:"GET"; http_method; content:"/58121393721311.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057916/; classtype:trojan-activity;sid:83921016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057917)"; flow:established,from_client; content:"GET"; http_method; content:"/134881886712041.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057917/; classtype:trojan-activity;sid:83921017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057918)"; flow:established,from_client; content:"GET"; http_method; content:"/6254308077500.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057918/; classtype:trojan-activity;sid:83921018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057919)"; flow:established,from_client; content:"GET"; http_method; content:"/219952090612375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057919/; classtype:trojan-activity;sid:83921019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057898)"; flow:established,from_client; content:"GET"; http_method; content:"/113883084112122.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057898/; classtype:trojan-activity;sid:83920998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057899)"; flow:established,from_client; content:"GET"; http_method; content:"/159642403518699.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057899/; classtype:trojan-activity;sid:83920999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057859)"; flow:established,from_client; content:"GET"; http_method; content:"/721256141486.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057859/; classtype:trojan-activity;sid:83920959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057860)"; flow:established,from_client; content:"GET"; http_method; content:"/48121709111246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057860/; classtype:trojan-activity;sid:83920960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057861)"; flow:established,from_client; content:"GET"; http_method; content:"/21218949518664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057861/; classtype:trojan-activity;sid:83920961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057862)"; flow:established,from_client; content:"GET"; http_method; content:"/7607213729806.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057862/; classtype:trojan-activity;sid:83920962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057863)"; flow:established,from_client; content:"GET"; http_method; content:"/25909643110239.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057863/; classtype:trojan-activity;sid:83920963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057864)"; flow:established,from_client; content:"GET"; http_method; content:"/2799097265884.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057864/; classtype:trojan-activity;sid:83920964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057865)"; flow:established,from_client; content:"GET"; http_method; content:"/186683159919091.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057865/; classtype:trojan-activity;sid:83920965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057866)"; flow:established,from_client; content:"GET"; http_method; content:"/221176234056.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057866/; classtype:trojan-activity;sid:83920966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057867)"; flow:established,from_client; content:"GET"; http_method; content:"/13645730022686.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057867/; classtype:trojan-activity;sid:83920967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057868)"; flow:established,from_client; content:"GET"; http_method; content:"/95491831519039.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057868/; classtype:trojan-activity;sid:83920968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057869)"; flow:established,from_client; content:"GET"; http_method; content:"/17959616912130.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057869/; classtype:trojan-activity;sid:83920969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057870)"; flow:established,from_client; content:"GET"; http_method; content:"/126951871630094.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057870/; classtype:trojan-activity;sid:83920970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057871)"; flow:established,from_client; content:"GET"; http_method; content:"/47141987620729.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057871/; classtype:trojan-activity;sid:83920971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057872)"; flow:established,from_client; content:"GET"; http_method; content:"/2230877325584.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057872/; classtype:trojan-activity;sid:83920972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057873)"; flow:established,from_client; content:"GET"; http_method; content:"/17777753213985.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057873/; classtype:trojan-activity;sid:83920973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057874)"; flow:established,from_client; content:"GET"; http_method; content:"/74612999010658.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057874/; classtype:trojan-activity;sid:83920974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057875)"; flow:established,from_client; content:"GET"; http_method; content:"/133743007529826.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057875/; classtype:trojan-activity;sid:83920975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057876)"; flow:established,from_client; content:"GET"; http_method; content:"/3572246549187.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057876/; classtype:trojan-activity;sid:83920976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057877)"; flow:established,from_client; content:"GET"; http_method; content:"/25028894717122.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057877/; classtype:trojan-activity;sid:83920977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057878)"; flow:established,from_client; content:"GET"; http_method; content:"/239382109316501.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057878/; classtype:trojan-activity;sid:83920978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057879)"; flow:established,from_client; content:"GET"; http_method; content:"/186711723522606.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057879/; classtype:trojan-activity;sid:83920979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057880)"; flow:established,from_client; content:"GET"; http_method; content:"/10021225958516.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057880/; classtype:trojan-activity;sid:83920980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057881)"; flow:established,from_client; content:"GET"; http_method; content:"/21209181316742.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057881/; classtype:trojan-activity;sid:83920981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057882)"; flow:established,from_client; content:"GET"; http_method; content:"/27732302912131.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057882/; classtype:trojan-activity;sid:83920982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057883)"; flow:established,from_client; content:"GET"; http_method; content:"/275602608018447.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057883/; classtype:trojan-activity;sid:83920983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057884)"; flow:established,from_client; content:"GET"; http_method; content:"/2433346094121.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057884/; classtype:trojan-activity;sid:83920984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057885)"; flow:established,from_client; content:"GET"; http_method; content:"/186711723522606.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057885/; classtype:trojan-activity;sid:83920985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057886)"; flow:established,from_client; content:"GET"; http_method; content:"/2799097265884.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057886/; classtype:trojan-activity;sid:83920986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057887)"; flow:established,from_client; content:"GET"; http_method; content:"/22509121009108.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057887/; classtype:trojan-activity;sid:83920987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057888)"; flow:established,from_client; content:"GET"; http_method; content:"/26203177426594.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057888/; classtype:trojan-activity;sid:83920988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057889)"; flow:established,from_client; content:"GET"; http_method; content:"/209012524319550.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057889/; classtype:trojan-activity;sid:83920989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057890)"; flow:established,from_client; content:"GET"; http_method; content:"/70133027720297.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057890/; classtype:trojan-activity;sid:83920990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057891)"; flow:established,from_client; content:"GET"; http_method; content:"/7607213729806.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057891/; classtype:trojan-activity;sid:83920991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057892)"; flow:established,from_client; content:"GET"; http_method; content:"/48111999325022.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057892/; classtype:trojan-activity;sid:83920992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057893)"; flow:established,from_client; content:"GET"; http_method; content:"/14240320923345.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057893/; classtype:trojan-activity;sid:83920993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057894)"; flow:established,from_client; content:"GET"; http_method; content:"/25035723513366.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057894/; classtype:trojan-activity;sid:83920994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057895)"; flow:established,from_client; content:"GET"; http_method; content:"/5336150120480.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057895/; classtype:trojan-activity;sid:83920995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057896)"; flow:established,from_client; content:"GET"; http_method; content:"/199273075630702.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057896/; classtype:trojan-activity;sid:83920996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057897)"; flow:established,from_client; content:"GET"; http_method; content:"/70133027720297.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057897/; classtype:trojan-activity;sid:83920997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057857)"; flow:established,from_client; content:"GET"; http_method; content:"/134881886712041.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057857/; classtype:trojan-activity;sid:83920957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057858)"; flow:established,from_client; content:"GET"; http_method; content:"/179732851022052.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057858/; classtype:trojan-activity;sid:83920958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057840)"; flow:established,from_client; content:"GET"; http_method; content:"/95541017927181.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057840/; classtype:trojan-activity;sid:83920940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057841)"; flow:established,from_client; content:"GET"; http_method; content:"/6254308077500.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057841/; classtype:trojan-activity;sid:83920941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057842)"; flow:established,from_client; content:"GET"; http_method; content:"/80311668531588.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057842/; classtype:trojan-activity;sid:83920942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057843)"; flow:established,from_client; content:"GET"; http_method; content:"/95541017927181.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057843/; classtype:trojan-activity;sid:83920943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057844)"; flow:established,from_client; content:"GET"; http_method; content:"/7285986021605.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057844/; classtype:trojan-activity;sid:83920944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057845)"; flow:established,from_client; content:"GET"; http_method; content:"/16512111009916.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057845/; classtype:trojan-activity;sid:83920945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057846)"; flow:established,from_client; content:"GET"; http_method; content:"/2230877325584.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057846/; classtype:trojan-activity;sid:83920946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057847)"; flow:established,from_client; content:"GET"; http_method; content:"/161101029419095.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057847/; classtype:trojan-activity;sid:83920947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057848)"; flow:established,from_client; content:"GET"; http_method; content:"/721256141486.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057848/; classtype:trojan-activity;sid:83920948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057849)"; flow:established,from_client; content:"GET"; http_method; content:"/6691249755586.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057849/; classtype:trojan-activity;sid:83920949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057850)"; flow:established,from_client; content:"GET"; http_method; content:"/162312656229872.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057850/; classtype:trojan-activity;sid:83920950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057851)"; flow:established,from_client; content:"GET"; http_method; content:"/240702223723210.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057851/; classtype:trojan-activity;sid:83920951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057852)"; flow:established,from_client; content:"GET"; http_method; content:"/2517831756038.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057852/; classtype:trojan-activity;sid:83920952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057853)"; flow:established,from_client; content:"GET"; http_method; content:"/6254308077500.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057853/; classtype:trojan-activity;sid:83920953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057854)"; flow:established,from_client; content:"GET"; http_method; content:"/134881886712041.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057854/; classtype:trojan-activity;sid:83920954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057855)"; flow:established,from_client; content:"GET"; http_method; content:"/2517831756038.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057855/; classtype:trojan-activity;sid:83920955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057856)"; flow:established,from_client; content:"GET"; http_method; content:"/25028894717122.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057856/; classtype:trojan-activity;sid:83920956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057818)"; flow:established,from_client; content:"GET"; http_method; content:"/295711304116423.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057818/; classtype:trojan-activity;sid:83920918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057819)"; flow:established,from_client; content:"GET"; http_method; content:"/6691249755586.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057819/; classtype:trojan-activity;sid:83920919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057820)"; flow:established,from_client; content:"GET"; http_method; content:"/17283221221217.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057820/; classtype:trojan-activity;sid:83920920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057821)"; flow:established,from_client; content:"GET"; http_method; content:"/10021225958516.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057821/; classtype:trojan-activity;sid:83920921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057822)"; flow:established,from_client; content:"GET"; http_method; content:"/13645730022686.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057822/; classtype:trojan-activity;sid:83920922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057823)"; flow:established,from_client; content:"GET"; http_method; content:"/289341765223497.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057823/; classtype:trojan-activity;sid:83920923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057824)"; flow:established,from_client; content:"GET"; http_method; content:"/1871393130833.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057824/; classtype:trojan-activity;sid:83920924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057825)"; flow:established,from_client; content:"GET"; http_method; content:"/126402128422578.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057825/; classtype:trojan-activity;sid:83920925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057826)"; flow:established,from_client; content:"GET"; http_method; content:"/235132567015030.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057826/; classtype:trojan-activity;sid:83920926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057827)"; flow:established,from_client; content:"GET"; http_method; content:"/133743007529826.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057827/; classtype:trojan-activity;sid:83920927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057828)"; flow:established,from_client; content:"GET"; http_method; content:"/7450468614233.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057828/; classtype:trojan-activity;sid:83920928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057829)"; flow:established,from_client; content:"GET"; http_method; content:"/86781133818144.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057829/; classtype:trojan-activity;sid:83920929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057830)"; flow:established,from_client; content:"GET"; http_method; content:"/20831255771415.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057830/; classtype:trojan-activity;sid:83920930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057831)"; flow:established,from_client; content:"GET"; http_method; content:"/47312627127348.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057831/; classtype:trojan-activity;sid:83920931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057832)"; flow:established,from_client; content:"GET"; http_method; content:"/154121319421467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057832/; classtype:trojan-activity;sid:83920932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057833)"; flow:established,from_client; content:"GET"; http_method; content:"/13645730022686.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057833/; classtype:trojan-activity;sid:83920933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057834)"; flow:established,from_client; content:"GET"; http_method; content:"/23712160411586.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057834/; classtype:trojan-activity;sid:83920934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057835)"; flow:established,from_client; content:"GET"; http_method; content:"/126402128422578.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057835/; classtype:trojan-activity;sid:83920935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057836)"; flow:established,from_client; content:"GET"; http_method; content:"/294231561923485.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057836/; classtype:trojan-activity;sid:83920936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057837)"; flow:established,from_client; content:"GET"; http_method; content:"/6691249755586.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057837/; classtype:trojan-activity;sid:83920937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057838)"; flow:established,from_client; content:"GET"; http_method; content:"/17283221221217.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057838/; classtype:trojan-activity;sid:83920938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057839)"; flow:established,from_client; content:"GET"; http_method; content:"/3418233547651.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057839/; classtype:trojan-activity;sid:83920939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057800)"; flow:established,from_client; content:"GET"; http_method; content:"/47312627127348.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057800/; classtype:trojan-activity;sid:83920900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057801)"; flow:established,from_client; content:"GET"; http_method; content:"/259802001812467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057801/; classtype:trojan-activity;sid:83920901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057802)"; flow:established,from_client; content:"GET"; http_method; content:"/221176234056.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057802/; classtype:trojan-activity;sid:83920902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057803)"; flow:established,from_client; content:"GET"; http_method; content:"/16134278330185.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057803/; classtype:trojan-activity;sid:83920903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057804)"; flow:established,from_client; content:"GET"; http_method; content:"/21854102773609.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057804/; classtype:trojan-activity;sid:83920904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057805)"; flow:established,from_client; content:"GET"; http_method; content:"/62693180814501.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057805/; classtype:trojan-activity;sid:83920905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057806)"; flow:established,from_client; content:"GET"; http_method; content:"/721256141486.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057806/; classtype:trojan-activity;sid:83920906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057807)"; flow:established,from_client; content:"GET"; http_method; content:"/199273075630702.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057807/; classtype:trojan-activity;sid:83920907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057808)"; flow:established,from_client; content:"GET"; http_method; content:"/47141987620729.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057808/; classtype:trojan-activity;sid:83920908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057809)"; flow:established,from_client; content:"GET"; http_method; content:"/70133027720297.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057809/; classtype:trojan-activity;sid:83920909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057810)"; flow:established,from_client; content:"GET"; http_method; content:"/126951871630094.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057810/; classtype:trojan-activity;sid:83920910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057811)"; flow:established,from_client; content:"GET"; http_method; content:"/259802001812467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057811/; classtype:trojan-activity;sid:83920911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057812)"; flow:established,from_client; content:"GET"; http_method; content:"/294231561923485.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057812/; classtype:trojan-activity;sid:83920912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057813)"; flow:established,from_client; content:"GET"; http_method; content:"/3572246549187.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057813/; classtype:trojan-activity;sid:83920913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057814)"; flow:established,from_client; content:"GET"; http_method; content:"/20831255771415.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057814/; classtype:trojan-activity;sid:83920914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057815)"; flow:established,from_client; content:"GET"; http_method; content:"/85112116625809.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057815/; classtype:trojan-activity;sid:83920915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057816)"; flow:established,from_client; content:"GET"; http_method; content:"/7607213729806.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057816/; classtype:trojan-activity;sid:83920916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057817)"; flow:established,from_client; content:"GET"; http_method; content:"/1871393130833.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057817/; classtype:trojan-activity;sid:83920917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057778)"; flow:established,from_client; content:"GET"; http_method; content:"/163412250512119.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057778/; classtype:trojan-activity;sid:83920878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057779)"; flow:established,from_client; content:"GET"; http_method; content:"/30742057426029.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057779/; classtype:trojan-activity;sid:83920879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057780)"; flow:established,from_client; content:"GET"; http_method; content:"/282882462825858.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057780/; classtype:trojan-activity;sid:83920880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057781)"; flow:established,from_client; content:"GET"; http_method; content:"/2517831756038.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057781/; classtype:trojan-activity;sid:83920881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057782)"; flow:established,from_client; content:"GET"; http_method; content:"/904513631560.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057782/; classtype:trojan-activity;sid:83920882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057783)"; flow:established,from_client; content:"GET"; http_method; content:"/160551844320505.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057783/; classtype:trojan-activity;sid:83920883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057784)"; flow:established,from_client; content:"GET"; http_method; content:"/225742142723127.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057784/; classtype:trojan-activity;sid:83920884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057785)"; flow:established,from_client; content:"GET"; http_method; content:"/8623717231350.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057785/; classtype:trojan-activity;sid:83920885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057786)"; flow:established,from_client; content:"GET"; http_method; content:"/80311668531588.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057786/; classtype:trojan-activity;sid:83920886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057787)"; flow:established,from_client; content:"GET"; http_method; content:"/85112116625809.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057787/; classtype:trojan-activity;sid:83920887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057788)"; flow:established,from_client; content:"GET"; http_method; content:"/95491831519039.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057788/; classtype:trojan-activity;sid:83920888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057789)"; flow:established,from_client; content:"GET"; http_method; content:"/80311668531588.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057789/; classtype:trojan-activity;sid:83920889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057790)"; flow:established,from_client; content:"GET"; http_method; content:"/48111999325022.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057790/; classtype:trojan-activity;sid:83920890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057791)"; flow:established,from_client; content:"GET"; http_method; content:"/1905070293923.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057791/; classtype:trojan-activity;sid:83920891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057792)"; flow:established,from_client; content:"GET"; http_method; content:"/14217940225195.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057792/; classtype:trojan-activity;sid:83920892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057793)"; flow:established,from_client; content:"GET"; http_method; content:"/31852834330664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057793/; classtype:trojan-activity;sid:83920893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057794)"; flow:established,from_client; content:"GET"; http_method; content:"/179732851022052.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057794/; classtype:trojan-activity;sid:83920894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057795)"; flow:established,from_client; content:"GET"; http_method; content:"/26205218665271.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057795/; classtype:trojan-activity;sid:83920895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057796)"; flow:established,from_client; content:"GET"; http_method; content:"/282882462825858.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057796/; classtype:trojan-activity;sid:83920896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057797)"; flow:established,from_client; content:"GET"; http_method; content:"/26205218665271.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057797/; classtype:trojan-activity;sid:83920897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057798)"; flow:established,from_client; content:"GET"; http_method; content:"/185382785731260.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057798/; classtype:trojan-activity;sid:83920898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057799)"; flow:established,from_client; content:"GET"; http_method; content:"/320611076628622.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057799/; classtype:trojan-activity;sid:83920899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057760)"; flow:established,from_client; content:"GET"; http_method; content:"/18301343424544.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057760/; classtype:trojan-activity;sid:83920860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057761)"; flow:established,from_client; content:"GET"; http_method; content:"/16433258548766.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057761/; classtype:trojan-activity;sid:83920861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057762)"; flow:established,from_client; content:"GET"; http_method; content:"/80311668531588.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057762/; classtype:trojan-activity;sid:83920862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057763)"; flow:established,from_client; content:"GET"; http_method; content:"/9074271717066.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057763/; classtype:trojan-activity;sid:83920863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057764)"; flow:established,from_client; content:"GET"; http_method; content:"/162312656229872.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057764/; classtype:trojan-activity;sid:83920864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057765)"; flow:established,from_client; content:"GET"; http_method; content:"/2939869728525.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057765/; classtype:trojan-activity;sid:83920865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057766)"; flow:established,from_client; content:"GET"; http_method; content:"/293581802922445.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057766/; classtype:trojan-activity;sid:83920866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057767)"; flow:established,from_client; content:"GET"; http_method; content:"/293453925026.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057767/; classtype:trojan-activity;sid:83920867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057768)"; flow:established,from_client; content:"GET"; http_method; content:"/16512111009916.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057768/; classtype:trojan-activity;sid:83920868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057769)"; flow:established,from_client; content:"GET"; http_method; content:"/6840784313807.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057769/; classtype:trojan-activity;sid:83920869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057770)"; flow:established,from_client; content:"GET"; http_method; content:"/2433346094121.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057770/; classtype:trojan-activity;sid:83920870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057771)"; flow:established,from_client; content:"GET"; http_method; content:"/7285986021605.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057771/; classtype:trojan-activity;sid:83920871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057772)"; flow:established,from_client; content:"GET"; http_method; content:"/74612999010658.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057772/; classtype:trojan-activity;sid:83920872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057773)"; flow:established,from_client; content:"GET"; http_method; content:"/194642919326010.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057773/; classtype:trojan-activity;sid:83920873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057774)"; flow:established,from_client; content:"GET"; http_method; content:"/17959616912130.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057774/; classtype:trojan-activity;sid:83920874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057775)"; flow:established,from_client; content:"GET"; http_method; content:"/16512111009916.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057775/; classtype:trojan-activity;sid:83920875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057776)"; flow:established,from_client; content:"GET"; http_method; content:"/219162541119066.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057776/; classtype:trojan-activity;sid:83920876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057777)"; flow:established,from_client; content:"GET"; http_method; content:"/47141987620729.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057777/; classtype:trojan-activity;sid:83920877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.221.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057759/; classtype:trojan-activity;sid:83920859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057758)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.139.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057758/; classtype:trojan-activity;sid:83920858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057754)"; flow:established,from_client; content:"GET"; http_method; content:"/25028894717122.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057754/; classtype:trojan-activity;sid:83920854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057755)"; flow:established,from_client; content:"GET"; http_method; content:"/2939869728525.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057755/; classtype:trojan-activity;sid:83920855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057756)"; flow:established,from_client; content:"GET"; http_method; content:"/16512111009916.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057756/; classtype:trojan-activity;sid:83920856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057757)"; flow:established,from_client; content:"GET"; http_method; content:"/113883084112122.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057757/; classtype:trojan-activity;sid:83920857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057753)"; flow:established,from_client; content:"GET"; http_method; content:"/163412250512119.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057753/; classtype:trojan-activity;sid:83920853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057714)"; flow:established,from_client; content:"GET"; http_method; content:"/13505279848351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057714/; classtype:trojan-activity;sid:83920814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057715)"; flow:established,from_client; content:"GET"; http_method; content:"/126951871630094.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057715/; classtype:trojan-activity;sid:83920815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057716)"; flow:established,from_client; content:"GET"; http_method; content:"/140471797424079.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057716/; classtype:trojan-activity;sid:83920816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057717)"; flow:established,from_client; content:"GET"; http_method; content:"/721256141486.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057717/; classtype:trojan-activity;sid:83920817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057718)"; flow:established,from_client; content:"GET"; http_method; content:"/282882462825858.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057718/; classtype:trojan-activity;sid:83920818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057719)"; flow:established,from_client; content:"GET"; http_method; content:"/225742142723127.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057719/; classtype:trojan-activity;sid:83920819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057720)"; flow:established,from_client; content:"GET"; http_method; content:"/25035723513366.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057720/; classtype:trojan-activity;sid:83920820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057721)"; flow:established,from_client; content:"GET"; http_method; content:"/13505279848351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057721/; classtype:trojan-activity;sid:83920821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057722)"; flow:established,from_client; content:"GET"; http_method; content:"/140471797424079.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057722/; classtype:trojan-activity;sid:83920822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057723)"; flow:established,from_client; content:"GET"; http_method; content:"/162312656229872.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057723/; classtype:trojan-activity;sid:83920823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057724)"; flow:established,from_client; content:"GET"; http_method; content:"/7607213729806.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057724/; classtype:trojan-activity;sid:83920824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057725)"; flow:established,from_client; content:"GET"; http_method; content:"/14045293869401.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057725/; classtype:trojan-activity;sid:83920825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057726)"; flow:established,from_client; content:"GET"; http_method; content:"/294231561923485.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057726/; classtype:trojan-activity;sid:83920826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057727)"; flow:established,from_client; content:"GET"; http_method; content:"/113883084112122.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057727/; classtype:trojan-activity;sid:83920827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057728)"; flow:established,from_client; content:"GET"; http_method; content:"/239382109316501.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057728/; classtype:trojan-activity;sid:83920828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057729)"; flow:established,from_client; content:"GET"; http_method; content:"/202811428928372.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057729/; classtype:trojan-activity;sid:83920829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057730)"; flow:established,from_client; content:"GET"; http_method; content:"/219162541119066.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057730/; classtype:trojan-activity;sid:83920830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057731)"; flow:established,from_client; content:"GET"; http_method; content:"/17777753213985.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057731/; classtype:trojan-activity;sid:83920831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057732)"; flow:established,from_client; content:"GET"; http_method; content:"/26205218665271.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057732/; classtype:trojan-activity;sid:83920832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057733)"; flow:established,from_client; content:"GET"; http_method; content:"/258321656031949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057733/; classtype:trojan-activity;sid:83920833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057734)"; flow:established,from_client; content:"GET"; http_method; content:"/202811428928372.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057734/; classtype:trojan-activity;sid:83920834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057735)"; flow:established,from_client; content:"GET"; http_method; content:"/2230877325584.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057735/; classtype:trojan-activity;sid:83920835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057736)"; flow:established,from_client; content:"GET"; http_method; content:"/1111263555411.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057736/; classtype:trojan-activity;sid:83920836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057737)"; flow:established,from_client; content:"GET"; http_method; content:"/275602608018447.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057737/; classtype:trojan-activity;sid:83920837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057738)"; flow:established,from_client; content:"GET"; http_method; content:"/199273075630702.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057738/; classtype:trojan-activity;sid:83920838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057739)"; flow:established,from_client; content:"GET"; http_method; content:"/20831255771415.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057739/; classtype:trojan-activity;sid:83920839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057740)"; flow:established,from_client; content:"GET"; http_method; content:"/85112116625809.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057740/; classtype:trojan-activity;sid:83920840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057741)"; flow:established,from_client; content:"GET"; http_method; content:"/17777753213985.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057741/; classtype:trojan-activity;sid:83920841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057742)"; flow:established,from_client; content:"GET"; http_method; content:"/113883084112122.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057742/; classtype:trojan-activity;sid:83920842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057743)"; flow:established,from_client; content:"GET"; http_method; content:"/6840784313807.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057743/; classtype:trojan-activity;sid:83920843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057744)"; flow:established,from_client; content:"GET"; http_method; content:"/9074271717066.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057744/; classtype:trojan-activity;sid:83920844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057745)"; flow:established,from_client; content:"GET"; http_method; content:"/4942163781639.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057745/; classtype:trojan-activity;sid:83920845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057746)"; flow:established,from_client; content:"GET"; http_method; content:"/16512111009916.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057746/; classtype:trojan-activity;sid:83920846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057747)"; flow:established,from_client; content:"GET"; http_method; content:"/122302714028311.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057747/; classtype:trojan-activity;sid:83920847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057748)"; flow:established,from_client; content:"GET"; http_method; content:"/209012524319550.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057748/; classtype:trojan-activity;sid:83920848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057749)"; flow:established,from_client; content:"GET"; http_method; content:"/1905070293923.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057749/; classtype:trojan-activity;sid:83920849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057750)"; flow:established,from_client; content:"GET"; http_method; content:"/126951871630094.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057750/; classtype:trojan-activity;sid:83920850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057751)"; flow:established,from_client; content:"GET"; http_method; content:"/5685636510042.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057751/; classtype:trojan-activity;sid:83920851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057752)"; flow:established,from_client; content:"GET"; http_method; content:"/904513631560.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057752/; classtype:trojan-activity;sid:83920852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057702)"; flow:established,from_client; content:"GET"; http_method; content:"/70133027720297.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057702/; classtype:trojan-activity;sid:83920802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057703)"; flow:established,from_client; content:"GET"; http_method; content:"/13505279848351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057703/; classtype:trojan-activity;sid:83920803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057704)"; flow:established,from_client; content:"GET"; http_method; content:"/159642403518699.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057704/; classtype:trojan-activity;sid:83920804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057705)"; flow:established,from_client; content:"GET"; http_method; content:"/21209181316742.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057705/; classtype:trojan-activity;sid:83920805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057706)"; flow:established,from_client; content:"GET"; http_method; content:"/3418233547651.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057706/; classtype:trojan-activity;sid:83920806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057707)"; flow:established,from_client; content:"GET"; http_method; content:"/2799097265884.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057707/; classtype:trojan-activity;sid:83920807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057708)"; flow:established,from_client; content:"GET"; http_method; content:"/259802001812467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057708/; classtype:trojan-activity;sid:83920808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057709)"; flow:established,from_client; content:"GET"; http_method; content:"/17777753213985.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057709/; classtype:trojan-activity;sid:83920809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057710)"; flow:established,from_client; content:"GET"; http_method; content:"/2433346094121.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057710/; classtype:trojan-activity;sid:83920810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057711)"; flow:established,from_client; content:"GET"; http_method; content:"/14217940225195.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057711/; classtype:trojan-activity;sid:83920811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057712)"; flow:established,from_client; content:"GET"; http_method; content:"/14045293869401.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057712/; classtype:trojan-activity;sid:83920812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057713)"; flow:established,from_client; content:"GET"; http_method; content:"/225742142723127.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057713/; classtype:trojan-activity;sid:83920813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057687)"; flow:established,from_client; content:"GET"; http_method; content:"/202811428928372.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057687/; classtype:trojan-activity;sid:83920787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057688)"; flow:established,from_client; content:"GET"; http_method; content:"/159642403518699.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057688/; classtype:trojan-activity;sid:83920788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057689)"; flow:established,from_client; content:"GET"; http_method; content:"/219952090612375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057689/; classtype:trojan-activity;sid:83920789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057690)"; flow:established,from_client; content:"GET"; http_method; content:"/161101029419095.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057690/; classtype:trojan-activity;sid:83920790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057691)"; flow:established,from_client; content:"GET"; http_method; content:"/21218949518664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057691/; classtype:trojan-activity;sid:83920791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057692)"; flow:established,from_client; content:"GET"; http_method; content:"/95491831519039.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057692/; classtype:trojan-activity;sid:83920792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057693)"; flow:established,from_client; content:"GET"; http_method; content:"/2230877325584.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057693/; classtype:trojan-activity;sid:83920793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057694)"; flow:established,from_client; content:"GET"; http_method; content:"/7450468614233.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057694/; classtype:trojan-activity;sid:83920794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057695)"; flow:established,from_client; content:"GET"; http_method; content:"/30742057426029.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057695/; classtype:trojan-activity;sid:83920795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057696)"; flow:established,from_client; content:"GET"; http_method; content:"/234647089425.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057696/; classtype:trojan-activity;sid:83920796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057697)"; flow:established,from_client; content:"GET"; http_method; content:"/7607213729806.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057697/; classtype:trojan-activity;sid:83920797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057698)"; flow:established,from_client; content:"GET"; http_method; content:"/3418233547651.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057698/; classtype:trojan-activity;sid:83920798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057699)"; flow:established,from_client; content:"GET"; http_method; content:"/20772434815351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057699/; classtype:trojan-activity;sid:83920799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057700)"; flow:established,from_client; content:"GET"; http_method; content:"/904513631560.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057700/; classtype:trojan-activity;sid:83920800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057701)"; flow:established,from_client; content:"GET"; http_method; content:"/9753910413140.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057701/; classtype:trojan-activity;sid:83920801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057665)"; flow:established,from_client; content:"GET"; http_method; content:"/140471797424079.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057665/; classtype:trojan-activity;sid:83920765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057666)"; flow:established,from_client; content:"GET"; http_method; content:"/293453925026.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057666/; classtype:trojan-activity;sid:83920766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057667)"; flow:established,from_client; content:"GET"; http_method; content:"/219952090612375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057667/; classtype:trojan-activity;sid:83920767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057668)"; flow:established,from_client; content:"GET"; http_method; content:"/14045293869401.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057668/; classtype:trojan-activity;sid:83920768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057669)"; flow:established,from_client; content:"GET"; http_method; content:"/9106210789637.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057669/; classtype:trojan-activity;sid:83920769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057670)"; flow:established,from_client; content:"GET"; http_method; content:"/199273075630702.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057670/; classtype:trojan-activity;sid:83920770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057671)"; flow:established,from_client; content:"GET"; http_method; content:"/2230877325584.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057671/; classtype:trojan-activity;sid:83920771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057672)"; flow:established,from_client; content:"GET"; http_method; content:"/113883084112122.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057672/; classtype:trojan-activity;sid:83920772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057673)"; flow:established,from_client; content:"GET"; http_method; content:"/21854102773609.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057673/; classtype:trojan-activity;sid:83920773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057674)"; flow:established,from_client; content:"GET"; http_method; content:"/17283221221217.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057674/; classtype:trojan-activity;sid:83920774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057675)"; flow:established,from_client; content:"GET"; http_method; content:"/6840784313807.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057675/; classtype:trojan-activity;sid:83920775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057676)"; flow:established,from_client; content:"GET"; http_method; content:"/6254308077500.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057676/; classtype:trojan-activity;sid:83920776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057677)"; flow:established,from_client; content:"GET"; http_method; content:"/904513631560.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057677/; classtype:trojan-activity;sid:83920777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057678)"; flow:established,from_client; content:"GET"; http_method; content:"/2517831756038.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057678/; classtype:trojan-activity;sid:83920778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057679)"; flow:established,from_client; content:"GET"; http_method; content:"/23712160411586.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057679/; classtype:trojan-activity;sid:83920779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057680)"; flow:established,from_client; content:"GET"; http_method; content:"/234647089425.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057680/; classtype:trojan-activity;sid:83920780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057681)"; flow:established,from_client; content:"GET"; http_method; content:"/95541017927181.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057681/; classtype:trojan-activity;sid:83920781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057682)"; flow:established,from_client; content:"GET"; http_method; content:"/194642919326010.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057682/; classtype:trojan-activity;sid:83920782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057683)"; flow:established,from_client; content:"GET"; http_method; content:"/95491831519039.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057683/; classtype:trojan-activity;sid:83920783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057684)"; flow:established,from_client; content:"GET"; http_method; content:"/721256141486.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057684/; classtype:trojan-activity;sid:83920784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057685)"; flow:established,from_client; content:"GET"; http_method; content:"/1111263555411.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057685/; classtype:trojan-activity;sid:83920785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057686)"; flow:established,from_client; content:"GET"; http_method; content:"/74612999010658.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057686/; classtype:trojan-activity;sid:83920786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057647)"; flow:established,from_client; content:"GET"; http_method; content:"/27732302912131.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057647/; classtype:trojan-activity;sid:83920747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057648)"; flow:established,from_client; content:"GET"; http_method; content:"/289341765223497.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057648/; classtype:trojan-activity;sid:83920748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057649)"; flow:established,from_client; content:"GET"; http_method; content:"/16433258548766.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057649/; classtype:trojan-activity;sid:83920749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057650)"; flow:established,from_client; content:"GET"; http_method; content:"/17283221221217.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057650/; classtype:trojan-activity;sid:83920750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057651)"; flow:established,from_client; content:"GET"; http_method; content:"/20831255771415.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057651/; classtype:trojan-activity;sid:83920751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057652)"; flow:established,from_client; content:"GET"; http_method; content:"/2230877325584.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057652/; classtype:trojan-activity;sid:83920752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057653)"; flow:established,from_client; content:"GET"; http_method; content:"/133743007529826.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057653/; classtype:trojan-activity;sid:83920753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057654)"; flow:established,from_client; content:"GET"; http_method; content:"/2230877325584.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057654/; classtype:trojan-activity;sid:83920754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057655)"; flow:established,from_client; content:"GET"; http_method; content:"/2645972026200.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057655/; classtype:trojan-activity;sid:83920755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057656)"; flow:established,from_client; content:"GET"; http_method; content:"/48121709111246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057656/; classtype:trojan-activity;sid:83920756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057657)"; flow:established,from_client; content:"GET"; http_method; content:"/16433258548766.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057657/; classtype:trojan-activity;sid:83920757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057658)"; flow:established,from_client; content:"GET"; http_method; content:"/157732148715945.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057658/; classtype:trojan-activity;sid:83920758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057659)"; flow:established,from_client; content:"GET"; http_method; content:"/5685636510042.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057659/; classtype:trojan-activity;sid:83920759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057660)"; flow:established,from_client; content:"GET"; http_method; content:"/162173226519808.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057660/; classtype:trojan-activity;sid:83920760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057661)"; flow:established,from_client; content:"GET"; http_method; content:"/6254308077500.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057661/; classtype:trojan-activity;sid:83920761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057662)"; flow:established,from_client; content:"GET"; http_method; content:"/7607213729806.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057662/; classtype:trojan-activity;sid:83920762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057663)"; flow:established,from_client; content:"GET"; http_method; content:"/16512111009916.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057663/; classtype:trojan-activity;sid:83920763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057664)"; flow:established,from_client; content:"GET"; http_method; content:"/293453925026.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057664/; classtype:trojan-activity;sid:83920764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057628)"; flow:established,from_client; content:"GET"; http_method; content:"/85112116625809.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057628/; classtype:trojan-activity;sid:83920728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057629)"; flow:established,from_client; content:"GET"; http_method; content:"/7450468614233.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057629/; classtype:trojan-activity;sid:83920729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057630)"; flow:established,from_client; content:"GET"; http_method; content:"/3572246549187.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057630/; classtype:trojan-activity;sid:83920730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057631)"; flow:established,from_client; content:"GET"; http_method; content:"/140471797424079.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057631/; classtype:trojan-activity;sid:83920731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057632)"; flow:established,from_client; content:"GET"; http_method; content:"/5685636510042.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057632/; classtype:trojan-activity;sid:83920732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057633)"; flow:established,from_client; content:"GET"; http_method; content:"/179732851022052.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057633/; classtype:trojan-activity;sid:83920733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057634)"; flow:established,from_client; content:"GET"; http_method; content:"/238881753218283.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057634/; classtype:trojan-activity;sid:83920734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057635)"; flow:established,from_client; content:"GET"; http_method; content:"/25035723513366.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057635/; classtype:trojan-activity;sid:83920735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057636)"; flow:established,from_client; content:"GET"; http_method; content:"/293453925026.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057636/; classtype:trojan-activity;sid:83920736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057637)"; flow:established,from_client; content:"GET"; http_method; content:"/219952090612375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057637/; classtype:trojan-activity;sid:83920737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057638)"; flow:established,from_client; content:"GET"; http_method; content:"/113883084112122.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057638/; classtype:trojan-activity;sid:83920738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057639)"; flow:established,from_client; content:"GET"; http_method; content:"/47312627127348.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057639/; classtype:trojan-activity;sid:83920739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057640)"; flow:established,from_client; content:"GET"; http_method; content:"/162312656229872.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057640/; classtype:trojan-activity;sid:83920740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057641)"; flow:established,from_client; content:"GET"; http_method; content:"/9753910413140.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057641/; classtype:trojan-activity;sid:83920741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057642)"; flow:established,from_client; content:"GET"; http_method; content:"/294231561923485.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057642/; classtype:trojan-activity;sid:83920742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057643)"; flow:established,from_client; content:"GET"; http_method; content:"/904513631560.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057643/; classtype:trojan-activity;sid:83920743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057644)"; flow:established,from_client; content:"GET"; http_method; content:"/293581802922445.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057644/; classtype:trojan-activity;sid:83920744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057645)"; flow:established,from_client; content:"GET"; http_method; content:"/186711723522606.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057645/; classtype:trojan-activity;sid:83920745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057646)"; flow:established,from_client; content:"GET"; http_method; content:"/47312627127348.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057646/; classtype:trojan-activity;sid:83920746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057608)"; flow:established,from_client; content:"GET"; http_method; content:"/30742057426029.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057608/; classtype:trojan-activity;sid:83920708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057609)"; flow:established,from_client; content:"GET"; http_method; content:"/25035723513366.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057609/; classtype:trojan-activity;sid:83920709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057610)"; flow:established,from_client; content:"GET"; http_method; content:"/3418233547651.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057610/; classtype:trojan-activity;sid:83920710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057611)"; flow:established,from_client; content:"GET"; http_method; content:"/275602608018447.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057611/; classtype:trojan-activity;sid:83920711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057612)"; flow:established,from_client; content:"GET"; http_method; content:"/2433346094121.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057612/; classtype:trojan-activity;sid:83920712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057613)"; flow:established,from_client; content:"GET"; http_method; content:"/3418233547651.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057613/; classtype:trojan-activity;sid:83920713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057614)"; flow:established,from_client; content:"GET"; http_method; content:"/27732302912131.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057614/; classtype:trojan-activity;sid:83920714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057615)"; flow:established,from_client; content:"GET"; http_method; content:"/126402128422578.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057615/; classtype:trojan-activity;sid:83920715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057616)"; flow:established,from_client; content:"GET"; http_method; content:"/208202596920014.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057616/; classtype:trojan-activity;sid:83920716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057617)"; flow:established,from_client; content:"GET"; http_method; content:"/14240320923345.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057617/; classtype:trojan-activity;sid:83920717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057618)"; flow:established,from_client; content:"GET"; http_method; content:"/17777753213985.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057618/; classtype:trojan-activity;sid:83920718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057619)"; flow:established,from_client; content:"GET"; http_method; content:"/17777753213985.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057619/; classtype:trojan-activity;sid:83920719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057620)"; flow:established,from_client; content:"GET"; http_method; content:"/17777753213985.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057620/; classtype:trojan-activity;sid:83920720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057621)"; flow:established,from_client; content:"GET"; http_method; content:"/238881753218283.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057621/; classtype:trojan-activity;sid:83920721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057622)"; flow:established,from_client; content:"GET"; http_method; content:"/48111999325022.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057622/; classtype:trojan-activity;sid:83920722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057623)"; flow:established,from_client; content:"GET"; http_method; content:"/194642919326010.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057623/; classtype:trojan-activity;sid:83920723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057624)"; flow:established,from_client; content:"GET"; http_method; content:"/161101029419095.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057624/; classtype:trojan-activity;sid:83920724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057625)"; flow:established,from_client; content:"GET"; http_method; content:"/5685636510042.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057625/; classtype:trojan-activity;sid:83920725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057626)"; flow:established,from_client; content:"GET"; http_method; content:"/199273075630702.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057626/; classtype:trojan-activity;sid:83920726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057627)"; flow:established,from_client; content:"GET"; http_method; content:"/219952090612375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057627/; classtype:trojan-activity;sid:83920727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057588)"; flow:established,from_client; content:"GET"; http_method; content:"/48121709111246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057588/; classtype:trojan-activity;sid:83920688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057589)"; flow:established,from_client; content:"GET"; http_method; content:"/86781133818144.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057589/; classtype:trojan-activity;sid:83920689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057590)"; flow:established,from_client; content:"GET"; http_method; content:"/240702223723210.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057590/; classtype:trojan-activity;sid:83920690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057591)"; flow:established,from_client; content:"GET"; http_method; content:"/25909643110239.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057591/; classtype:trojan-activity;sid:83920691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057592)"; flow:established,from_client; content:"GET"; http_method; content:"/126402128422578.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057592/; classtype:trojan-activity;sid:83920692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057593)"; flow:established,from_client; content:"GET"; http_method; content:"/259802001812467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057593/; classtype:trojan-activity;sid:83920693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057594)"; flow:established,from_client; content:"GET"; http_method; content:"/48111999325022.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057594/; classtype:trojan-activity;sid:83920694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057595)"; flow:established,from_client; content:"GET"; http_method; content:"/219952090612375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057595/; classtype:trojan-activity;sid:83920695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057596)"; flow:established,from_client; content:"GET"; http_method; content:"/16134278330185.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057596/; classtype:trojan-activity;sid:83920696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057597)"; flow:established,from_client; content:"GET"; http_method; content:"/8623717231350.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057597/; classtype:trojan-activity;sid:83920697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057598)"; flow:established,from_client; content:"GET"; http_method; content:"/196452519319596.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057598/; classtype:trojan-activity;sid:83920698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057599)"; flow:established,from_client; content:"GET"; http_method; content:"/122302714028311.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057599/; classtype:trojan-activity;sid:83920699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057600)"; flow:established,from_client; content:"GET"; http_method; content:"/196452519319596.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057600/; classtype:trojan-activity;sid:83920700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057601)"; flow:established,from_client; content:"GET"; http_method; content:"/295711304116423.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057601/; classtype:trojan-activity;sid:83920701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057602)"; flow:established,from_client; content:"GET"; http_method; content:"/48121709111246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057602/; classtype:trojan-activity;sid:83920702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057603)"; flow:established,from_client; content:"GET"; http_method; content:"/162173226519808.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057603/; classtype:trojan-activity;sid:83920703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057604)"; flow:established,from_client; content:"GET"; http_method; content:"/19786138996700.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057604/; classtype:trojan-activity;sid:83920704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057605)"; flow:established,from_client; content:"GET"; http_method; content:"/21218949518664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057605/; classtype:trojan-activity;sid:83920705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057606)"; flow:established,from_client; content:"GET"; http_method; content:"/20772434815351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057606/; classtype:trojan-activity;sid:83920706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057607)"; flow:established,from_client; content:"GET"; http_method; content:"/157732148715945.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057607/; classtype:trojan-activity;sid:83920707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057567)"; flow:established,from_client; content:"GET"; http_method; content:"/2517831756038.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057567/; classtype:trojan-activity;sid:83920667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057568)"; flow:established,from_client; content:"GET"; http_method; content:"/30742057426029.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057568/; classtype:trojan-activity;sid:83920668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057569)"; flow:established,from_client; content:"GET"; http_method; content:"/1871393130833.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057569/; classtype:trojan-activity;sid:83920669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057570)"; flow:established,from_client; content:"GET"; http_method; content:"/48111999325022.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057570/; classtype:trojan-activity;sid:83920670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057571)"; flow:established,from_client; content:"GET"; http_method; content:"/14045293869401.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057571/; classtype:trojan-activity;sid:83920671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057572)"; flow:established,from_client; content:"GET"; http_method; content:"/16512111009916.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057572/; classtype:trojan-activity;sid:83920672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057573)"; flow:established,from_client; content:"GET"; http_method; content:"/17959616912130.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057573/; classtype:trojan-activity;sid:83920673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057574)"; flow:established,from_client; content:"GET"; http_method; content:"/7285986021605.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057574/; classtype:trojan-activity;sid:83920674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057575)"; flow:established,from_client; content:"GET"; http_method; content:"/9106210789637.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057575/; classtype:trojan-activity;sid:83920675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057576)"; flow:established,from_client; content:"GET"; http_method; content:"/8623717231350.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057576/; classtype:trojan-activity;sid:83920676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057577)"; flow:established,from_client; content:"GET"; http_method; content:"/235132567015030.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057577/; classtype:trojan-activity;sid:83920677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057578)"; flow:established,from_client; content:"GET"; http_method; content:"/196452519319596.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057578/; classtype:trojan-activity;sid:83920678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057579)"; flow:established,from_client; content:"GET"; http_method; content:"/11401304018275.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057579/; classtype:trojan-activity;sid:83920679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057580)"; flow:established,from_client; content:"GET"; http_method; content:"/234647089425.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057580/; classtype:trojan-activity;sid:83920680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057581)"; flow:established,from_client; content:"GET"; http_method; content:"/21209181316742.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057581/; classtype:trojan-activity;sid:83920681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057582)"; flow:established,from_client; content:"GET"; http_method; content:"/904513631560.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057582/; classtype:trojan-activity;sid:83920682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057583)"; flow:established,from_client; content:"GET"; http_method; content:"/199273075630702.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057583/; classtype:trojan-activity;sid:83920683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057584)"; flow:established,from_client; content:"GET"; http_method; content:"/7285986021605.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057584/; classtype:trojan-activity;sid:83920684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057585)"; flow:established,from_client; content:"GET"; http_method; content:"/20831255771415.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057585/; classtype:trojan-activity;sid:83920685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057586)"; flow:established,from_client; content:"GET"; http_method; content:"/186711723522606.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057586/; classtype:trojan-activity;sid:83920686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057587)"; flow:established,from_client; content:"GET"; http_method; content:"/22509121009108.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057587/; classtype:trojan-activity;sid:83920687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057549)"; flow:established,from_client; content:"GET"; http_method; content:"/221176234056.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057549/; classtype:trojan-activity;sid:83920649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057550)"; flow:established,from_client; content:"GET"; http_method; content:"/2939869728525.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057550/; classtype:trojan-activity;sid:83920650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057551)"; flow:established,from_client; content:"GET"; http_method; content:"/159642403518699.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057551/; classtype:trojan-activity;sid:83920651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057552)"; flow:established,from_client; content:"GET"; http_method; content:"/6691249755586.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057552/; classtype:trojan-activity;sid:83920652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057553)"; flow:established,from_client; content:"GET"; http_method; content:"/186711723522606.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057553/; classtype:trojan-activity;sid:83920653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057554)"; flow:established,from_client; content:"GET"; http_method; content:"/25909643110239.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057554/; classtype:trojan-activity;sid:83920654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057555)"; flow:established,from_client; content:"GET"; http_method; content:"/20831255771415.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057555/; classtype:trojan-activity;sid:83920655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057556)"; flow:established,from_client; content:"GET"; http_method; content:"/196452519319596.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057556/; classtype:trojan-activity;sid:83920656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057557)"; flow:established,from_client; content:"GET"; http_method; content:"/219162541119066.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057557/; classtype:trojan-activity;sid:83920657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057558)"; flow:established,from_client; content:"GET"; http_method; content:"/70133027720297.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057558/; classtype:trojan-activity;sid:83920658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057559)"; flow:established,from_client; content:"GET"; http_method; content:"/259802001812467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057559/; classtype:trojan-activity;sid:83920659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057560)"; flow:established,from_client; content:"GET"; http_method; content:"/294231561923485.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057560/; classtype:trojan-activity;sid:83920660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057561)"; flow:established,from_client; content:"GET"; http_method; content:"/199273075630702.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057561/; classtype:trojan-activity;sid:83920661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057562)"; flow:established,from_client; content:"GET"; http_method; content:"/162173226519808.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057562/; classtype:trojan-activity;sid:83920662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057563)"; flow:established,from_client; content:"GET"; http_method; content:"/235132567015030.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057563/; classtype:trojan-activity;sid:83920663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057564)"; flow:established,from_client; content:"GET"; http_method; content:"/295711304116423.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057564/; classtype:trojan-activity;sid:83920664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057565)"; flow:established,from_client; content:"GET"; http_method; content:"/160551844320505.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057565/; classtype:trojan-activity;sid:83920665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057566)"; flow:established,from_client; content:"GET"; http_method; content:"/294231561923485.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057566/; classtype:trojan-activity;sid:83920666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057528)"; flow:established,from_client; content:"GET"; http_method; content:"/17283221221217.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057528/; classtype:trojan-activity;sid:83920628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057529)"; flow:established,from_client; content:"GET"; http_method; content:"/234647089425.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057529/; classtype:trojan-activity;sid:83920629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057530)"; flow:established,from_client; content:"GET"; http_method; content:"/3572246549187.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057530/; classtype:trojan-activity;sid:83920630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057531)"; flow:established,from_client; content:"GET"; http_method; content:"/27732302912131.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057531/; classtype:trojan-activity;sid:83920631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057532)"; flow:established,from_client; content:"GET"; http_method; content:"/7450468614233.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057532/; classtype:trojan-activity;sid:83920632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057533)"; flow:established,from_client; content:"GET"; http_method; content:"/157732148715945.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057533/; classtype:trojan-activity;sid:83920633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057534)"; flow:established,from_client; content:"GET"; http_method; content:"/904513631560.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057534/; classtype:trojan-activity;sid:83920634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057535)"; flow:established,from_client; content:"GET"; http_method; content:"/11401304018275.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057535/; classtype:trojan-activity;sid:83920635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057536)"; flow:established,from_client; content:"GET"; http_method; content:"/21218949518664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057536/; classtype:trojan-activity;sid:83920636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057537)"; flow:established,from_client; content:"GET"; http_method; content:"/8623717231350.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057537/; classtype:trojan-activity;sid:83920637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057538)"; flow:established,from_client; content:"GET"; http_method; content:"/25035723513366.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057538/; classtype:trojan-activity;sid:83920638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057539)"; flow:established,from_client; content:"GET"; http_method; content:"/194642919326010.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057539/; classtype:trojan-activity;sid:83920639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057540)"; flow:established,from_client; content:"GET"; http_method; content:"/25035723513366.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057540/; classtype:trojan-activity;sid:83920640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057541)"; flow:established,from_client; content:"GET"; http_method; content:"/13645730022686.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057541/; classtype:trojan-activity;sid:83920641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057542)"; flow:established,from_client; content:"GET"; http_method; content:"/295711304116423.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057542/; classtype:trojan-activity;sid:83920642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057543)"; flow:established,from_client; content:"GET"; http_method; content:"/58121393721311.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057543/; classtype:trojan-activity;sid:83920643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057544)"; flow:established,from_client; content:"GET"; http_method; content:"/17777753213985.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057544/; classtype:trojan-activity;sid:83920644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057545)"; flow:established,from_client; content:"GET"; http_method; content:"/7607213729806.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057545/; classtype:trojan-activity;sid:83920645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057546)"; flow:established,from_client; content:"GET"; http_method; content:"/62693180814501.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057546/; classtype:trojan-activity;sid:83920646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057547)"; flow:established,from_client; content:"GET"; http_method; content:"/258321656031949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057547/; classtype:trojan-activity;sid:83920647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057548)"; flow:established,from_client; content:"GET"; http_method; content:"/239382109316501.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057548/; classtype:trojan-activity;sid:83920648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057518)"; flow:established,from_client; content:"GET"; http_method; content:"/141626646422.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057518/; classtype:trojan-activity;sid:83920618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057519)"; flow:established,from_client; content:"GET"; http_method; content:"/162173226519808.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057519/; classtype:trojan-activity;sid:83920619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057520)"; flow:established,from_client; content:"GET"; http_method; content:"/30742057426029.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057520/; classtype:trojan-activity;sid:83920620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057521)"; flow:established,from_client; content:"GET"; http_method; content:"/48111999325022.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057521/; classtype:trojan-activity;sid:83920621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057522)"; flow:established,from_client; content:"GET"; http_method; content:"/209012524319550.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057522/; classtype:trojan-activity;sid:83920622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057523)"; flow:established,from_client; content:"GET"; http_method; content:"/47312627127348.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057523/; classtype:trojan-activity;sid:83920623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057524)"; flow:established,from_client; content:"GET"; http_method; content:"/297331327429949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057524/; classtype:trojan-activity;sid:83920624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057525)"; flow:established,from_client; content:"GET"; http_method; content:"/17959616912130.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057525/; classtype:trojan-activity;sid:83920625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057526)"; flow:established,from_client; content:"GET"; http_method; content:"/8623717231350.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057526/; classtype:trojan-activity;sid:83920626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057527)"; flow:established,from_client; content:"GET"; http_method; content:"/1871393130833.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057527/; classtype:trojan-activity;sid:83920627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057488)"; flow:established,from_client; content:"GET"; http_method; content:"/14045293869401.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057488/; classtype:trojan-activity;sid:83920588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057489)"; flow:established,from_client; content:"GET"; http_method; content:"/179732851022052.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057489/; classtype:trojan-activity;sid:83920589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057490)"; flow:established,from_client; content:"GET"; http_method; content:"/186711723522606.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057490/; classtype:trojan-activity;sid:83920590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057491)"; flow:established,from_client; content:"GET"; http_method; content:"/6254308077500.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057491/; classtype:trojan-activity;sid:83920591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057492)"; flow:established,from_client; content:"GET"; http_method; content:"/258321656031949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057492/; classtype:trojan-activity;sid:83920592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057493)"; flow:established,from_client; content:"GET"; http_method; content:"/4942163781639.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057493/; classtype:trojan-activity;sid:83920593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057494)"; flow:established,from_client; content:"GET"; http_method; content:"/157732148715945.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057494/; classtype:trojan-activity;sid:83920594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057495)"; flow:established,from_client; content:"GET"; http_method; content:"/240702223723210.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057495/; classtype:trojan-activity;sid:83920595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057496)"; flow:established,from_client; content:"GET"; http_method; content:"/240702223723210.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057496/; classtype:trojan-activity;sid:83920596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057497)"; flow:established,from_client; content:"GET"; http_method; content:"/163412250512119.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057497/; classtype:trojan-activity;sid:83920597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057498)"; flow:established,from_client; content:"GET"; http_method; content:"/3418233547651.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057498/; classtype:trojan-activity;sid:83920598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057499)"; flow:established,from_client; content:"GET"; http_method; content:"/95491831519039.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057499/; classtype:trojan-activity;sid:83920599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057500)"; flow:established,from_client; content:"GET"; http_method; content:"/48111999325022.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057500/; classtype:trojan-activity;sid:83920600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057501)"; flow:established,from_client; content:"GET"; http_method; content:"/95491831519039.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057501/; classtype:trojan-activity;sid:83920601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057502)"; flow:established,from_client; content:"GET"; http_method; content:"/17959616912130.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057502/; classtype:trojan-activity;sid:83920602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057503)"; flow:established,from_client; content:"GET"; http_method; content:"/154121319421467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057503/; classtype:trojan-activity;sid:83920603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057504)"; flow:established,from_client; content:"GET"; http_method; content:"/80311668531588.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057504/; classtype:trojan-activity;sid:83920604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057505)"; flow:established,from_client; content:"GET"; http_method; content:"/31852834330664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057505/; classtype:trojan-activity;sid:83920605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057506)"; flow:established,from_client; content:"GET"; http_method; content:"/185382785731260.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057506/; classtype:trojan-activity;sid:83920606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057507)"; flow:established,from_client; content:"GET"; http_method; content:"/221176234056.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057507/; classtype:trojan-activity;sid:83920607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057508)"; flow:established,from_client; content:"GET"; http_method; content:"/9753910413140.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057508/; classtype:trojan-activity;sid:83920608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057509)"; flow:established,from_client; content:"GET"; http_method; content:"/21218949518664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057509/; classtype:trojan-activity;sid:83920609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057510)"; flow:established,from_client; content:"GET"; http_method; content:"/186683159919091.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057510/; classtype:trojan-activity;sid:83920610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057511)"; flow:established,from_client; content:"GET"; http_method; content:"/28792574431684.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057511/; classtype:trojan-activity;sid:83920611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057512)"; flow:established,from_client; content:"GET"; http_method; content:"/20831255771415.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057512/; classtype:trojan-activity;sid:83920612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057513)"; flow:established,from_client; content:"GET"; http_method; content:"/11401304018275.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057513/; classtype:trojan-activity;sid:83920613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057514)"; flow:established,from_client; content:"GET"; http_method; content:"/161101029419095.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057514/; classtype:trojan-activity;sid:83920614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057515)"; flow:established,from_client; content:"GET"; http_method; content:"/235132567015030.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057515/; classtype:trojan-activity;sid:83920615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057516)"; flow:established,from_client; content:"GET"; http_method; content:"/234647089425.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057516/; classtype:trojan-activity;sid:83920616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057517)"; flow:established,from_client; content:"GET"; http_method; content:"/5336150120480.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057517/; classtype:trojan-activity;sid:83920617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057486)"; flow:established,from_client; content:"GET"; http_method; content:"/7450468614233.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057486/; classtype:trojan-activity;sid:83920586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057487)"; flow:established,from_client; content:"GET"; http_method; content:"/5336150120480.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057487/; classtype:trojan-activity;sid:83920587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057470)"; flow:established,from_client; content:"GET"; http_method; content:"/160551844320505.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057470/; classtype:trojan-activity;sid:83920570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057471)"; flow:established,from_client; content:"GET"; http_method; content:"/225742142723127.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057471/; classtype:trojan-activity;sid:83920571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057472)"; flow:established,from_client; content:"GET"; http_method; content:"/27732302912131.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057472/; classtype:trojan-activity;sid:83920572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057473)"; flow:established,from_client; content:"GET"; http_method; content:"/239382109316501.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057473/; classtype:trojan-activity;sid:83920573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057474)"; flow:established,from_client; content:"GET"; http_method; content:"/289341765223497.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057474/; classtype:trojan-activity;sid:83920574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057475)"; flow:established,from_client; content:"GET"; http_method; content:"/26205218665271.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057475/; classtype:trojan-activity;sid:83920575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057476)"; flow:established,from_client; content:"GET"; http_method; content:"/122302714028311.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057476/; classtype:trojan-activity;sid:83920576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057477)"; flow:established,from_client; content:"GET"; http_method; content:"/22509121009108.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057477/; classtype:trojan-activity;sid:83920577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057478)"; flow:established,from_client; content:"GET"; http_method; content:"/122302714028311.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057478/; classtype:trojan-activity;sid:83920578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057479)"; flow:established,from_client; content:"GET"; http_method; content:"/4942163781639.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057479/; classtype:trojan-activity;sid:83920579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057480)"; flow:established,from_client; content:"GET"; http_method; content:"/2939869728525.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057480/; classtype:trojan-activity;sid:83920580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057481)"; flow:established,from_client; content:"GET"; http_method; content:"/225742142723127.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057481/; classtype:trojan-activity;sid:83920581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057482)"; flow:established,from_client; content:"GET"; http_method; content:"/9106210789637.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057482/; classtype:trojan-activity;sid:83920582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057483)"; flow:established,from_client; content:"GET"; http_method; content:"/154121319421467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057483/; classtype:trojan-activity;sid:83920583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057484)"; flow:established,from_client; content:"GET"; http_method; content:"/154121319421467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057484/; classtype:trojan-activity;sid:83920584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057485)"; flow:established,from_client; content:"GET"; http_method; content:"/17283221221217.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057485/; classtype:trojan-activity;sid:83920585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057462)"; flow:established,from_client; content:"GET"; http_method; content:"/95541017927181.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057462/; classtype:trojan-activity;sid:83920562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057463)"; flow:established,from_client; content:"GET"; http_method; content:"/80311668531588.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057463/; classtype:trojan-activity;sid:83920563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057464)"; flow:established,from_client; content:"GET"; http_method; content:"/259802001812467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057464/; classtype:trojan-activity;sid:83920564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057465)"; flow:established,from_client; content:"GET"; http_method; content:"/199273075630702.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057465/; classtype:trojan-activity;sid:83920565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057466)"; flow:established,from_client; content:"GET"; http_method; content:"/159642403518699.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057466/; classtype:trojan-activity;sid:83920566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057467)"; flow:established,from_client; content:"GET"; http_method; content:"/48111999325022.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057467/; classtype:trojan-activity;sid:83920567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057468)"; flow:established,from_client; content:"GET"; http_method; content:"/219952090612375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057468/; classtype:trojan-activity;sid:83920568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057469)"; flow:established,from_client; content:"GET"; http_method; content:"/258321656031949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057469/; classtype:trojan-activity;sid:83920569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057448)"; flow:established,from_client; content:"GET"; http_method; content:"/186683159919091.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057448/; classtype:trojan-activity;sid:83920548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057449)"; flow:established,from_client; content:"GET"; http_method; content:"/13228279724004.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057449/; classtype:trojan-activity;sid:83920549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057450)"; flow:established,from_client; content:"GET"; http_method; content:"/14217940225195.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057450/; classtype:trojan-activity;sid:83920550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057451)"; flow:established,from_client; content:"GET"; http_method; content:"/141626646422.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057451/; classtype:trojan-activity;sid:83920551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057452)"; flow:established,from_client; content:"GET"; http_method; content:"/163412250512119.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057452/; classtype:trojan-activity;sid:83920552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057453)"; flow:established,from_client; content:"GET"; http_method; content:"/62693180814501.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057453/; classtype:trojan-activity;sid:83920553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057454)"; flow:established,from_client; content:"GET"; http_method; content:"/295711304116423.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057454/; classtype:trojan-activity;sid:83920554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057455)"; flow:established,from_client; content:"GET"; http_method; content:"/1871393130833.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057455/; classtype:trojan-activity;sid:83920555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057456)"; flow:established,from_client; content:"GET"; http_method; content:"/5336150120480.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057456/; classtype:trojan-activity;sid:83920556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057457)"; flow:established,from_client; content:"GET"; http_method; content:"/18301343424544.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057457/; classtype:trojan-activity;sid:83920557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057458)"; flow:established,from_client; content:"GET"; http_method; content:"/162173226519808.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057458/; classtype:trojan-activity;sid:83920558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057459)"; flow:established,from_client; content:"GET"; http_method; content:"/16433258548766.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057459/; classtype:trojan-activity;sid:83920559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057460)"; flow:established,from_client; content:"GET"; http_method; content:"/5336150120480.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057460/; classtype:trojan-activity;sid:83920560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057461)"; flow:established,from_client; content:"GET"; http_method; content:"/240702223723210.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057461/; classtype:trojan-activity;sid:83920561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057422)"; flow:established,from_client; content:"GET"; http_method; content:"/1871393130833.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057422/; classtype:trojan-activity;sid:83920522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057423)"; flow:established,from_client; content:"GET"; http_method; content:"/282882462825858.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057423/; classtype:trojan-activity;sid:83920523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057424)"; flow:established,from_client; content:"GET"; http_method; content:"/25028894717122.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057424/; classtype:trojan-activity;sid:83920524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057425)"; flow:established,from_client; content:"GET"; http_method; content:"/28792574431684.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057425/; classtype:trojan-activity;sid:83920525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057426)"; flow:established,from_client; content:"GET"; http_method; content:"/202811428928372.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057426/; classtype:trojan-activity;sid:83920526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057427)"; flow:established,from_client; content:"GET"; http_method; content:"/186711723522606.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057427/; classtype:trojan-activity;sid:83920527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057428)"; flow:established,from_client; content:"GET"; http_method; content:"/25028894717122.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057428/; classtype:trojan-activity;sid:83920528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057429)"; flow:established,from_client; content:"GET"; http_method; content:"/209012524319550.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057429/; classtype:trojan-activity;sid:83920529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057430)"; flow:established,from_client; content:"GET"; http_method; content:"/25909643110239.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057430/; classtype:trojan-activity;sid:83920530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057431)"; flow:established,from_client; content:"GET"; http_method; content:"/295711304116423.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057431/; classtype:trojan-activity;sid:83920531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057432)"; flow:established,from_client; content:"GET"; http_method; content:"/58121393721311.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057432/; classtype:trojan-activity;sid:83920532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057433)"; flow:established,from_client; content:"GET"; http_method; content:"/28792574431684.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057433/; classtype:trojan-activity;sid:83920533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057434)"; flow:established,from_client; content:"GET"; http_method; content:"/3418233547651.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057434/; classtype:trojan-activity;sid:83920534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057435)"; flow:established,from_client; content:"GET"; http_method; content:"/14240320923345.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057435/; classtype:trojan-activity;sid:83920535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057436)"; flow:established,from_client; content:"GET"; http_method; content:"/25028894717122.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057436/; classtype:trojan-activity;sid:83920536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057437)"; flow:established,from_client; content:"GET"; http_method; content:"/47141987620729.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057437/; classtype:trojan-activity;sid:83920537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057438)"; flow:established,from_client; content:"GET"; http_method; content:"/18301343424544.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057438/; classtype:trojan-activity;sid:83920538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057439)"; flow:established,from_client; content:"GET"; http_method; content:"/163412250512119.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057439/; classtype:trojan-activity;sid:83920539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057440)"; flow:established,from_client; content:"GET"; http_method; content:"/80311668531588.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057440/; classtype:trojan-activity;sid:83920540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057441)"; flow:established,from_client; content:"GET"; http_method; content:"/28792574431684.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057441/; classtype:trojan-activity;sid:83920541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057442)"; flow:established,from_client; content:"GET"; http_method; content:"/282882462825858.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057442/; classtype:trojan-activity;sid:83920542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057443)"; flow:established,from_client; content:"GET"; http_method; content:"/13228279724004.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057443/; classtype:trojan-activity;sid:83920543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057444)"; flow:established,from_client; content:"GET"; http_method; content:"/95491831519039.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057444/; classtype:trojan-activity;sid:83920544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057445)"; flow:established,from_client; content:"GET"; http_method; content:"/163412250512119.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057445/; classtype:trojan-activity;sid:83920545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057446)"; flow:established,from_client; content:"GET"; http_method; content:"/133743007529826.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057446/; classtype:trojan-activity;sid:83920546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057447)"; flow:established,from_client; content:"GET"; http_method; content:"/904513631560.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057447/; classtype:trojan-activity;sid:83920547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057408)"; flow:established,from_client; content:"GET"; http_method; content:"/17959616912130.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057408/; classtype:trojan-activity;sid:83920508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057409)"; flow:established,from_client; content:"GET"; http_method; content:"/320611076628622.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057409/; classtype:trojan-activity;sid:83920509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057410)"; flow:established,from_client; content:"GET"; http_method; content:"/9106210789637.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057410/; classtype:trojan-activity;sid:83920510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057411)"; flow:established,from_client; content:"GET"; http_method; content:"/11401304018275.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057411/; classtype:trojan-activity;sid:83920511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057412)"; flow:established,from_client; content:"GET"; http_method; content:"/13228279724004.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057412/; classtype:trojan-activity;sid:83920512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057413)"; flow:established,from_client; content:"GET"; http_method; content:"/20831255771415.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057413/; classtype:trojan-activity;sid:83920513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057414)"; flow:established,from_client; content:"GET"; http_method; content:"/320611076628622.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057414/; classtype:trojan-activity;sid:83920514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057415)"; flow:established,from_client; content:"GET"; http_method; content:"/20831255771415.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057415/; classtype:trojan-activity;sid:83920515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057416)"; flow:established,from_client; content:"GET"; http_method; content:"/25028894717122.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057416/; classtype:trojan-activity;sid:83920516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057417)"; flow:established,from_client; content:"GET"; http_method; content:"/14240320923345.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057417/; classtype:trojan-activity;sid:83920517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057418)"; flow:established,from_client; content:"GET"; http_method; content:"/58121393721311.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057418/; classtype:trojan-activity;sid:83920518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057419)"; flow:established,from_client; content:"GET"; http_method; content:"/141626646422.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057419/; classtype:trojan-activity;sid:83920519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057420)"; flow:established,from_client; content:"GET"; http_method; content:"/202811428928372.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057420/; classtype:trojan-activity;sid:83920520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057421)"; flow:established,from_client; content:"GET"; http_method; content:"/16134278330185.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057421/; classtype:trojan-activity;sid:83920521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057391)"; flow:established,from_client; content:"GET"; http_method; content:"/70133027720297.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057391/; classtype:trojan-activity;sid:83920491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057392)"; flow:established,from_client; content:"GET"; http_method; content:"/47141987620729.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057392/; classtype:trojan-activity;sid:83920492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057393)"; flow:established,from_client; content:"GET"; http_method; content:"/904513631560.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057393/; classtype:trojan-activity;sid:83920493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057394)"; flow:established,from_client; content:"GET"; http_method; content:"/7285986021605.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057394/; classtype:trojan-activity;sid:83920494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057395)"; flow:established,from_client; content:"GET"; http_method; content:"/186683159919091.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057395/; classtype:trojan-activity;sid:83920495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057396)"; flow:established,from_client; content:"GET"; http_method; content:"/22509121009108.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057396/; classtype:trojan-activity;sid:83920496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057397)"; flow:established,from_client; content:"GET"; http_method; content:"/179732851022052.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057397/; classtype:trojan-activity;sid:83920497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057398)"; flow:established,from_client; content:"GET"; http_method; content:"/163412250512119.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057398/; classtype:trojan-activity;sid:83920498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057399)"; flow:established,from_client; content:"GET"; http_method; content:"/25035723513366.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057399/; classtype:trojan-activity;sid:83920499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057400)"; flow:established,from_client; content:"GET"; http_method; content:"/2433346094121.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057400/; classtype:trojan-activity;sid:83920500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057401)"; flow:established,from_client; content:"GET"; http_method; content:"/16433258548766.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057401/; classtype:trojan-activity;sid:83920501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057402)"; flow:established,from_client; content:"GET"; http_method; content:"/74612999010658.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057402/; classtype:trojan-activity;sid:83920502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057403)"; flow:established,from_client; content:"GET"; http_method; content:"/13505279848351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057403/; classtype:trojan-activity;sid:83920503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057404)"; flow:established,from_client; content:"GET"; http_method; content:"/293581802922445.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057404/; classtype:trojan-activity;sid:83920504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057405)"; flow:established,from_client; content:"GET"; http_method; content:"/18301343424544.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057405/; classtype:trojan-activity;sid:83920505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057406)"; flow:established,from_client; content:"GET"; http_method; content:"/133743007529826.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057406/; classtype:trojan-activity;sid:83920506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057407)"; flow:established,from_client; content:"GET"; http_method; content:"/6840784313807.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057407/; classtype:trojan-activity;sid:83920507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057370)"; flow:established,from_client; content:"GET"; http_method; content:"/85112116625809.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057370/; classtype:trojan-activity;sid:83920470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057371)"; flow:established,from_client; content:"GET"; http_method; content:"/62693180814501.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057371/; classtype:trojan-activity;sid:83920471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057372)"; flow:established,from_client; content:"GET"; http_method; content:"/2799097265884.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057372/; classtype:trojan-activity;sid:83920472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057373)"; flow:established,from_client; content:"GET"; http_method; content:"/16134278330185.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057373/; classtype:trojan-activity;sid:83920473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057374)"; flow:established,from_client; content:"GET"; http_method; content:"/16512111009916.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057374/; classtype:trojan-activity;sid:83920474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057375)"; flow:established,from_client; content:"GET"; http_method; content:"/320611076628622.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057375/; classtype:trojan-activity;sid:83920475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057376)"; flow:established,from_client; content:"GET"; http_method; content:"/185382785731260.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057376/; classtype:trojan-activity;sid:83920476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057377)"; flow:established,from_client; content:"GET"; http_method; content:"/5336150120480.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057377/; classtype:trojan-activity;sid:83920477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057378)"; flow:established,from_client; content:"GET"; http_method; content:"/196452519319596.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057378/; classtype:trojan-activity;sid:83920478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057379)"; flow:established,from_client; content:"GET"; http_method; content:"/16512111009916.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057379/; classtype:trojan-activity;sid:83920479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057380)"; flow:established,from_client; content:"GET"; http_method; content:"/2230877325584.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057380/; classtype:trojan-activity;sid:83920480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057381)"; flow:established,from_client; content:"GET"; http_method; content:"/14045293869401.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057381/; classtype:trojan-activity;sid:83920481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057382)"; flow:established,from_client; content:"GET"; http_method; content:"/225742142723127.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057382/; classtype:trojan-activity;sid:83920482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057383)"; flow:established,from_client; content:"GET"; http_method; content:"/289341765223497.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057383/; classtype:trojan-activity;sid:83920483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057384)"; flow:established,from_client; content:"GET"; http_method; content:"/194642919326010.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057384/; classtype:trojan-activity;sid:83920484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057385)"; flow:established,from_client; content:"GET"; http_method; content:"/6691249755586.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057385/; classtype:trojan-activity;sid:83920485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057386)"; flow:established,from_client; content:"GET"; http_method; content:"/20831255771415.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057386/; classtype:trojan-activity;sid:83920486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057387)"; flow:established,from_client; content:"GET"; http_method; content:"/126951871630094.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057387/; classtype:trojan-activity;sid:83920487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057388)"; flow:established,from_client; content:"GET"; http_method; content:"/20772434815351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057388/; classtype:trojan-activity;sid:83920488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057389)"; flow:established,from_client; content:"GET"; http_method; content:"/25909643110239.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057389/; classtype:trojan-activity;sid:83920489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057390)"; flow:established,from_client; content:"GET"; http_method; content:"/9074271717066.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057390/; classtype:trojan-activity;sid:83920490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057365)"; flow:established,from_client; content:"GET"; http_method; content:"/320611076628622.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057365/; classtype:trojan-activity;sid:83920465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057366)"; flow:established,from_client; content:"GET"; http_method; content:"/159642403518699.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057366/; classtype:trojan-activity;sid:83920466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057367)"; flow:established,from_client; content:"GET"; http_method; content:"/20772434815351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057367/; classtype:trojan-activity;sid:83920467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057368)"; flow:established,from_client; content:"GET"; http_method; content:"/196452519319596.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057368/; classtype:trojan-activity;sid:83920468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057369)"; flow:established,from_client; content:"GET"; http_method; content:"/3572246549187.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057369/; classtype:trojan-activity;sid:83920469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057332)"; flow:established,from_client; content:"GET"; http_method; content:"/235132567015030.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057332/; classtype:trojan-activity;sid:83920432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057333)"; flow:established,from_client; content:"GET"; http_method; content:"/113883084112122.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057333/; classtype:trojan-activity;sid:83920433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057334)"; flow:established,from_client; content:"GET"; http_method; content:"/70133027720297.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057334/; classtype:trojan-activity;sid:83920434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057335)"; flow:established,from_client; content:"GET"; http_method; content:"/47312627127348.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057335/; classtype:trojan-activity;sid:83920435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057336)"; flow:established,from_client; content:"GET"; http_method; content:"/22509121009108.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057336/; classtype:trojan-activity;sid:83920436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057337)"; flow:established,from_client; content:"GET"; http_method; content:"/14045293869401.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057337/; classtype:trojan-activity;sid:83920437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057338)"; flow:established,from_client; content:"GET"; http_method; content:"/47141987620729.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057338/; classtype:trojan-activity;sid:83920438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057339)"; flow:established,from_client; content:"GET"; http_method; content:"/25028894717122.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057339/; classtype:trojan-activity;sid:83920439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057340)"; flow:established,from_client; content:"GET"; http_method; content:"/122302714028311.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057340/; classtype:trojan-activity;sid:83920440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057341)"; flow:established,from_client; content:"GET"; http_method; content:"/1905070293923.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057341/; classtype:trojan-activity;sid:83920441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057342)"; flow:established,from_client; content:"GET"; http_method; content:"/21218949518664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057342/; classtype:trojan-activity;sid:83920442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057343)"; flow:established,from_client; content:"GET"; http_method; content:"/13228279724004.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057343/; classtype:trojan-activity;sid:83920443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057344)"; flow:established,from_client; content:"GET"; http_method; content:"/240702223723210.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057344/; classtype:trojan-activity;sid:83920444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057345)"; flow:established,from_client; content:"GET"; http_method; content:"/8623717231350.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057345/; classtype:trojan-activity;sid:83920445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057346)"; flow:established,from_client; content:"GET"; http_method; content:"/282882462825858.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057346/; classtype:trojan-activity;sid:83920446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057347)"; flow:established,from_client; content:"GET"; http_method; content:"/30742057426029.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057347/; classtype:trojan-activity;sid:83920447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057348)"; flow:established,from_client; content:"GET"; http_method; content:"/30742057426029.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057348/; classtype:trojan-activity;sid:83920448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057349)"; flow:established,from_client; content:"GET"; http_method; content:"/275602608018447.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057349/; classtype:trojan-activity;sid:83920449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057350)"; flow:established,from_client; content:"GET"; http_method; content:"/8623717231350.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057350/; classtype:trojan-activity;sid:83920450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057351)"; flow:established,from_client; content:"GET"; http_method; content:"/2645972026200.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057351/; classtype:trojan-activity;sid:83920451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057352)"; flow:established,from_client; content:"GET"; http_method; content:"/17959616912130.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057352/; classtype:trojan-activity;sid:83920452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057353)"; flow:established,from_client; content:"GET"; http_method; content:"/282882462825858.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057353/; classtype:trojan-activity;sid:83920453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057354)"; flow:established,from_client; content:"GET"; http_method; content:"/86781133818144.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057354/; classtype:trojan-activity;sid:83920454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057355)"; flow:established,from_client; content:"GET"; http_method; content:"/6254308077500.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057355/; classtype:trojan-activity;sid:83920455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057356)"; flow:established,from_client; content:"GET"; http_method; content:"/721256141486.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057356/; classtype:trojan-activity;sid:83920456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057357)"; flow:established,from_client; content:"GET"; http_method; content:"/18301343424544.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057357/; classtype:trojan-activity;sid:83920457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057358)"; flow:established,from_client; content:"GET"; http_method; content:"/209012524319550.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057358/; classtype:trojan-activity;sid:83920458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057359)"; flow:established,from_client; content:"GET"; http_method; content:"/17959616912130.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057359/; classtype:trojan-activity;sid:83920459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057360)"; flow:established,from_client; content:"GET"; http_method; content:"/126402128422578.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057360/; classtype:trojan-activity;sid:83920460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057361)"; flow:established,from_client; content:"GET"; http_method; content:"/8623717231350.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057361/; classtype:trojan-activity;sid:83920461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057362)"; flow:established,from_client; content:"GET"; http_method; content:"/293453925026.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057362/; classtype:trojan-activity;sid:83920462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057363)"; flow:established,from_client; content:"GET"; http_method; content:"/26205218665271.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057363/; classtype:trojan-activity;sid:83920463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057364)"; flow:established,from_client; content:"GET"; http_method; content:"/9074271717066.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057364/; classtype:trojan-activity;sid:83920464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057325)"; flow:established,from_client; content:"GET"; http_method; content:"/154121319421467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057325/; classtype:trojan-activity;sid:83920425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057326)"; flow:established,from_client; content:"GET"; http_method; content:"/1871393130833.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057326/; classtype:trojan-activity;sid:83920426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057327)"; flow:established,from_client; content:"GET"; http_method; content:"/721256141486.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057327/; classtype:trojan-activity;sid:83920427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057328)"; flow:established,from_client; content:"GET"; http_method; content:"/27732302912131.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057328/; classtype:trojan-activity;sid:83920428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057329)"; flow:established,from_client; content:"GET"; http_method; content:"/239382109316501.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057329/; classtype:trojan-activity;sid:83920429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057330)"; flow:established,from_client; content:"GET"; http_method; content:"/23712160411586.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057330/; classtype:trojan-activity;sid:83920430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057331)"; flow:established,from_client; content:"GET"; http_method; content:"/225742142723127.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057331/; classtype:trojan-activity;sid:83920431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057289)"; flow:established,from_client; content:"GET"; http_method; content:"/294231561923485.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057289/; classtype:trojan-activity;sid:83920389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057290)"; flow:established,from_client; content:"GET"; http_method; content:"/14045293869401.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057290/; classtype:trojan-activity;sid:83920390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057291)"; flow:established,from_client; content:"GET"; http_method; content:"/221176234056.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057291/; classtype:trojan-activity;sid:83920391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057292)"; flow:established,from_client; content:"GET"; http_method; content:"/297331327429949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057292/; classtype:trojan-activity;sid:83920392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057293)"; flow:established,from_client; content:"GET"; http_method; content:"/1871393130833.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057293/; classtype:trojan-activity;sid:83920393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057294)"; flow:established,from_client; content:"GET"; http_method; content:"/21209181316742.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057294/; classtype:trojan-activity;sid:83920394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057295)"; flow:established,from_client; content:"GET"; http_method; content:"/293581802922445.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057295/; classtype:trojan-activity;sid:83920395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057296)"; flow:established,from_client; content:"GET"; http_method; content:"/208202596920014.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057296/; classtype:trojan-activity;sid:83920396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057297)"; flow:established,from_client; content:"GET"; http_method; content:"/9106210789637.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057297/; classtype:trojan-activity;sid:83920397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057298)"; flow:established,from_client; content:"GET"; http_method; content:"/21854102773609.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057298/; classtype:trojan-activity;sid:83920398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057299)"; flow:established,from_client; content:"GET"; http_method; content:"/19786138996700.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057299/; classtype:trojan-activity;sid:83920399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057300)"; flow:established,from_client; content:"GET"; http_method; content:"/27732302912131.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057300/; classtype:trojan-activity;sid:83920400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057301)"; flow:established,from_client; content:"GET"; http_method; content:"/162312656229872.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057301/; classtype:trojan-activity;sid:83920401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057302)"; flow:established,from_client; content:"GET"; http_method; content:"/186683159919091.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057302/; classtype:trojan-activity;sid:83920402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057303)"; flow:established,from_client; content:"GET"; http_method; content:"/11401304018275.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057303/; classtype:trojan-activity;sid:83920403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057304)"; flow:established,from_client; content:"GET"; http_method; content:"/162312656229872.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057304/; classtype:trojan-activity;sid:83920404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057305)"; flow:established,from_client; content:"GET"; http_method; content:"/162312656229872.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057305/; classtype:trojan-activity;sid:83920405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057306)"; flow:established,from_client; content:"GET"; http_method; content:"/26203177426594.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057306/; classtype:trojan-activity;sid:83920406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057307)"; flow:established,from_client; content:"GET"; http_method; content:"/7607213729806.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057307/; classtype:trojan-activity;sid:83920407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057308)"; flow:established,from_client; content:"GET"; http_method; content:"/20772434815351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057308/; classtype:trojan-activity;sid:83920408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057309)"; flow:established,from_client; content:"GET"; http_method; content:"/239382109316501.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057309/; classtype:trojan-activity;sid:83920409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057310)"; flow:established,from_client; content:"GET"; http_method; content:"/185382785731260.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057310/; classtype:trojan-activity;sid:83920410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057311)"; flow:established,from_client; content:"GET"; http_method; content:"/293581802922445.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057311/; classtype:trojan-activity;sid:83920411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057312)"; flow:established,from_client; content:"GET"; http_method; content:"/179732851022052.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057312/; classtype:trojan-activity;sid:83920412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057313)"; flow:established,from_client; content:"GET"; http_method; content:"/134881886712041.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057313/; classtype:trojan-activity;sid:83920413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057314)"; flow:established,from_client; content:"GET"; http_method; content:"/160551844320505.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057314/; classtype:trojan-activity;sid:83920414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057315)"; flow:established,from_client; content:"GET"; http_method; content:"/1111263555411.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057315/; classtype:trojan-activity;sid:83920415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057316)"; flow:established,from_client; content:"GET"; http_method; content:"/47141987620729.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057316/; classtype:trojan-activity;sid:83920416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057317)"; flow:established,from_client; content:"GET"; http_method; content:"/5336150120480.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057317/; classtype:trojan-activity;sid:83920417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057318)"; flow:established,from_client; content:"GET"; http_method; content:"/25909643110239.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057318/; classtype:trojan-activity;sid:83920418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057319)"; flow:established,from_client; content:"GET"; http_method; content:"/13228279724004.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057319/; classtype:trojan-activity;sid:83920419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057320)"; flow:established,from_client; content:"GET"; http_method; content:"/9074271717066.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057320/; classtype:trojan-activity;sid:83920420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057321)"; flow:established,from_client; content:"GET"; http_method; content:"/126951871630094.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057321/; classtype:trojan-activity;sid:83920421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057322)"; flow:established,from_client; content:"GET"; http_method; content:"/4942163781639.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057322/; classtype:trojan-activity;sid:83920422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057323)"; flow:established,from_client; content:"GET"; http_method; content:"/159642403518699.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057323/; classtype:trojan-activity;sid:83920423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057324)"; flow:established,from_client; content:"GET"; http_method; content:"/3572246549187.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057324/; classtype:trojan-activity;sid:83920424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057285)"; flow:established,from_client; content:"GET"; http_method; content:"/21209181316742.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057285/; classtype:trojan-activity;sid:83920385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057286)"; flow:established,from_client; content:"GET"; http_method; content:"/219952090612375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057286/; classtype:trojan-activity;sid:83920386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057287)"; flow:established,from_client; content:"GET"; http_method; content:"/16134278330185.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057287/; classtype:trojan-activity;sid:83920387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057288)"; flow:established,from_client; content:"GET"; http_method; content:"/295711304116423.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057288/; classtype:trojan-activity;sid:83920388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057270)"; flow:established,from_client; content:"GET"; http_method; content:"/20772434815351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057270/; classtype:trojan-activity;sid:83920370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057271)"; flow:established,from_client; content:"GET"; http_method; content:"/157732148715945.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057271/; classtype:trojan-activity;sid:83920371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057272)"; flow:established,from_client; content:"GET"; http_method; content:"/74612999010658.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057272/; classtype:trojan-activity;sid:83920372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057273)"; flow:established,from_client; content:"GET"; http_method; content:"/25035723513366.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057273/; classtype:trojan-activity;sid:83920373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057274)"; flow:established,from_client; content:"GET"; http_method; content:"/17777753213985.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057274/; classtype:trojan-activity;sid:83920374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057275)"; flow:established,from_client; content:"GET"; http_method; content:"/58121393721311.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057275/; classtype:trojan-activity;sid:83920375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057276)"; flow:established,from_client; content:"GET"; http_method; content:"/7607213729806.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057276/; classtype:trojan-activity;sid:83920376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057277)"; flow:established,from_client; content:"GET"; http_method; content:"/26203177426594.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057277/; classtype:trojan-activity;sid:83920377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057278)"; flow:established,from_client; content:"GET"; http_method; content:"/20772434815351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057278/; classtype:trojan-activity;sid:83920378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057279)"; flow:established,from_client; content:"GET"; http_method; content:"/186711723522606.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057279/; classtype:trojan-activity;sid:83920379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057280)"; flow:established,from_client; content:"GET"; http_method; content:"/19786138996700.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057280/; classtype:trojan-activity;sid:83920380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057281)"; flow:established,from_client; content:"GET"; http_method; content:"/9074271717066.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057281/; classtype:trojan-activity;sid:83920381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057282)"; flow:established,from_client; content:"GET"; http_method; content:"/26203177426594.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057282/; classtype:trojan-activity;sid:83920382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057283)"; flow:established,from_client; content:"GET"; http_method; content:"/7285986021605.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057283/; classtype:trojan-activity;sid:83920383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057284)"; flow:established,from_client; content:"GET"; http_method; content:"/179732851022052.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057284/; classtype:trojan-activity;sid:83920384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057250)"; flow:established,from_client; content:"GET"; http_method; content:"/240702223723210.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057250/; classtype:trojan-activity;sid:83920350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057251)"; flow:established,from_client; content:"GET"; http_method; content:"/9106210789637.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057251/; classtype:trojan-activity;sid:83920351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057252)"; flow:established,from_client; content:"GET"; http_method; content:"/26203177426594.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057252/; classtype:trojan-activity;sid:83920352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057253)"; flow:established,from_client; content:"GET"; http_method; content:"/126951871630094.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057253/; classtype:trojan-activity;sid:83920353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057254)"; flow:established,from_client; content:"GET"; http_method; content:"/238881753218283.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057254/; classtype:trojan-activity;sid:83920354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057255)"; flow:established,from_client; content:"GET"; http_method; content:"/48121709111246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057255/; classtype:trojan-activity;sid:83920355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057256)"; flow:established,from_client; content:"GET"; http_method; content:"/2799097265884.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057256/; classtype:trojan-activity;sid:83920356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057257)"; flow:established,from_client; content:"GET"; http_method; content:"/3572246549187.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057257/; classtype:trojan-activity;sid:83920357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057258)"; flow:established,from_client; content:"GET"; http_method; content:"/31852834330664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057258/; classtype:trojan-activity;sid:83920358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057259)"; flow:established,from_client; content:"GET"; http_method; content:"/21218949518664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057259/; classtype:trojan-activity;sid:83920359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057260)"; flow:established,from_client; content:"GET"; http_method; content:"/6691249755586.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057260/; classtype:trojan-activity;sid:83920360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057261)"; flow:established,from_client; content:"GET"; http_method; content:"/14217940225195.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057261/; classtype:trojan-activity;sid:83920361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057262)"; flow:established,from_client; content:"GET"; http_method; content:"/225742142723127.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057262/; classtype:trojan-activity;sid:83920362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057263)"; flow:established,from_client; content:"GET"; http_method; content:"/31852834330664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057263/; classtype:trojan-activity;sid:83920363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057264)"; flow:established,from_client; content:"GET"; http_method; content:"/16134278330185.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057264/; classtype:trojan-activity;sid:83920364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057265)"; flow:established,from_client; content:"GET"; http_method; content:"/134881886712041.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057265/; classtype:trojan-activity;sid:83920365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057266)"; flow:established,from_client; content:"GET"; http_method; content:"/16512111009916.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057266/; classtype:trojan-activity;sid:83920366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057267)"; flow:established,from_client; content:"GET"; http_method; content:"/30742057426029.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057267/; classtype:trojan-activity;sid:83920367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057268)"; flow:established,from_client; content:"GET"; http_method; content:"/10021225958516.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057268/; classtype:trojan-activity;sid:83920368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057269)"; flow:established,from_client; content:"GET"; http_method; content:"/133743007529826.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057269/; classtype:trojan-activity;sid:83920369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057248)"; flow:established,from_client; content:"GET"; http_method; content:"/14217940225195.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057248/; classtype:trojan-activity;sid:83920348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057249)"; flow:established,from_client; content:"GET"; http_method; content:"/21218949518664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057249/; classtype:trojan-activity;sid:83920349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057225)"; flow:established,from_client; content:"GET"; http_method; content:"/282882462825858.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057225/; classtype:trojan-activity;sid:83920325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057226)"; flow:established,from_client; content:"GET"; http_method; content:"/62693180814501.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057226/; classtype:trojan-activity;sid:83920326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057227)"; flow:established,from_client; content:"GET"; http_method; content:"/25028894717122.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057227/; classtype:trojan-activity;sid:83920327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057228)"; flow:established,from_client; content:"GET"; http_method; content:"/126402128422578.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057228/; classtype:trojan-activity;sid:83920328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057229)"; flow:established,from_client; content:"GET"; http_method; content:"/289341765223497.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057229/; classtype:trojan-activity;sid:83920329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057230)"; flow:established,from_client; content:"GET"; http_method; content:"/19786138996700.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057230/; classtype:trojan-activity;sid:83920330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057231)"; flow:established,from_client; content:"GET"; http_method; content:"/2799097265884.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057231/; classtype:trojan-activity;sid:83920331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057232)"; flow:established,from_client; content:"GET"; http_method; content:"/297331327429949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057232/; classtype:trojan-activity;sid:83920332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057233)"; flow:established,from_client; content:"GET"; http_method; content:"/4942163781639.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057233/; classtype:trojan-activity;sid:83920333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057234)"; flow:established,from_client; content:"GET"; http_method; content:"/234647089425.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057234/; classtype:trojan-activity;sid:83920334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057235)"; flow:established,from_client; content:"GET"; http_method; content:"/17283221221217.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057235/; classtype:trojan-activity;sid:83920335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057236)"; flow:established,from_client; content:"GET"; http_method; content:"/21854102773609.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057236/; classtype:trojan-activity;sid:83920336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057237)"; flow:established,from_client; content:"GET"; http_method; content:"/199273075630702.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057237/; classtype:trojan-activity;sid:83920337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057238)"; flow:established,from_client; content:"GET"; http_method; content:"/17777753213985.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057238/; classtype:trojan-activity;sid:83920338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057239)"; flow:established,from_client; content:"GET"; http_method; content:"/219162541119066.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057239/; classtype:trojan-activity;sid:83920339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057240)"; flow:established,from_client; content:"GET"; http_method; content:"/6691249755586.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057240/; classtype:trojan-activity;sid:83920340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057241)"; flow:established,from_client; content:"GET"; http_method; content:"/9753910413140.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057241/; classtype:trojan-activity;sid:83920341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057242)"; flow:established,from_client; content:"GET"; http_method; content:"/297331327429949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057242/; classtype:trojan-activity;sid:83920342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057243)"; flow:established,from_client; content:"GET"; http_method; content:"/6254308077500.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057243/; classtype:trojan-activity;sid:83920343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057244)"; flow:established,from_client; content:"GET"; http_method; content:"/26205218665271.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057244/; classtype:trojan-activity;sid:83920344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057245)"; flow:established,from_client; content:"GET"; http_method; content:"/19786138996700.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057245/; classtype:trojan-activity;sid:83920345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057246)"; flow:established,from_client; content:"GET"; http_method; content:"/58121393721311.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057246/; classtype:trojan-activity;sid:83920346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057247)"; flow:established,from_client; content:"GET"; http_method; content:"/16433258548766.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057247/; classtype:trojan-activity;sid:83920347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057210)"; flow:established,from_client; content:"GET"; http_method; content:"/2433346094121.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057210/; classtype:trojan-activity;sid:83920310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057211)"; flow:established,from_client; content:"GET"; http_method; content:"/234647089425.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057211/; classtype:trojan-activity;sid:83920311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057212)"; flow:established,from_client; content:"GET"; http_method; content:"/21218949518664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057212/; classtype:trojan-activity;sid:83920312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057213)"; flow:established,from_client; content:"GET"; http_method; content:"/294231561923485.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057213/; classtype:trojan-activity;sid:83920313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057214)"; flow:established,from_client; content:"GET"; http_method; content:"/1871393130833.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057214/; classtype:trojan-activity;sid:83920314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057215)"; flow:established,from_client; content:"GET"; http_method; content:"/48111999325022.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057215/; classtype:trojan-activity;sid:83920315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057216)"; flow:established,from_client; content:"GET"; http_method; content:"/904513631560.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057216/; classtype:trojan-activity;sid:83920316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057217)"; flow:established,from_client; content:"GET"; http_method; content:"/238881753218283.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057217/; classtype:trojan-activity;sid:83920317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057218)"; flow:established,from_client; content:"GET"; http_method; content:"/185382785731260.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057218/; classtype:trojan-activity;sid:83920318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057219)"; flow:established,from_client; content:"GET"; http_method; content:"/2939869728525.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057219/; classtype:trojan-activity;sid:83920319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057220)"; flow:established,from_client; content:"GET"; http_method; content:"/159642403518699.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057220/; classtype:trojan-activity;sid:83920320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057221)"; flow:established,from_client; content:"GET"; http_method; content:"/196452519319596.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057221/; classtype:trojan-activity;sid:83920321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057222)"; flow:established,from_client; content:"GET"; http_method; content:"/9753910413140.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057222/; classtype:trojan-activity;sid:83920322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057223)"; flow:established,from_client; content:"GET"; http_method; content:"/16134278330185.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057223/; classtype:trojan-activity;sid:83920323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057224)"; flow:established,from_client; content:"GET"; http_method; content:"/293453925026.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057224/; classtype:trojan-activity;sid:83920324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057205)"; flow:established,from_client; content:"GET"; http_method; content:"/159642403518699.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057205/; classtype:trojan-activity;sid:83920305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057206)"; flow:established,from_client; content:"GET"; http_method; content:"/162312656229872.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057206/; classtype:trojan-activity;sid:83920306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057207)"; flow:established,from_client; content:"GET"; http_method; content:"/196452519319596.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057207/; classtype:trojan-activity;sid:83920307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057208)"; flow:established,from_client; content:"GET"; http_method; content:"/19786138996700.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057208/; classtype:trojan-activity;sid:83920308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057209)"; flow:established,from_client; content:"GET"; http_method; content:"/162312656229872.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057209/; classtype:trojan-activity;sid:83920309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057199)"; flow:established,from_client; content:"GET"; http_method; content:"/221176234056.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057199/; classtype:trojan-activity;sid:83920299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057200)"; flow:established,from_client; content:"GET"; http_method; content:"/196452519319596.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057200/; classtype:trojan-activity;sid:83920300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057201)"; flow:established,from_client; content:"GET"; http_method; content:"/275602608018447.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057201/; classtype:trojan-activity;sid:83920301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057202)"; flow:established,from_client; content:"GET"; http_method; content:"/18301343424544.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057202/; classtype:trojan-activity;sid:83920302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057203)"; flow:established,from_client; content:"GET"; http_method; content:"/1905070293923.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057203/; classtype:trojan-activity;sid:83920303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057204)"; flow:established,from_client; content:"GET"; http_method; content:"/208202596920014.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057204/; classtype:trojan-activity;sid:83920304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057185)"; flow:established,from_client; content:"GET"; http_method; content:"/80311668531588.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057185/; classtype:trojan-activity;sid:83920285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057186)"; flow:established,from_client; content:"GET"; http_method; content:"/11401304018275.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057186/; classtype:trojan-activity;sid:83920286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057187)"; flow:established,from_client; content:"GET"; http_method; content:"/6254308077500.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057187/; classtype:trojan-activity;sid:83920287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057188)"; flow:established,from_client; content:"GET"; http_method; content:"/208202596920014.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057188/; classtype:trojan-activity;sid:83920288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057189)"; flow:established,from_client; content:"GET"; http_method; content:"/1111263555411.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057189/; classtype:trojan-activity;sid:83920289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057190)"; flow:established,from_client; content:"GET"; http_method; content:"/13228279724004.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057190/; classtype:trojan-activity;sid:83920290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057191)"; flow:established,from_client; content:"GET"; http_method; content:"/134881886712041.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057191/; classtype:trojan-activity;sid:83920291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057192)"; flow:established,from_client; content:"GET"; http_method; content:"/259802001812467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057192/; classtype:trojan-activity;sid:83920292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057193)"; flow:established,from_client; content:"GET"; http_method; content:"/194642919326010.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057193/; classtype:trojan-activity;sid:83920293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057194)"; flow:established,from_client; content:"GET"; http_method; content:"/289341765223497.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057194/; classtype:trojan-activity;sid:83920294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057195)"; flow:established,from_client; content:"GET"; http_method; content:"/219952090612375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057195/; classtype:trojan-activity;sid:83920295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057196)"; flow:established,from_client; content:"GET"; http_method; content:"/48121709111246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057196/; classtype:trojan-activity;sid:83920296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057197)"; flow:established,from_client; content:"GET"; http_method; content:"/9106210789637.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057197/; classtype:trojan-activity;sid:83920297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057198)"; flow:established,from_client; content:"GET"; http_method; content:"/13228279724004.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057198/; classtype:trojan-activity;sid:83920298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057159)"; flow:established,from_client; content:"GET"; http_method; content:"/58121393721311.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057159/; classtype:trojan-activity;sid:83920259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057160)"; flow:established,from_client; content:"GET"; http_method; content:"/14240320923345.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057160/; classtype:trojan-activity;sid:83920260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057161)"; flow:established,from_client; content:"GET"; http_method; content:"/21854102773609.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057161/; classtype:trojan-activity;sid:83920261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057162)"; flow:established,from_client; content:"GET"; http_method; content:"/258321656031949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057162/; classtype:trojan-activity;sid:83920262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057163)"; flow:established,from_client; content:"GET"; http_method; content:"/16512111009916.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057163/; classtype:trojan-activity;sid:83920263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057164)"; flow:established,from_client; content:"GET"; http_method; content:"/282882462825858.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057164/; classtype:trojan-activity;sid:83920264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057165)"; flow:established,from_client; content:"GET"; http_method; content:"/13505279848351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057165/; classtype:trojan-activity;sid:83920265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057166)"; flow:established,from_client; content:"GET"; http_method; content:"/199273075630702.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057166/; classtype:trojan-activity;sid:83920266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057167)"; flow:established,from_client; content:"GET"; http_method; content:"/126951871630094.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057167/; classtype:trojan-activity;sid:83920267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057168)"; flow:established,from_client; content:"GET"; http_method; content:"/275602608018447.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057168/; classtype:trojan-activity;sid:83920268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057169)"; flow:established,from_client; content:"GET"; http_method; content:"/62693180814501.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057169/; classtype:trojan-activity;sid:83920269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057170)"; flow:established,from_client; content:"GET"; http_method; content:"/95491831519039.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057170/; classtype:trojan-activity;sid:83920270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057171)"; flow:established,from_client; content:"GET"; http_method; content:"/31852834330664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057171/; classtype:trojan-activity;sid:83920271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057172)"; flow:established,from_client; content:"GET"; http_method; content:"/259802001812467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057172/; classtype:trojan-activity;sid:83920272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057173)"; flow:established,from_client; content:"GET"; http_method; content:"/20772434815351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057173/; classtype:trojan-activity;sid:83920273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057174)"; flow:established,from_client; content:"GET"; http_method; content:"/10021225958516.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057174/; classtype:trojan-activity;sid:83920274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057175)"; flow:established,from_client; content:"GET"; http_method; content:"/161101029419095.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057175/; classtype:trojan-activity;sid:83920275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057176)"; flow:established,from_client; content:"GET"; http_method; content:"/6691249755586.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057176/; classtype:trojan-activity;sid:83920276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057177)"; flow:established,from_client; content:"GET"; http_method; content:"/235132567015030.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057177/; classtype:trojan-activity;sid:83920277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057178)"; flow:established,from_client; content:"GET"; http_method; content:"/7450468614233.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057178/; classtype:trojan-activity;sid:83920278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057179)"; flow:established,from_client; content:"GET"; http_method; content:"/2939869728525.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057179/; classtype:trojan-activity;sid:83920279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057180)"; flow:established,from_client; content:"GET"; http_method; content:"/13505279848351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057180/; classtype:trojan-activity;sid:83920280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057181)"; flow:established,from_client; content:"GET"; http_method; content:"/293453925026.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057181/; classtype:trojan-activity;sid:83920281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057182)"; flow:established,from_client; content:"GET"; http_method; content:"/47312627127348.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057182/; classtype:trojan-activity;sid:83920282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057183)"; flow:established,from_client; content:"GET"; http_method; content:"/21209181316742.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057183/; classtype:trojan-activity;sid:83920283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057184)"; flow:established,from_client; content:"GET"; http_method; content:"/238881753218283.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057184/; classtype:trojan-activity;sid:83920284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057156)"; flow:established,from_client; content:"GET"; http_method; content:"/86781133818144.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057156/; classtype:trojan-activity;sid:83920256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057157)"; flow:established,from_client; content:"GET"; http_method; content:"/154121319421467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057157/; classtype:trojan-activity;sid:83920257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057158)"; flow:established,from_client; content:"GET"; http_method; content:"/95541017927181.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057158/; classtype:trojan-activity;sid:83920258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057138)"; flow:established,from_client; content:"GET"; http_method; content:"/28792574431684.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057138/; classtype:trojan-activity;sid:83920238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057139)"; flow:established,from_client; content:"GET"; http_method; content:"/160551844320505.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057139/; classtype:trojan-activity;sid:83920239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057140)"; flow:established,from_client; content:"GET"; http_method; content:"/293453925026.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057140/; classtype:trojan-activity;sid:83920240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057141)"; flow:established,from_client; content:"GET"; http_method; content:"/27732302912131.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057141/; classtype:trojan-activity;sid:83920241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057142)"; flow:established,from_client; content:"GET"; http_method; content:"/9074271717066.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057142/; classtype:trojan-activity;sid:83920242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057143)"; flow:established,from_client; content:"GET"; http_method; content:"/185382785731260.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057143/; classtype:trojan-activity;sid:83920243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057144)"; flow:established,from_client; content:"GET"; http_method; content:"/179732851022052.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057144/; classtype:trojan-activity;sid:83920244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057145)"; flow:established,from_client; content:"GET"; http_method; content:"/162173226519808.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057145/; classtype:trojan-activity;sid:83920245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057146)"; flow:established,from_client; content:"GET"; http_method; content:"/11401304018275.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057146/; classtype:trojan-activity;sid:83920246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057147)"; flow:established,from_client; content:"GET"; http_method; content:"/4942163781639.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057147/; classtype:trojan-activity;sid:83920247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057148)"; flow:established,from_client; content:"GET"; http_method; content:"/140471797424079.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057148/; classtype:trojan-activity;sid:83920248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057149)"; flow:established,from_client; content:"GET"; http_method; content:"/2433346094121.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057149/; classtype:trojan-activity;sid:83920249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057150)"; flow:established,from_client; content:"GET"; http_method; content:"/26205218665271.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057150/; classtype:trojan-activity;sid:83920250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057151)"; flow:established,from_client; content:"GET"; http_method; content:"/297331327429949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057151/; classtype:trojan-activity;sid:83920251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057152)"; flow:established,from_client; content:"GET"; http_method; content:"/154121319421467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057152/; classtype:trojan-activity;sid:83920252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057153)"; flow:established,from_client; content:"GET"; http_method; content:"/25028894717122.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057153/; classtype:trojan-activity;sid:83920253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057154)"; flow:established,from_client; content:"GET"; http_method; content:"/7285986021605.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057154/; classtype:trojan-activity;sid:83920254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057155)"; flow:established,from_client; content:"GET"; http_method; content:"/202811428928372.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057155/; classtype:trojan-activity;sid:83920255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057116)"; flow:established,from_client; content:"GET"; http_method; content:"/160551844320505.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057116/; classtype:trojan-activity;sid:83920216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057117)"; flow:established,from_client; content:"GET"; http_method; content:"/126951871630094.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057117/; classtype:trojan-activity;sid:83920217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057118)"; flow:established,from_client; content:"GET"; http_method; content:"/239382109316501.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057118/; classtype:trojan-activity;sid:83920218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057119)"; flow:established,from_client; content:"GET"; http_method; content:"/275602608018447.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057119/; classtype:trojan-activity;sid:83920219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057120)"; flow:established,from_client; content:"GET"; http_method; content:"/6691249755586.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057120/; classtype:trojan-activity;sid:83920220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057121)"; flow:established,from_client; content:"GET"; http_method; content:"/293453925026.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057121/; classtype:trojan-activity;sid:83920221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057122)"; flow:established,from_client; content:"GET"; http_method; content:"/13505279848351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057122/; classtype:trojan-activity;sid:83920222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057123)"; flow:established,from_client; content:"GET"; http_method; content:"/194642919326010.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057123/; classtype:trojan-activity;sid:83920223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057124)"; flow:established,from_client; content:"GET"; http_method; content:"/6254308077500.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057124/; classtype:trojan-activity;sid:83920224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057125)"; flow:established,from_client; content:"GET"; http_method; content:"/209012524319550.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057125/; classtype:trojan-activity;sid:83920225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057126)"; flow:established,from_client; content:"GET"; http_method; content:"/31852834330664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057126/; classtype:trojan-activity;sid:83920226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057127)"; flow:established,from_client; content:"GET"; http_method; content:"/162312656229872.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057127/; classtype:trojan-activity;sid:83920227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057128)"; flow:established,from_client; content:"GET"; http_method; content:"/140471797424079.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057128/; classtype:trojan-activity;sid:83920228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057129)"; flow:established,from_client; content:"GET"; http_method; content:"/2433346094121.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057129/; classtype:trojan-activity;sid:83920229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057130)"; flow:established,from_client; content:"GET"; http_method; content:"/141626646422.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057130/; classtype:trojan-activity;sid:83920230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057131)"; flow:established,from_client; content:"GET"; http_method; content:"/202811428928372.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057131/; classtype:trojan-activity;sid:83920231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057132)"; flow:established,from_client; content:"GET"; http_method; content:"/293581802922445.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057132/; classtype:trojan-activity;sid:83920232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057133)"; flow:established,from_client; content:"GET"; http_method; content:"/7450468614233.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057133/; classtype:trojan-activity;sid:83920233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057134)"; flow:established,from_client; content:"GET"; http_method; content:"/6691249755586.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057134/; classtype:trojan-activity;sid:83920234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057135)"; flow:established,from_client; content:"GET"; http_method; content:"/6840784313807.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057135/; classtype:trojan-activity;sid:83920235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057136)"; flow:established,from_client; content:"GET"; http_method; content:"/86781133818144.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057136/; classtype:trojan-activity;sid:83920236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057137)"; flow:established,from_client; content:"GET"; http_method; content:"/58121393721311.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057137/; classtype:trojan-activity;sid:83920237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057115)"; flow:established,from_client; content:"GET"; http_method; content:"/16134278330185.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057115/; classtype:trojan-activity;sid:83920215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057095)"; flow:established,from_client; content:"GET"; http_method; content:"/2645972026200.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057095/; classtype:trojan-activity;sid:83920195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057096)"; flow:established,from_client; content:"GET"; http_method; content:"/1111263555411.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057096/; classtype:trojan-activity;sid:83920196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057097)"; flow:established,from_client; content:"GET"; http_method; content:"/26203177426594.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057097/; classtype:trojan-activity;sid:83920197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057098)"; flow:established,from_client; content:"GET"; http_method; content:"/58121393721311.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057098/; classtype:trojan-activity;sid:83920198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057099)"; flow:established,from_client; content:"GET"; http_method; content:"/6254308077500.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057099/; classtype:trojan-activity;sid:83920199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057100)"; flow:established,from_client; content:"GET"; http_method; content:"/70133027720297.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057100/; classtype:trojan-activity;sid:83920200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057101)"; flow:established,from_client; content:"GET"; http_method; content:"/10021225958516.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057101/; classtype:trojan-activity;sid:83920201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057102)"; flow:established,from_client; content:"GET"; http_method; content:"/21854102773609.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057102/; classtype:trojan-activity;sid:83920202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057103)"; flow:established,from_client; content:"GET"; http_method; content:"/3572246549187.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057103/; classtype:trojan-activity;sid:83920203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057104)"; flow:established,from_client; content:"GET"; http_method; content:"/13505279848351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057104/; classtype:trojan-activity;sid:83920204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057105)"; flow:established,from_client; content:"GET"; http_method; content:"/113883084112122.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057105/; classtype:trojan-activity;sid:83920205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057106)"; flow:established,from_client; content:"GET"; http_method; content:"/320611076628622.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057106/; classtype:trojan-activity;sid:83920206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057107)"; flow:established,from_client; content:"GET"; http_method; content:"/194642919326010.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057107/; classtype:trojan-activity;sid:83920207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057108)"; flow:established,from_client; content:"GET"; http_method; content:"/293581802922445.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057108/; classtype:trojan-activity;sid:83920208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057109)"; flow:established,from_client; content:"GET"; http_method; content:"/13645730022686.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057109/; classtype:trojan-activity;sid:83920209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057110)"; flow:established,from_client; content:"GET"; http_method; content:"/22509121009108.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057110/; classtype:trojan-activity;sid:83920210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057111)"; flow:established,from_client; content:"GET"; http_method; content:"/293581802922445.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057111/; classtype:trojan-activity;sid:83920211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057112)"; flow:established,from_client; content:"GET"; http_method; content:"/239382109316501.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057112/; classtype:trojan-activity;sid:83920212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057113)"; flow:established,from_client; content:"GET"; http_method; content:"/70133027720297.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057113/; classtype:trojan-activity;sid:83920213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057114)"; flow:established,from_client; content:"GET"; http_method; content:"/2645972026200.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057114/; classtype:trojan-activity;sid:83920214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057077)"; flow:established,from_client; content:"GET"; http_method; content:"/2433346094121.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057077/; classtype:trojan-activity;sid:83920177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057078)"; flow:established,from_client; content:"GET"; http_method; content:"/3418233547651.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057078/; classtype:trojan-activity;sid:83920178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057079)"; flow:established,from_client; content:"GET"; http_method; content:"/10021225958516.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057079/; classtype:trojan-activity;sid:83920179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057080)"; flow:established,from_client; content:"GET"; http_method; content:"/3572246549187.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057080/; classtype:trojan-activity;sid:83920180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057081)"; flow:established,from_client; content:"GET"; http_method; content:"/113883084112122.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057081/; classtype:trojan-activity;sid:83920181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057082)"; flow:established,from_client; content:"GET"; http_method; content:"/95541017927181.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057082/; classtype:trojan-activity;sid:83920182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057083)"; flow:established,from_client; content:"GET"; http_method; content:"/141626646422.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057083/; classtype:trojan-activity;sid:83920183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057084)"; flow:established,from_client; content:"GET"; http_method; content:"/185382785731260.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057084/; classtype:trojan-activity;sid:83920184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057085)"; flow:established,from_client; content:"GET"; http_method; content:"/5336150120480.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057085/; classtype:trojan-activity;sid:83920185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057086)"; flow:established,from_client; content:"GET"; http_method; content:"/28792574431684.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057086/; classtype:trojan-activity;sid:83920186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057087)"; flow:established,from_client; content:"GET"; http_method; content:"/258321656031949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057087/; classtype:trojan-activity;sid:83920187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057088)"; flow:established,from_client; content:"GET"; http_method; content:"/26203177426594.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057088/; classtype:trojan-activity;sid:83920188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057089)"; flow:established,from_client; content:"GET"; http_method; content:"/17959616912130.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057089/; classtype:trojan-activity;sid:83920189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057090)"; flow:established,from_client; content:"GET"; http_method; content:"/25035723513366.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057090/; classtype:trojan-activity;sid:83920190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057091)"; flow:established,from_client; content:"GET"; http_method; content:"/13645730022686.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057091/; classtype:trojan-activity;sid:83920191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057092)"; flow:established,from_client; content:"GET"; http_method; content:"/202811428928372.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057092/; classtype:trojan-activity;sid:83920192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057093)"; flow:established,from_client; content:"GET"; http_method; content:"/16433258548766.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057093/; classtype:trojan-activity;sid:83920193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057094)"; flow:established,from_client; content:"GET"; http_method; content:"/86781133818144.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057094/; classtype:trojan-activity;sid:83920194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057069)"; flow:established,from_client; content:"GET"; http_method; content:"/282882462825858.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057069/; classtype:trojan-activity;sid:83920169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057070)"; flow:established,from_client; content:"GET"; http_method; content:"/196452519319596.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057070/; classtype:trojan-activity;sid:83920170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057071)"; flow:established,from_client; content:"GET"; http_method; content:"/258321656031949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057071/; classtype:trojan-activity;sid:83920171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057072)"; flow:established,from_client; content:"GET"; http_method; content:"/74612999010658.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057072/; classtype:trojan-activity;sid:83920172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057073)"; flow:established,from_client; content:"GET"; http_method; content:"/240702223723210.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057073/; classtype:trojan-activity;sid:83920173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057074)"; flow:established,from_client; content:"GET"; http_method; content:"/721256141486.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057074/; classtype:trojan-activity;sid:83920174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057075)"; flow:established,from_client; content:"GET"; http_method; content:"/162173226519808.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057075/; classtype:trojan-activity;sid:83920175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057076)"; flow:established,from_client; content:"GET"; http_method; content:"/14217940225195.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057076/; classtype:trojan-activity;sid:83920176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057043)"; flow:established,from_client; content:"GET"; http_method; content:"/31852834330664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057043/; classtype:trojan-activity;sid:83920143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057044)"; flow:established,from_client; content:"GET"; http_method; content:"/62693180814501.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057044/; classtype:trojan-activity;sid:83920144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057045)"; flow:established,from_client; content:"GET"; http_method; content:"/31852834330664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057045/; classtype:trojan-activity;sid:83920145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057046)"; flow:established,from_client; content:"GET"; http_method; content:"/10021225958516.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057046/; classtype:trojan-activity;sid:83920146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057047)"; flow:established,from_client; content:"GET"; http_method; content:"/320611076628622.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057047/; classtype:trojan-activity;sid:83920147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057048)"; flow:established,from_client; content:"GET"; http_method; content:"/240702223723210.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057048/; classtype:trojan-activity;sid:83920148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057049)"; flow:established,from_client; content:"GET"; http_method; content:"/3418233547651.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057049/; classtype:trojan-activity;sid:83920149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057050)"; flow:established,from_client; content:"GET"; http_method; content:"/13228279724004.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057050/; classtype:trojan-activity;sid:83920150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057051)"; flow:established,from_client; content:"GET"; http_method; content:"/122302714028311.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057051/; classtype:trojan-activity;sid:83920151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057052)"; flow:established,from_client; content:"GET"; http_method; content:"/70133027720297.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057052/; classtype:trojan-activity;sid:83920152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057053)"; flow:established,from_client; content:"GET"; http_method; content:"/62693180814501.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057053/; classtype:trojan-activity;sid:83920153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057054)"; flow:established,from_client; content:"GET"; http_method; content:"/18301343424544.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057054/; classtype:trojan-activity;sid:83920154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057055)"; flow:established,from_client; content:"GET"; http_method; content:"/6840784313807.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057055/; classtype:trojan-activity;sid:83920155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057056)"; flow:established,from_client; content:"GET"; http_method; content:"/14240320923345.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057056/; classtype:trojan-activity;sid:83920156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057057)"; flow:established,from_client; content:"GET"; http_method; content:"/9074271717066.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057057/; classtype:trojan-activity;sid:83920157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057058)"; flow:established,from_client; content:"GET"; http_method; content:"/320611076628622.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057058/; classtype:trojan-activity;sid:83920158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057059)"; flow:established,from_client; content:"GET"; http_method; content:"/2433346094121.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057059/; classtype:trojan-activity;sid:83920159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057060)"; flow:established,from_client; content:"GET"; http_method; content:"/239382109316501.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057060/; classtype:trojan-activity;sid:83920160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057061)"; flow:established,from_client; content:"GET"; http_method; content:"/30742057426029.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057061/; classtype:trojan-activity;sid:83920161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057062)"; flow:established,from_client; content:"GET"; http_method; content:"/126402128422578.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057062/; classtype:trojan-activity;sid:83920162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057063)"; flow:established,from_client; content:"GET"; http_method; content:"/86781133818144.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057063/; classtype:trojan-activity;sid:83920163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057064)"; flow:established,from_client; content:"GET"; http_method; content:"/162173226519808.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057064/; classtype:trojan-activity;sid:83920164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057065)"; flow:established,from_client; content:"GET"; http_method; content:"/208202596920014.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057065/; classtype:trojan-activity;sid:83920165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057066)"; flow:established,from_client; content:"GET"; http_method; content:"/297331327429949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057066/; classtype:trojan-activity;sid:83920166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057067)"; flow:established,from_client; content:"GET"; http_method; content:"/258321656031949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057067/; classtype:trojan-activity;sid:83920167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057068)"; flow:established,from_client; content:"GET"; http_method; content:"/47141987620729.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057068/; classtype:trojan-activity;sid:83920168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057025)"; flow:established,from_client; content:"GET"; http_method; content:"/141626646422.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057025/; classtype:trojan-activity;sid:83920125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057026)"; flow:established,from_client; content:"GET"; http_method; content:"/23712160411586.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057026/; classtype:trojan-activity;sid:83920126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057027)"; flow:established,from_client; content:"GET"; http_method; content:"/31852834330664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057027/; classtype:trojan-activity;sid:83920127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057028)"; flow:established,from_client; content:"GET"; http_method; content:"/289341765223497.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057028/; classtype:trojan-activity;sid:83920128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057029)"; flow:established,from_client; content:"GET"; http_method; content:"/86781133818144.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057029/; classtype:trojan-activity;sid:83920129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057030)"; flow:established,from_client; content:"GET"; http_method; content:"/1111263555411.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057030/; classtype:trojan-activity;sid:83920130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057031)"; flow:established,from_client; content:"GET"; http_method; content:"/20831255771415.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057031/; classtype:trojan-activity;sid:83920131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057032)"; flow:established,from_client; content:"GET"; http_method; content:"/25028894717122.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057032/; classtype:trojan-activity;sid:83920132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057033)"; flow:established,from_client; content:"GET"; http_method; content:"/4942163781639.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057033/; classtype:trojan-activity;sid:83920133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057034)"; flow:established,from_client; content:"GET"; http_method; content:"/282882462825858.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057034/; classtype:trojan-activity;sid:83920134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057035)"; flow:established,from_client; content:"GET"; http_method; content:"/225742142723127.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057035/; classtype:trojan-activity;sid:83920135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057036)"; flow:established,from_client; content:"GET"; http_method; content:"/1905070293923.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057036/; classtype:trojan-activity;sid:83920136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057037)"; flow:established,from_client; content:"GET"; http_method; content:"/259802001812467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057037/; classtype:trojan-activity;sid:83920137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057038)"; flow:established,from_client; content:"GET"; http_method; content:"/5685636510042.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057038/; classtype:trojan-activity;sid:83920138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057039)"; flow:established,from_client; content:"GET"; http_method; content:"/208202596920014.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057039/; classtype:trojan-activity;sid:83920139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057040)"; flow:established,from_client; content:"GET"; http_method; content:"/221176234056.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057040/; classtype:trojan-activity;sid:83920140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057041)"; flow:established,from_client; content:"GET"; http_method; content:"/219162541119066.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057041/; classtype:trojan-activity;sid:83920141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057042)"; flow:established,from_client; content:"GET"; http_method; content:"/17959616912130.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057042/; classtype:trojan-activity;sid:83920142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057003)"; flow:established,from_client; content:"GET"; http_method; content:"/160551844320505.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057003/; classtype:trojan-activity;sid:83920103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057004)"; flow:established,from_client; content:"GET"; http_method; content:"/122302714028311.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057004/; classtype:trojan-activity;sid:83920104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057005)"; flow:established,from_client; content:"GET"; http_method; content:"/48121709111246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057005/; classtype:trojan-activity;sid:83920105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057006)"; flow:established,from_client; content:"GET"; http_method; content:"/199273075630702.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057006/; classtype:trojan-activity;sid:83920106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057007)"; flow:established,from_client; content:"GET"; http_method; content:"/1111263555411.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057007/; classtype:trojan-activity;sid:83920107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057008)"; flow:established,from_client; content:"GET"; http_method; content:"/134881886712041.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057008/; classtype:trojan-activity;sid:83920108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057009)"; flow:established,from_client; content:"GET"; http_method; content:"/293453925026.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057009/; classtype:trojan-activity;sid:83920109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057010)"; flow:established,from_client; content:"GET"; http_method; content:"/202811428928372.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057010/; classtype:trojan-activity;sid:83920110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057011)"; flow:established,from_client; content:"GET"; http_method; content:"/2517831756038.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057011/; classtype:trojan-activity;sid:83920111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057012)"; flow:established,from_client; content:"GET"; http_method; content:"/294231561923485.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057012/; classtype:trojan-activity;sid:83920112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057013)"; flow:established,from_client; content:"GET"; http_method; content:"/22509121009108.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057013/; classtype:trojan-activity;sid:83920113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057014)"; flow:established,from_client; content:"GET"; http_method; content:"/2799097265884.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057014/; classtype:trojan-activity;sid:83920114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057015)"; flow:established,from_client; content:"GET"; http_method; content:"/86781133818144.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057015/; classtype:trojan-activity;sid:83920115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057016)"; flow:established,from_client; content:"GET"; http_method; content:"/179732851022052.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057016/; classtype:trojan-activity;sid:83920116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057017)"; flow:established,from_client; content:"GET"; http_method; content:"/6254308077500.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057017/; classtype:trojan-activity;sid:83920117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057018)"; flow:established,from_client; content:"GET"; http_method; content:"/14217940225195.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057018/; classtype:trojan-activity;sid:83920118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057019)"; flow:established,from_client; content:"GET"; http_method; content:"/161101029419095.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057019/; classtype:trojan-activity;sid:83920119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057020)"; flow:established,from_client; content:"GET"; http_method; content:"/5336150120480.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057020/; classtype:trojan-activity;sid:83920120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057021)"; flow:established,from_client; content:"GET"; http_method; content:"/202811428928372.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057021/; classtype:trojan-activity;sid:83920121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057022)"; flow:established,from_client; content:"GET"; http_method; content:"/133743007529826.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057022/; classtype:trojan-activity;sid:83920122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057023)"; flow:established,from_client; content:"GET"; http_method; content:"/2230877325584.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057023/; classtype:trojan-activity;sid:83920123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057024)"; flow:established,from_client; content:"GET"; http_method; content:"/134881886712041.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057024/; classtype:trojan-activity;sid:83920124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056983)"; flow:established,from_client; content:"GET"; http_method; content:"/20772434815351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056983/; classtype:trojan-activity;sid:83920083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056984)"; flow:established,from_client; content:"GET"; http_method; content:"/5685636510042.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056984/; classtype:trojan-activity;sid:83920084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056985)"; flow:established,from_client; content:"GET"; http_method; content:"/225742142723127.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056985/; classtype:trojan-activity;sid:83920085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056986)"; flow:established,from_client; content:"GET"; http_method; content:"/1111263555411.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056986/; classtype:trojan-activity;sid:83920086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056987)"; flow:established,from_client; content:"GET"; http_method; content:"/134881886712041.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056987/; classtype:trojan-activity;sid:83920087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056988)"; flow:established,from_client; content:"GET"; http_method; content:"/293581802922445.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056988/; classtype:trojan-activity;sid:83920088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056989)"; flow:established,from_client; content:"GET"; http_method; content:"/23712160411586.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056989/; classtype:trojan-activity;sid:83920089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056990)"; flow:established,from_client; content:"GET"; http_method; content:"/5336150120480.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056990/; classtype:trojan-activity;sid:83920090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056991)"; flow:established,from_client; content:"GET"; http_method; content:"/161101029419095.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056991/; classtype:trojan-activity;sid:83920091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056992)"; flow:established,from_client; content:"GET"; http_method; content:"/16512111009916.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056992/; classtype:trojan-activity;sid:83920092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056993)"; flow:established,from_client; content:"GET"; http_method; content:"/13645730022686.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056993/; classtype:trojan-activity;sid:83920093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056994)"; flow:established,from_client; content:"GET"; http_method; content:"/16433258548766.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056994/; classtype:trojan-activity;sid:83920094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056995)"; flow:established,from_client; content:"GET"; http_method; content:"/7607213729806.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056995/; classtype:trojan-activity;sid:83920095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056996)"; flow:established,from_client; content:"GET"; http_method; content:"/185382785731260.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056996/; classtype:trojan-activity;sid:83920096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056997)"; flow:established,from_client; content:"GET"; http_method; content:"/19786138996700.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056997/; classtype:trojan-activity;sid:83920097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056998)"; flow:established,from_client; content:"GET"; http_method; content:"/28792574431684.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056998/; classtype:trojan-activity;sid:83920098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056999)"; flow:established,from_client; content:"GET"; http_method; content:"/133743007529826.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056999/; classtype:trojan-activity;sid:83920099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057000)"; flow:established,from_client; content:"GET"; http_method; content:"/21854102773609.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057000/; classtype:trojan-activity;sid:83920100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057001)"; flow:established,from_client; content:"GET"; http_method; content:"/22509121009108.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057001/; classtype:trojan-activity;sid:83920101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3057002)"; flow:established,from_client; content:"GET"; http_method; content:"/74612999010658.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3057002/; classtype:trojan-activity;sid:83920102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056963)"; flow:established,from_client; content:"GET"; http_method; content:"/25909643110239.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056963/; classtype:trojan-activity;sid:83920063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056964)"; flow:established,from_client; content:"GET"; http_method; content:"/238881753218283.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056964/; classtype:trojan-activity;sid:83920064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056965)"; flow:established,from_client; content:"GET"; http_method; content:"/186683159919091.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056965/; classtype:trojan-activity;sid:83920065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056966)"; flow:established,from_client; content:"GET"; http_method; content:"/85112116625809.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056966/; classtype:trojan-activity;sid:83920066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056967)"; flow:established,from_client; content:"GET"; http_method; content:"/154121319421467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056967/; classtype:trojan-activity;sid:83920067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056968)"; flow:established,from_client; content:"GET"; http_method; content:"/19786138996700.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056968/; classtype:trojan-activity;sid:83920068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056969)"; flow:established,from_client; content:"GET"; http_method; content:"/80311668531588.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056969/; classtype:trojan-activity;sid:83920069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056970)"; flow:established,from_client; content:"GET"; http_method; content:"/62693180814501.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056970/; classtype:trojan-activity;sid:83920070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056971)"; flow:established,from_client; content:"GET"; http_method; content:"/31852834330664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056971/; classtype:trojan-activity;sid:83920071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056972)"; flow:established,from_client; content:"GET"; http_method; content:"/134881886712041.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056972/; classtype:trojan-activity;sid:83920072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056973)"; flow:established,from_client; content:"GET"; http_method; content:"/14240320923345.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056973/; classtype:trojan-activity;sid:83920073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056974)"; flow:established,from_client; content:"GET"; http_method; content:"/2645972026200.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056974/; classtype:trojan-activity;sid:83920074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056975)"; flow:established,from_client; content:"GET"; http_method; content:"/11401304018275.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056975/; classtype:trojan-activity;sid:83920075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056976)"; flow:established,from_client; content:"GET"; http_method; content:"/80311668531588.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056976/; classtype:trojan-activity;sid:83920076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056977)"; flow:established,from_client; content:"GET"; http_method; content:"/16512111009916.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056977/; classtype:trojan-activity;sid:83920077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056978)"; flow:established,from_client; content:"GET"; http_method; content:"/62693180814501.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056978/; classtype:trojan-activity;sid:83920078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056979)"; flow:established,from_client; content:"GET"; http_method; content:"/162173226519808.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056979/; classtype:trojan-activity;sid:83920079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056980)"; flow:established,from_client; content:"GET"; http_method; content:"/28792574431684.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056980/; classtype:trojan-activity;sid:83920080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056981)"; flow:established,from_client; content:"GET"; http_method; content:"/85112116625809.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056981/; classtype:trojan-activity;sid:83920081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056982)"; flow:established,from_client; content:"GET"; http_method; content:"/7450468614233.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056982/; classtype:trojan-activity;sid:83920082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056941)"; flow:established,from_client; content:"GET"; http_method; content:"/134881886712041.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056941/; classtype:trojan-activity;sid:83920041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056942)"; flow:established,from_client; content:"GET"; http_method; content:"/126951871630094.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056942/; classtype:trojan-activity;sid:83920042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056943)"; flow:established,from_client; content:"GET"; http_method; content:"/234647089425.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056943/; classtype:trojan-activity;sid:83920043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056944)"; flow:established,from_client; content:"GET"; http_method; content:"/297331327429949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056944/; classtype:trojan-activity;sid:83920044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056945)"; flow:established,from_client; content:"GET"; http_method; content:"/2517831756038.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056945/; classtype:trojan-activity;sid:83920045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056946)"; flow:established,from_client; content:"GET"; http_method; content:"/209012524319550.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056946/; classtype:trojan-activity;sid:83920046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056947)"; flow:established,from_client; content:"GET"; http_method; content:"/16134278330185.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056947/; classtype:trojan-activity;sid:83920047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056948)"; flow:established,from_client; content:"GET"; http_method; content:"/14240320923345.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056948/; classtype:trojan-activity;sid:83920048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056949)"; flow:established,from_client; content:"GET"; http_method; content:"/282882462825858.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056949/; classtype:trojan-activity;sid:83920049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056950)"; flow:established,from_client; content:"GET"; http_method; content:"/74612999010658.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056950/; classtype:trojan-activity;sid:83920050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056951)"; flow:established,from_client; content:"GET"; http_method; content:"/5685636510042.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056951/; classtype:trojan-activity;sid:83920051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056952)"; flow:established,from_client; content:"GET"; http_method; content:"/26203177426594.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056952/; classtype:trojan-activity;sid:83920052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056953)"; flow:established,from_client; content:"GET"; http_method; content:"/179732851022052.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056953/; classtype:trojan-activity;sid:83920053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056954)"; flow:established,from_client; content:"GET"; http_method; content:"/7285986021605.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056954/; classtype:trojan-activity;sid:83920054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056955)"; flow:established,from_client; content:"GET"; http_method; content:"/2517831756038.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056955/; classtype:trojan-activity;sid:83920055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056956)"; flow:established,from_client; content:"GET"; http_method; content:"/10021225958516.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056956/; classtype:trojan-activity;sid:83920056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056957)"; flow:established,from_client; content:"GET"; http_method; content:"/47141987620729.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056957/; classtype:trojan-activity;sid:83920057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056958)"; flow:established,from_client; content:"GET"; http_method; content:"/5685636510042.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056958/; classtype:trojan-activity;sid:83920058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056959)"; flow:established,from_client; content:"GET"; http_method; content:"/30742057426029.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056959/; classtype:trojan-activity;sid:83920059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056960)"; flow:established,from_client; content:"GET"; http_method; content:"/721256141486.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056960/; classtype:trojan-activity;sid:83920060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056961)"; flow:established,from_client; content:"GET"; http_method; content:"/219162541119066.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056961/; classtype:trojan-activity;sid:83920061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056962)"; flow:established,from_client; content:"GET"; http_method; content:"/13505279848351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056962/; classtype:trojan-activity;sid:83920062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056917)"; flow:established,from_client; content:"GET"; http_method; content:"/6254308077500.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056917/; classtype:trojan-activity;sid:83920017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056918)"; flow:established,from_client; content:"GET"; http_method; content:"/221176234056.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056918/; classtype:trojan-activity;sid:83920018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056919)"; flow:established,from_client; content:"GET"; http_method; content:"/275602608018447.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056919/; classtype:trojan-activity;sid:83920019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056920)"; flow:established,from_client; content:"GET"; http_method; content:"/74612999010658.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056920/; classtype:trojan-activity;sid:83920020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056921)"; flow:established,from_client; content:"GET"; http_method; content:"/2645972026200.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056921/; classtype:trojan-activity;sid:83920021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056922)"; flow:established,from_client; content:"GET"; http_method; content:"/21218949518664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056922/; classtype:trojan-activity;sid:83920022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056923)"; flow:established,from_client; content:"GET"; http_method; content:"/30742057426029.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056923/; classtype:trojan-activity;sid:83920023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056924)"; flow:established,from_client; content:"GET"; http_method; content:"/3418233547651.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056924/; classtype:trojan-activity;sid:83920024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056925)"; flow:established,from_client; content:"GET"; http_method; content:"/126402128422578.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056925/; classtype:trojan-activity;sid:83920025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056926)"; flow:established,from_client; content:"GET"; http_method; content:"/294231561923485.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056926/; classtype:trojan-activity;sid:83920026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056927)"; flow:established,from_client; content:"GET"; http_method; content:"/275602608018447.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056927/; classtype:trojan-activity;sid:83920027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056928)"; flow:established,from_client; content:"GET"; http_method; content:"/20772434815351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056928/; classtype:trojan-activity;sid:83920028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056929)"; flow:established,from_client; content:"GET"; http_method; content:"/17777753213985.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056929/; classtype:trojan-activity;sid:83920029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056930)"; flow:established,from_client; content:"GET"; http_method; content:"/14217940225195.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056930/; classtype:trojan-activity;sid:83920030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056931)"; flow:established,from_client; content:"GET"; http_method; content:"/2799097265884.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056931/; classtype:trojan-activity;sid:83920031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056932)"; flow:established,from_client; content:"GET"; http_method; content:"/221176234056.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056932/; classtype:trojan-activity;sid:83920032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056933)"; flow:established,from_client; content:"GET"; http_method; content:"/259802001812467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056933/; classtype:trojan-activity;sid:83920033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056934)"; flow:established,from_client; content:"GET"; http_method; content:"/2799097265884.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056934/; classtype:trojan-activity;sid:83920034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056935)"; flow:established,from_client; content:"GET"; http_method; content:"/13505279848351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056935/; classtype:trojan-activity;sid:83920035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056936)"; flow:established,from_client; content:"GET"; http_method; content:"/163412250512119.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056936/; classtype:trojan-activity;sid:83920036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056937)"; flow:established,from_client; content:"GET"; http_method; content:"/295711304116423.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056937/; classtype:trojan-activity;sid:83920037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056938)"; flow:established,from_client; content:"GET"; http_method; content:"/1905070293923.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056938/; classtype:trojan-activity;sid:83920038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056939)"; flow:established,from_client; content:"GET"; http_method; content:"/85112116625809.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056939/; classtype:trojan-activity;sid:83920039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056940)"; flow:established,from_client; content:"GET"; http_method; content:"/7450468614233.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056940/; classtype:trojan-activity;sid:83920040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056896)"; flow:established,from_client; content:"GET"; http_method; content:"/161101029419095.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056896/; classtype:trojan-activity;sid:83919996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056897)"; flow:established,from_client; content:"GET"; http_method; content:"/25028894717122.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056897/; classtype:trojan-activity;sid:83919997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056898)"; flow:established,from_client; content:"GET"; http_method; content:"/13645730022686.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056898/; classtype:trojan-activity;sid:83919998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056899)"; flow:established,from_client; content:"GET"; http_method; content:"/2939869728525.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056899/; classtype:trojan-activity;sid:83919999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056900)"; flow:established,from_client; content:"GET"; http_method; content:"/162312656229872.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056900/; classtype:trojan-activity;sid:83920000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056901)"; flow:established,from_client; content:"GET"; http_method; content:"/5336150120480.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056901/; classtype:trojan-activity;sid:83920001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056902)"; flow:established,from_client; content:"GET"; http_method; content:"/13645730022686.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056902/; classtype:trojan-activity;sid:83920002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056903)"; flow:established,from_client; content:"GET"; http_method; content:"/95541017927181.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056903/; classtype:trojan-activity;sid:83920003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056904)"; flow:established,from_client; content:"GET"; http_method; content:"/47312627127348.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056904/; classtype:trojan-activity;sid:83920004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056905)"; flow:established,from_client; content:"GET"; http_method; content:"/154121319421467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056905/; classtype:trojan-activity;sid:83920005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056906)"; flow:established,from_client; content:"GET"; http_method; content:"/23712160411586.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056906/; classtype:trojan-activity;sid:83920006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056907)"; flow:established,from_client; content:"GET"; http_method; content:"/113883084112122.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056907/; classtype:trojan-activity;sid:83920007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056908)"; flow:established,from_client; content:"GET"; http_method; content:"/275602608018447.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056908/; classtype:trojan-activity;sid:83920008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056909)"; flow:established,from_client; content:"GET"; http_method; content:"/47141987620729.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056909/; classtype:trojan-activity;sid:83920009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056910)"; flow:established,from_client; content:"GET"; http_method; content:"/11401304018275.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056910/; classtype:trojan-activity;sid:83920010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056911)"; flow:established,from_client; content:"GET"; http_method; content:"/25028894717122.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056911/; classtype:trojan-activity;sid:83920011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056912)"; flow:established,from_client; content:"GET"; http_method; content:"/6840784313807.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056912/; classtype:trojan-activity;sid:83920012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056913)"; flow:established,from_client; content:"GET"; http_method; content:"/240702223723210.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056913/; classtype:trojan-activity;sid:83920013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056914)"; flow:established,from_client; content:"GET"; http_method; content:"/6254308077500.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056914/; classtype:trojan-activity;sid:83920014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056915)"; flow:established,from_client; content:"GET"; http_method; content:"/16433258548766.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056915/; classtype:trojan-activity;sid:83920015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056916)"; flow:established,from_client; content:"GET"; http_method; content:"/904513631560.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056916/; classtype:trojan-activity;sid:83920016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056877)"; flow:established,from_client; content:"GET"; http_method; content:"/30742057426029.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056877/; classtype:trojan-activity;sid:83919977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056878)"; flow:established,from_client; content:"GET"; http_method; content:"/14045293869401.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056878/; classtype:trojan-activity;sid:83919978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056879)"; flow:established,from_client; content:"GET"; http_method; content:"/23712160411586.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056879/; classtype:trojan-activity;sid:83919979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056880)"; flow:established,from_client; content:"GET"; http_method; content:"/28792574431684.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056880/; classtype:trojan-activity;sid:83919980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056881)"; flow:established,from_client; content:"GET"; http_method; content:"/7450468614233.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056881/; classtype:trojan-activity;sid:83919981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056882)"; flow:established,from_client; content:"GET"; http_method; content:"/28792574431684.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056882/; classtype:trojan-activity;sid:83919982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056883)"; flow:established,from_client; content:"GET"; http_method; content:"/9106210789637.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056883/; classtype:trojan-activity;sid:83919983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056884)"; flow:established,from_client; content:"GET"; http_method; content:"/295711304116423.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056884/; classtype:trojan-activity;sid:83919984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056885)"; flow:established,from_client; content:"GET"; http_method; content:"/6840784313807.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056885/; classtype:trojan-activity;sid:83919985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056886)"; flow:established,from_client; content:"GET"; http_method; content:"/6691249755586.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056886/; classtype:trojan-activity;sid:83919986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056887)"; flow:established,from_client; content:"GET"; http_method; content:"/1111263555411.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056887/; classtype:trojan-activity;sid:83919987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056888)"; flow:established,from_client; content:"GET"; http_method; content:"/194642919326010.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056888/; classtype:trojan-activity;sid:83919988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056889)"; flow:established,from_client; content:"GET"; http_method; content:"/6691249755586.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056889/; classtype:trojan-activity;sid:83919989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056890)"; flow:established,from_client; content:"GET"; http_method; content:"/209012524319550.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056890/; classtype:trojan-activity;sid:83919990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056891)"; flow:established,from_client; content:"GET"; http_method; content:"/95491831519039.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056891/; classtype:trojan-activity;sid:83919991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056892)"; flow:established,from_client; content:"GET"; http_method; content:"/219162541119066.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056892/; classtype:trojan-activity;sid:83919992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056893)"; flow:established,from_client; content:"GET"; http_method; content:"/221176234056.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056893/; classtype:trojan-activity;sid:83919993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056894)"; flow:established,from_client; content:"GET"; http_method; content:"/3572246549187.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056894/; classtype:trojan-activity;sid:83919994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056895)"; flow:established,from_client; content:"GET"; http_method; content:"/48121709111246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056895/; classtype:trojan-activity;sid:83919995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056852)"; flow:established,from_client; content:"GET"; http_method; content:"/202811428928372.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056852/; classtype:trojan-activity;sid:83919952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056853)"; flow:established,from_client; content:"GET"; http_method; content:"/9074271717066.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056853/; classtype:trojan-activity;sid:83919953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056854)"; flow:established,from_client; content:"GET"; http_method; content:"/2645972026200.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056854/; classtype:trojan-activity;sid:83919954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056855)"; flow:established,from_client; content:"GET"; http_method; content:"/3572246549187.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056855/; classtype:trojan-activity;sid:83919955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056856)"; flow:established,from_client; content:"GET"; http_method; content:"/133743007529826.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056856/; classtype:trojan-activity;sid:83919956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056857)"; flow:established,from_client; content:"GET"; http_method; content:"/134881886712041.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056857/; classtype:trojan-activity;sid:83919957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056858)"; flow:established,from_client; content:"GET"; http_method; content:"/219162541119066.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056858/; classtype:trojan-activity;sid:83919958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056859)"; flow:established,from_client; content:"GET"; http_method; content:"/14045293869401.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056859/; classtype:trojan-activity;sid:83919959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056860)"; flow:established,from_client; content:"GET"; http_method; content:"/13505279848351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056860/; classtype:trojan-activity;sid:83919960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056861)"; flow:established,from_client; content:"GET"; http_method; content:"/48111999325022.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056861/; classtype:trojan-activity;sid:83919961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056862)"; flow:established,from_client; content:"GET"; http_method; content:"/10021225958516.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056862/; classtype:trojan-activity;sid:83919962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056863)"; flow:established,from_client; content:"GET"; http_method; content:"/179732851022052.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056863/; classtype:trojan-activity;sid:83919963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056864)"; flow:established,from_client; content:"GET"; http_method; content:"/25035723513366.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056864/; classtype:trojan-activity;sid:83919964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056865)"; flow:established,from_client; content:"GET"; http_method; content:"/23712160411586.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056865/; classtype:trojan-activity;sid:83919965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056866)"; flow:established,from_client; content:"GET"; http_method; content:"/62693180814501.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056866/; classtype:trojan-activity;sid:83919966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056867)"; flow:established,from_client; content:"GET"; http_method; content:"/28792574431684.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056867/; classtype:trojan-activity;sid:83919967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056868)"; flow:established,from_client; content:"GET"; http_method; content:"/20831255771415.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056868/; classtype:trojan-activity;sid:83919968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056869)"; flow:established,from_client; content:"GET"; http_method; content:"/95491831519039.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056869/; classtype:trojan-activity;sid:83919969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056870)"; flow:established,from_client; content:"GET"; http_method; content:"/7285986021605.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056870/; classtype:trojan-activity;sid:83919970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056871)"; flow:established,from_client; content:"GET"; http_method; content:"/133743007529826.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056871/; classtype:trojan-activity;sid:83919971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056872)"; flow:established,from_client; content:"GET"; http_method; content:"/238881753218283.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056872/; classtype:trojan-activity;sid:83919972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056873)"; flow:established,from_client; content:"GET"; http_method; content:"/74612999010658.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056873/; classtype:trojan-activity;sid:83919973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056874)"; flow:established,from_client; content:"GET"; http_method; content:"/185382785731260.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056874/; classtype:trojan-activity;sid:83919974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056875)"; flow:established,from_client; content:"GET"; http_method; content:"/21854102773609.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056875/; classtype:trojan-activity;sid:83919975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056876)"; flow:established,from_client; content:"GET"; http_method; content:"/9753910413140.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056876/; classtype:trojan-activity;sid:83919976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056837)"; flow:established,from_client; content:"GET"; http_method; content:"/16134278330185.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056837/; classtype:trojan-activity;sid:83919937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056838)"; flow:established,from_client; content:"GET"; http_method; content:"/26203177426594.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056838/; classtype:trojan-activity;sid:83919938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056839)"; flow:established,from_client; content:"GET"; http_method; content:"/9753910413140.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056839/; classtype:trojan-activity;sid:83919939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056840)"; flow:established,from_client; content:"GET"; http_method; content:"/294231561923485.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056840/; classtype:trojan-activity;sid:83919940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056841)"; flow:established,from_client; content:"GET"; http_method; content:"/16512111009916.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056841/; classtype:trojan-activity;sid:83919941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056842)"; flow:established,from_client; content:"GET"; http_method; content:"/22509121009108.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056842/; classtype:trojan-activity;sid:83919942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056843)"; flow:established,from_client; content:"GET"; http_method; content:"/25909643110239.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056843/; classtype:trojan-activity;sid:83919943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056844)"; flow:established,from_client; content:"GET"; http_method; content:"/2433346094121.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056844/; classtype:trojan-activity;sid:83919944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056845)"; flow:established,from_client; content:"GET"; http_method; content:"/26203177426594.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056845/; classtype:trojan-activity;sid:83919945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056846)"; flow:established,from_client; content:"GET"; http_method; content:"/297331327429949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056846/; classtype:trojan-activity;sid:83919946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056847)"; flow:established,from_client; content:"GET"; http_method; content:"/74612999010658.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056847/; classtype:trojan-activity;sid:83919947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056848)"; flow:established,from_client; content:"GET"; http_method; content:"/17283221221217.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056848/; classtype:trojan-activity;sid:83919948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056849)"; flow:established,from_client; content:"GET"; http_method; content:"/721256141486.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056849/; classtype:trojan-activity;sid:83919949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056850)"; flow:established,from_client; content:"GET"; http_method; content:"/134881886712041.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056850/; classtype:trojan-activity;sid:83919950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056851)"; flow:established,from_client; content:"GET"; http_method; content:"/47312627127348.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056851/; classtype:trojan-activity;sid:83919951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056808)"; flow:established,from_client; content:"GET"; http_method; content:"/31852834330664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056808/; classtype:trojan-activity;sid:83919908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056809)"; flow:established,from_client; content:"GET"; http_method; content:"/25909643110239.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056809/; classtype:trojan-activity;sid:83919909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056810)"; flow:established,from_client; content:"GET"; http_method; content:"/293581802922445.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056810/; classtype:trojan-activity;sid:83919910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056811)"; flow:established,from_client; content:"GET"; http_method; content:"/19786138996700.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056811/; classtype:trojan-activity;sid:83919911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056812)"; flow:established,from_client; content:"GET"; http_method; content:"/1905070293923.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056812/; classtype:trojan-activity;sid:83919912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056813)"; flow:established,from_client; content:"GET"; http_method; content:"/126402128422578.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056813/; classtype:trojan-activity;sid:83919913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056814)"; flow:established,from_client; content:"GET"; http_method; content:"/26205218665271.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056814/; classtype:trojan-activity;sid:83919914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056815)"; flow:established,from_client; content:"GET"; http_method; content:"/80311668531588.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056815/; classtype:trojan-activity;sid:83919915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056816)"; flow:established,from_client; content:"GET"; http_method; content:"/7285986021605.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056816/; classtype:trojan-activity;sid:83919916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056817)"; flow:established,from_client; content:"GET"; http_method; content:"/20831255771415.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056817/; classtype:trojan-activity;sid:83919917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056818)"; flow:established,from_client; content:"GET"; http_method; content:"/25909643110239.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056818/; classtype:trojan-activity;sid:83919918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056819)"; flow:established,from_client; content:"GET"; http_method; content:"/86781133818144.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056819/; classtype:trojan-activity;sid:83919919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056820)"; flow:established,from_client; content:"GET"; http_method; content:"/21854102773609.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056820/; classtype:trojan-activity;sid:83919920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056821)"; flow:established,from_client; content:"GET"; http_method; content:"/28792574431684.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056821/; classtype:trojan-activity;sid:83919921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056822)"; flow:established,from_client; content:"GET"; http_method; content:"/13505279848351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056822/; classtype:trojan-activity;sid:83919922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056823)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.92.240.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056823/; classtype:trojan-activity;sid:83919923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056824)"; flow:established,from_client; content:"GET"; http_method; content:"/4942163781639.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056824/; classtype:trojan-activity;sid:83919924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056825)"; flow:established,from_client; content:"GET"; http_method; content:"/7285986021605.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056825/; classtype:trojan-activity;sid:83919925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056826)"; flow:established,from_client; content:"GET"; http_method; content:"/289341765223497.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056826/; classtype:trojan-activity;sid:83919926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056827)"; flow:established,from_client; content:"GET"; http_method; content:"/19786138996700.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056827/; classtype:trojan-activity;sid:83919927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056828)"; flow:established,from_client; content:"GET"; http_method; content:"/47141987620729.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056828/; classtype:trojan-activity;sid:83919928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056829)"; flow:established,from_client; content:"GET"; http_method; content:"/70133027720297.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056829/; classtype:trojan-activity;sid:83919929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056830)"; flow:established,from_client; content:"GET"; http_method; content:"/161101029419095.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056830/; classtype:trojan-activity;sid:83919930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056831)"; flow:established,from_client; content:"GET"; http_method; content:"/275602608018447.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056831/; classtype:trojan-activity;sid:83919931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056832)"; flow:established,from_client; content:"GET"; http_method; content:"/194642919326010.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056832/; classtype:trojan-activity;sid:83919932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056833)"; flow:established,from_client; content:"GET"; http_method; content:"/21209181316742.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056833/; classtype:trojan-activity;sid:83919933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056834)"; flow:established,from_client; content:"GET"; http_method; content:"/133743007529826.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056834/; classtype:trojan-activity;sid:83919934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056835)"; flow:established,from_client; content:"GET"; http_method; content:"/219162541119066.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056835/; classtype:trojan-activity;sid:83919935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056836)"; flow:established,from_client; content:"GET"; http_method; content:"/209012524319550.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056836/; classtype:trojan-activity;sid:83919936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056783)"; flow:established,from_client; content:"GET"; http_method; content:"/13645730022686.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056783/; classtype:trojan-activity;sid:83919883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056784)"; flow:established,from_client; content:"GET"; http_method; content:"/162173226519808.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056784/; classtype:trojan-activity;sid:83919884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056785)"; flow:established,from_client; content:"GET"; http_method; content:"/2799097265884.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056785/; classtype:trojan-activity;sid:83919885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056786)"; flow:established,from_client; content:"GET"; http_method; content:"/295711304116423.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056786/; classtype:trojan-activity;sid:83919886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056787)"; flow:established,from_client; content:"GET"; http_method; content:"/25909643110239.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056787/; classtype:trojan-activity;sid:83919887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056788)"; flow:established,from_client; content:"GET"; http_method; content:"/208202596920014.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056788/; classtype:trojan-activity;sid:83919888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056789)"; flow:established,from_client; content:"GET"; http_method; content:"/163412250512119.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056789/; classtype:trojan-activity;sid:83919889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056790)"; flow:established,from_client; content:"GET"; http_method; content:"/13645730022686.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056790/; classtype:trojan-activity;sid:83919890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056791)"; flow:established,from_client; content:"GET"; http_method; content:"/22509121009108.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056791/; classtype:trojan-activity;sid:83919891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056792)"; flow:established,from_client; content:"GET"; http_method; content:"/17777753213985.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056792/; classtype:trojan-activity;sid:83919892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056793)"; flow:established,from_client; content:"GET"; http_method; content:"/2799097265884.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056793/; classtype:trojan-activity;sid:83919893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056794)"; flow:established,from_client; content:"GET"; http_method; content:"/47141987620729.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056794/; classtype:trojan-activity;sid:83919894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056795)"; flow:established,from_client; content:"GET"; http_method; content:"/259802001812467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056795/; classtype:trojan-activity;sid:83919895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056796)"; flow:established,from_client; content:"GET"; http_method; content:"/6691249755586.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056796/; classtype:trojan-activity;sid:83919896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056797)"; flow:established,from_client; content:"GET"; http_method; content:"/162312656229872.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056797/; classtype:trojan-activity;sid:83919897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056798)"; flow:established,from_client; content:"GET"; http_method; content:"/21209181316742.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056798/; classtype:trojan-activity;sid:83919898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056799)"; flow:established,from_client; content:"GET"; http_method; content:"/14217940225195.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056799/; classtype:trojan-activity;sid:83919899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056800)"; flow:established,from_client; content:"GET"; http_method; content:"/7450468614233.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056800/; classtype:trojan-activity;sid:83919900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056801)"; flow:established,from_client; content:"GET"; http_method; content:"/295711304116423.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056801/; classtype:trojan-activity;sid:83919901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056802)"; flow:established,from_client; content:"GET"; http_method; content:"/219952090612375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056802/; classtype:trojan-activity;sid:83919902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056803)"; flow:established,from_client; content:"GET"; http_method; content:"/163412250512119.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056803/; classtype:trojan-activity;sid:83919903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056804)"; flow:established,from_client; content:"GET"; http_method; content:"/140471797424079.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056804/; classtype:trojan-activity;sid:83919904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056805)"; flow:established,from_client; content:"GET"; http_method; content:"/27732302912131.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056805/; classtype:trojan-activity;sid:83919905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056806)"; flow:established,from_client; content:"GET"; http_method; content:"/14240320923345.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056806/; classtype:trojan-activity;sid:83919906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056807)"; flow:established,from_client; content:"GET"; http_method; content:"/221176234056.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056807/; classtype:trojan-activity;sid:83919907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056763)"; flow:established,from_client; content:"GET"; http_method; content:"/289341765223497.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056763/; classtype:trojan-activity;sid:83919863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056764)"; flow:established,from_client; content:"GET"; http_method; content:"/186683159919091.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056764/; classtype:trojan-activity;sid:83919864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056765)"; flow:established,from_client; content:"GET"; http_method; content:"/5685636510042.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056765/; classtype:trojan-activity;sid:83919865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056766)"; flow:established,from_client; content:"GET"; http_method; content:"/289341765223497.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056766/; classtype:trojan-activity;sid:83919866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056767)"; flow:established,from_client; content:"GET"; http_method; content:"/721256141486.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056767/; classtype:trojan-activity;sid:83919867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056768)"; flow:established,from_client; content:"GET"; http_method; content:"/186683159919091.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056768/; classtype:trojan-activity;sid:83919868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056769)"; flow:established,from_client; content:"GET"; http_method; content:"/202811428928372.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056769/; classtype:trojan-activity;sid:83919869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056770)"; flow:established,from_client; content:"GET"; http_method; content:"/2517831756038.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056770/; classtype:trojan-activity;sid:83919870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056771)"; flow:established,from_client; content:"GET"; http_method; content:"/9074271717066.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056771/; classtype:trojan-activity;sid:83919871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056772)"; flow:established,from_client; content:"GET"; http_method; content:"/14217940225195.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056772/; classtype:trojan-activity;sid:83919872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056773)"; flow:established,from_client; content:"GET"; http_method; content:"/721256141486.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056773/; classtype:trojan-activity;sid:83919873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056774)"; flow:established,from_client; content:"GET"; http_method; content:"/13228279724004.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056774/; classtype:trojan-activity;sid:83919874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056775)"; flow:established,from_client; content:"GET"; http_method; content:"/9106210789637.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056775/; classtype:trojan-activity;sid:83919875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056776)"; flow:established,from_client; content:"GET"; http_method; content:"/275602608018447.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056776/; classtype:trojan-activity;sid:83919876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056777)"; flow:established,from_client; content:"GET"; http_method; content:"/5685636510042.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056777/; classtype:trojan-activity;sid:83919877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056778)"; flow:established,from_client; content:"GET"; http_method; content:"/282882462825858.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056778/; classtype:trojan-activity;sid:83919878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056779)"; flow:established,from_client; content:"GET"; http_method; content:"/186683159919091.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056779/; classtype:trojan-activity;sid:83919879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056780)"; flow:established,from_client; content:"GET"; http_method; content:"/113883084112122.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056780/; classtype:trojan-activity;sid:83919880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056781)"; flow:established,from_client; content:"GET"; http_method; content:"/14045293869401.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056781/; classtype:trojan-activity;sid:83919881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056782)"; flow:established,from_client; content:"GET"; http_method; content:"/2230877325584.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056782/; classtype:trojan-activity;sid:83919882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056743)"; flow:established,from_client; content:"GET"; http_method; content:"/6840784313807.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056743/; classtype:trojan-activity;sid:83919843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056744)"; flow:established,from_client; content:"GET"; http_method; content:"/85112116625809.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056744/; classtype:trojan-activity;sid:83919844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056745)"; flow:established,from_client; content:"GET"; http_method; content:"/85112116625809.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056745/; classtype:trojan-activity;sid:83919845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056746)"; flow:established,from_client; content:"GET"; http_method; content:"/258321656031949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056746/; classtype:trojan-activity;sid:83919846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056747)"; flow:established,from_client; content:"GET"; http_method; content:"/162312656229872.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056747/; classtype:trojan-activity;sid:83919847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056748)"; flow:established,from_client; content:"GET"; http_method; content:"/134881886712041.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056748/; classtype:trojan-activity;sid:83919848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056749)"; flow:established,from_client; content:"GET"; http_method; content:"/2517831756038.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056749/; classtype:trojan-activity;sid:83919849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056750)"; flow:established,from_client; content:"GET"; http_method; content:"/259802001812467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056750/; classtype:trojan-activity;sid:83919850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056751)"; flow:established,from_client; content:"GET"; http_method; content:"/17959616912130.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056751/; classtype:trojan-activity;sid:83919851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056752)"; flow:established,from_client; content:"GET"; http_method; content:"/13505279848351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056752/; classtype:trojan-activity;sid:83919852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056753)"; flow:established,from_client; content:"GET"; http_method; content:"/9106210789637.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056753/; classtype:trojan-activity;sid:83919853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056754)"; flow:established,from_client; content:"GET"; http_method; content:"/239382109316501.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056754/; classtype:trojan-activity;sid:83919854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056755)"; flow:established,from_client; content:"GET"; http_method; content:"/47141987620729.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056755/; classtype:trojan-activity;sid:83919855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056756)"; flow:established,from_client; content:"GET"; http_method; content:"/31852834330664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056756/; classtype:trojan-activity;sid:83919856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056757)"; flow:established,from_client; content:"GET"; http_method; content:"/86781133818144.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056757/; classtype:trojan-activity;sid:83919857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056758)"; flow:established,from_client; content:"GET"; http_method; content:"/11401304018275.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056758/; classtype:trojan-activity;sid:83919858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056759)"; flow:established,from_client; content:"GET"; http_method; content:"/235132567015030.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056759/; classtype:trojan-activity;sid:83919859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056760)"; flow:established,from_client; content:"GET"; http_method; content:"/234647089425.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056760/; classtype:trojan-activity;sid:83919860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056761)"; flow:established,from_client; content:"GET"; http_method; content:"/126402128422578.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056761/; classtype:trojan-activity;sid:83919861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056762)"; flow:established,from_client; content:"GET"; http_method; content:"/289341765223497.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056762/; classtype:trojan-activity;sid:83919862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056718)"; flow:established,from_client; content:"GET"; http_method; content:"/10021225958516.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056718/; classtype:trojan-activity;sid:83919818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056719)"; flow:established,from_client; content:"GET"; http_method; content:"/22509121009108.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056719/; classtype:trojan-activity;sid:83919819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056720)"; flow:established,from_client; content:"GET"; http_method; content:"/160551844320505.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056720/; classtype:trojan-activity;sid:83919820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056721)"; flow:established,from_client; content:"GET"; http_method; content:"/320611076628622.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056721/; classtype:trojan-activity;sid:83919821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056722)"; flow:established,from_client; content:"GET"; http_method; content:"/2433346094121.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056722/; classtype:trojan-activity;sid:83919822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056723)"; flow:established,from_client; content:"GET"; http_method; content:"/85112116625809.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056723/; classtype:trojan-activity;sid:83919823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056724)"; flow:established,from_client; content:"GET"; http_method; content:"/16433258548766.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056724/; classtype:trojan-activity;sid:83919824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056725)"; flow:established,from_client; content:"GET"; http_method; content:"/294231561923485.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056725/; classtype:trojan-activity;sid:83919825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056726)"; flow:established,from_client; content:"GET"; http_method; content:"/140471797424079.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056726/; classtype:trojan-activity;sid:83919826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056727)"; flow:established,from_client; content:"GET"; http_method; content:"/20831255771415.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056727/; classtype:trojan-activity;sid:83919827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056728)"; flow:established,from_client; content:"GET"; http_method; content:"/225742142723127.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056728/; classtype:trojan-activity;sid:83919828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056729)"; flow:established,from_client; content:"GET"; http_method; content:"/186711723522606.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056729/; classtype:trojan-activity;sid:83919829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056730)"; flow:established,from_client; content:"GET"; http_method; content:"/133743007529826.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056730/; classtype:trojan-activity;sid:83919830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056731)"; flow:established,from_client; content:"GET"; http_method; content:"/293453925026.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056731/; classtype:trojan-activity;sid:83919831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056732)"; flow:established,from_client; content:"GET"; http_method; content:"/186711723522606.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056732/; classtype:trojan-activity;sid:83919832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056733)"; flow:established,from_client; content:"GET"; http_method; content:"/179732851022052.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056733/; classtype:trojan-activity;sid:83919833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056734)"; flow:established,from_client; content:"GET"; http_method; content:"/9106210789637.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056734/; classtype:trojan-activity;sid:83919834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056735)"; flow:established,from_client; content:"GET"; http_method; content:"/134881886712041.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056735/; classtype:trojan-activity;sid:83919835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056736)"; flow:established,from_client; content:"GET"; http_method; content:"/162312656229872.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056736/; classtype:trojan-activity;sid:83919836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056737)"; flow:established,from_client; content:"GET"; http_method; content:"/16134278330185.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056737/; classtype:trojan-activity;sid:83919837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056738)"; flow:established,from_client; content:"GET"; http_method; content:"/7285986021605.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056738/; classtype:trojan-activity;sid:83919838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056739)"; flow:established,from_client; content:"GET"; http_method; content:"/14240320923345.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056739/; classtype:trojan-activity;sid:83919839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056740)"; flow:established,from_client; content:"GET"; http_method; content:"/47141987620729.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056740/; classtype:trojan-activity;sid:83919840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056741)"; flow:established,from_client; content:"GET"; http_method; content:"/23712160411586.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056741/; classtype:trojan-activity;sid:83919841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056742)"; flow:established,from_client; content:"GET"; http_method; content:"/141626646422.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056742/; classtype:trojan-activity;sid:83919842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056702)"; flow:established,from_client; content:"GET"; http_method; content:"/25035723513366.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056702/; classtype:trojan-activity;sid:83919802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056703)"; flow:established,from_client; content:"GET"; http_method; content:"/10021225958516.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056703/; classtype:trojan-activity;sid:83919803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056704)"; flow:established,from_client; content:"GET"; http_method; content:"/16433258548766.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056704/; classtype:trojan-activity;sid:83919804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056705)"; flow:established,from_client; content:"GET"; http_method; content:"/25028894717122.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056705/; classtype:trojan-activity;sid:83919805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056706)"; flow:established,from_client; content:"GET"; http_method; content:"/320611076628622.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056706/; classtype:trojan-activity;sid:83919806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056707)"; flow:established,from_client; content:"GET"; http_method; content:"/295711304116423.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056707/; classtype:trojan-activity;sid:83919807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056708)"; flow:established,from_client; content:"GET"; http_method; content:"/234647089425.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056708/; classtype:trojan-activity;sid:83919808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056709)"; flow:established,from_client; content:"GET"; http_method; content:"/20831255771415.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056709/; classtype:trojan-activity;sid:83919809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056710)"; flow:established,from_client; content:"GET"; http_method; content:"/133743007529826.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056710/; classtype:trojan-activity;sid:83919810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056711)"; flow:established,from_client; content:"GET"; http_method; content:"/2645972026200.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056711/; classtype:trojan-activity;sid:83919811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056712)"; flow:established,from_client; content:"GET"; http_method; content:"/293581802922445.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056712/; classtype:trojan-activity;sid:83919812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056713)"; flow:established,from_client; content:"GET"; http_method; content:"/289341765223497.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056713/; classtype:trojan-activity;sid:83919813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056714)"; flow:established,from_client; content:"GET"; http_method; content:"/14217940225195.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056714/; classtype:trojan-activity;sid:83919814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056715)"; flow:established,from_client; content:"GET"; http_method; content:"/5685636510042.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056715/; classtype:trojan-activity;sid:83919815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056716)"; flow:established,from_client; content:"GET"; http_method; content:"/7285986021605.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056716/; classtype:trojan-activity;sid:83919816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056717)"; flow:established,from_client; content:"GET"; http_method; content:"/1871393130833.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056717/; classtype:trojan-activity;sid:83919817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056677)"; flow:established,from_client; content:"GET"; http_method; content:"/1871393130833.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056677/; classtype:trojan-activity;sid:83919777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056678)"; flow:established,from_client; content:"GET"; http_method; content:"/17959616912130.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056678/; classtype:trojan-activity;sid:83919778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056679)"; flow:established,from_client; content:"GET"; http_method; content:"/225742142723127.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056679/; classtype:trojan-activity;sid:83919779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056680)"; flow:established,from_client; content:"GET"; http_method; content:"/219162541119066.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056680/; classtype:trojan-activity;sid:83919780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056681)"; flow:established,from_client; content:"GET"; http_method; content:"/235132567015030.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056681/; classtype:trojan-activity;sid:83919781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056682)"; flow:established,from_client; content:"GET"; http_method; content:"/1905070293923.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056682/; classtype:trojan-activity;sid:83919782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056683)"; flow:established,from_client; content:"GET"; http_method; content:"/159642403518699.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056683/; classtype:trojan-activity;sid:83919783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056684)"; flow:established,from_client; content:"GET"; http_method; content:"/122302714028311.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056684/; classtype:trojan-activity;sid:83919784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056685)"; flow:established,from_client; content:"GET"; http_method; content:"/126951871630094.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056685/; classtype:trojan-activity;sid:83919785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056686)"; flow:established,from_client; content:"GET"; http_method; content:"/26205218665271.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056686/; classtype:trojan-activity;sid:83919786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056687)"; flow:established,from_client; content:"GET"; http_method; content:"/16512111009916.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056687/; classtype:trojan-activity;sid:83919787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056688)"; flow:established,from_client; content:"GET"; http_method; content:"/10021225958516.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056688/; classtype:trojan-activity;sid:83919788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056689)"; flow:established,from_client; content:"GET"; http_method; content:"/8623717231350.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056689/; classtype:trojan-activity;sid:83919789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056690)"; flow:established,from_client; content:"GET"; http_method; content:"/14240320923345.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056690/; classtype:trojan-activity;sid:83919790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056691)"; flow:established,from_client; content:"GET"; http_method; content:"/161101029419095.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056691/; classtype:trojan-activity;sid:83919791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056692)"; flow:established,from_client; content:"GET"; http_method; content:"/122302714028311.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056692/; classtype:trojan-activity;sid:83919792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056693)"; flow:established,from_client; content:"GET"; http_method; content:"/235132567015030.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056693/; classtype:trojan-activity;sid:83919793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056694)"; flow:established,from_client; content:"GET"; http_method; content:"/141626646422.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056694/; classtype:trojan-activity;sid:83919794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056695)"; flow:established,from_client; content:"GET"; http_method; content:"/70133027720297.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056695/; classtype:trojan-activity;sid:83919795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056696)"; flow:established,from_client; content:"GET"; http_method; content:"/48111999325022.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056696/; classtype:trojan-activity;sid:83919796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056697)"; flow:established,from_client; content:"GET"; http_method; content:"/47312627127348.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056697/; classtype:trojan-activity;sid:83919797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056698)"; flow:established,from_client; content:"GET"; http_method; content:"/7607213729806.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056698/; classtype:trojan-activity;sid:83919798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056699)"; flow:established,from_client; content:"GET"; http_method; content:"/86781133818144.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056699/; classtype:trojan-activity;sid:83919799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056700)"; flow:established,from_client; content:"GET"; http_method; content:"/18301343424544.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056700/; classtype:trojan-activity;sid:83919800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056701)"; flow:established,from_client; content:"GET"; http_method; content:"/199273075630702.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056701/; classtype:trojan-activity;sid:83919801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056656)"; flow:established,from_client; content:"GET"; http_method; content:"/2645972026200.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056656/; classtype:trojan-activity;sid:83919756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056657)"; flow:established,from_client; content:"GET"; http_method; content:"/293453925026.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056657/; classtype:trojan-activity;sid:83919757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056658)"; flow:established,from_client; content:"GET"; http_method; content:"/48121709111246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056658/; classtype:trojan-activity;sid:83919758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056659)"; flow:established,from_client; content:"GET"; http_method; content:"/282882462825858.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056659/; classtype:trojan-activity;sid:83919759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056660)"; flow:established,from_client; content:"GET"; http_method; content:"/162173226519808.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056660/; classtype:trojan-activity;sid:83919760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056661)"; flow:established,from_client; content:"GET"; http_method; content:"/25035723513366.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056661/; classtype:trojan-activity;sid:83919761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056662)"; flow:established,from_client; content:"GET"; http_method; content:"/1905070293923.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056662/; classtype:trojan-activity;sid:83919762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056663)"; flow:established,from_client; content:"GET"; http_method; content:"/26203177426594.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056663/; classtype:trojan-activity;sid:83919763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056664)"; flow:established,from_client; content:"GET"; http_method; content:"/18301343424544.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056664/; classtype:trojan-activity;sid:83919764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056665)"; flow:established,from_client; content:"GET"; http_method; content:"/1871393130833.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056665/; classtype:trojan-activity;sid:83919765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056666)"; flow:established,from_client; content:"GET"; http_method; content:"/208202596920014.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056666/; classtype:trojan-activity;sid:83919766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056667)"; flow:established,from_client; content:"GET"; http_method; content:"/4942163781639.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056667/; classtype:trojan-activity;sid:83919767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056668)"; flow:established,from_client; content:"GET"; http_method; content:"/14045293869401.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056668/; classtype:trojan-activity;sid:83919768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056669)"; flow:established,from_client; content:"GET"; http_method; content:"/23712160411586.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056669/; classtype:trojan-activity;sid:83919769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056670)"; flow:established,from_client; content:"GET"; http_method; content:"/157732148715945.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056670/; classtype:trojan-activity;sid:83919770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056671)"; flow:established,from_client; content:"GET"; http_method; content:"/17283221221217.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056671/; classtype:trojan-activity;sid:83919771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056672)"; flow:established,from_client; content:"GET"; http_method; content:"/6840784313807.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056672/; classtype:trojan-activity;sid:83919772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056673)"; flow:established,from_client; content:"GET"; http_method; content:"/2799097265884.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056673/; classtype:trojan-activity;sid:83919773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056674)"; flow:established,from_client; content:"GET"; http_method; content:"/2517831756038.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056674/; classtype:trojan-activity;sid:83919774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056675)"; flow:established,from_client; content:"GET"; http_method; content:"/74612999010658.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056675/; classtype:trojan-activity;sid:83919775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056676)"; flow:established,from_client; content:"GET"; http_method; content:"/141626646422.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056676/; classtype:trojan-activity;sid:83919776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056639)"; flow:established,from_client; content:"GET"; http_method; content:"/7607213729806.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056639/; classtype:trojan-activity;sid:83919739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056640)"; flow:established,from_client; content:"GET"; http_method; content:"/234647089425.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056640/; classtype:trojan-activity;sid:83919740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056641)"; flow:established,from_client; content:"GET"; http_method; content:"/141626646422.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056641/; classtype:trojan-activity;sid:83919741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056642)"; flow:established,from_client; content:"GET"; http_method; content:"/154121319421467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056642/; classtype:trojan-activity;sid:83919742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056643)"; flow:established,from_client; content:"GET"; http_method; content:"/9074271717066.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056643/; classtype:trojan-activity;sid:83919743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056644)"; flow:established,from_client; content:"GET"; http_method; content:"/163412250512119.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056644/; classtype:trojan-activity;sid:83919744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056645)"; flow:established,from_client; content:"GET"; http_method; content:"/26205218665271.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056645/; classtype:trojan-activity;sid:83919745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056646)"; flow:established,from_client; content:"GET"; http_method; content:"/8623717231350.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056646/; classtype:trojan-activity;sid:83919746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056647)"; flow:established,from_client; content:"GET"; http_method; content:"/140471797424079.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056647/; classtype:trojan-activity;sid:83919747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056648)"; flow:established,from_client; content:"GET"; http_method; content:"/219162541119066.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056648/; classtype:trojan-activity;sid:83919748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056649)"; flow:established,from_client; content:"GET"; http_method; content:"/294231561923485.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056649/; classtype:trojan-activity;sid:83919749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056650)"; flow:established,from_client; content:"GET"; http_method; content:"/21209181316742.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056650/; classtype:trojan-activity;sid:83919750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056651)"; flow:established,from_client; content:"GET"; http_method; content:"/154121319421467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056651/; classtype:trojan-activity;sid:83919751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056652)"; flow:established,from_client; content:"GET"; http_method; content:"/95491831519039.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056652/; classtype:trojan-activity;sid:83919752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056653)"; flow:established,from_client; content:"GET"; http_method; content:"/48121709111246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056653/; classtype:trojan-activity;sid:83919753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056654)"; flow:established,from_client; content:"GET"; http_method; content:"/25035723513366.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056654/; classtype:trojan-activity;sid:83919754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056655)"; flow:established,from_client; content:"GET"; http_method; content:"/19786138996700.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056655/; classtype:trojan-activity;sid:83919755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056620)"; flow:established,from_client; content:"GET"; http_method; content:"/185382785731260.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056620/; classtype:trojan-activity;sid:83919720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056621)"; flow:established,from_client; content:"GET"; http_method; content:"/141626646422.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056621/; classtype:trojan-activity;sid:83919721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056622)"; flow:established,from_client; content:"GET"; http_method; content:"/10021225958516.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056622/; classtype:trojan-activity;sid:83919722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056623)"; flow:established,from_client; content:"GET"; http_method; content:"/8623717231350.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056623/; classtype:trojan-activity;sid:83919723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056624)"; flow:established,from_client; content:"GET"; http_method; content:"/21854102773609.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056624/; classtype:trojan-activity;sid:83919724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056625)"; flow:established,from_client; content:"GET"; http_method; content:"/20772434815351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056625/; classtype:trojan-activity;sid:83919725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056626)"; flow:established,from_client; content:"GET"; http_method; content:"/17283221221217.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056626/; classtype:trojan-activity;sid:83919726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056627)"; flow:established,from_client; content:"GET"; http_method; content:"/140471797424079.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056627/; classtype:trojan-activity;sid:83919727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056628)"; flow:established,from_client; content:"GET"; http_method; content:"/2645972026200.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056628/; classtype:trojan-activity;sid:83919728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056629)"; flow:established,from_client; content:"GET"; http_method; content:"/140471797424079.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056629/; classtype:trojan-activity;sid:83919729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056630)"; flow:established,from_client; content:"GET"; http_method; content:"/14240320923345.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056630/; classtype:trojan-activity;sid:83919730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056631)"; flow:established,from_client; content:"GET"; http_method; content:"/239382109316501.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056631/; classtype:trojan-activity;sid:83919731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056632)"; flow:established,from_client; content:"GET"; http_method; content:"/320611076628622.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056632/; classtype:trojan-activity;sid:83919732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056633)"; flow:established,from_client; content:"GET"; http_method; content:"/295711304116423.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056633/; classtype:trojan-activity;sid:83919733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056634)"; flow:established,from_client; content:"GET"; http_method; content:"/13645730022686.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056634/; classtype:trojan-activity;sid:83919734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056635)"; flow:established,from_client; content:"GET"; http_method; content:"/5336150120480.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056635/; classtype:trojan-activity;sid:83919735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056636)"; flow:established,from_client; content:"GET"; http_method; content:"/194642919326010.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056636/; classtype:trojan-activity;sid:83919736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056637)"; flow:established,from_client; content:"GET"; http_method; content:"/9753910413140.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056637/; classtype:trojan-activity;sid:83919737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056638)"; flow:established,from_client; content:"GET"; http_method; content:"/221176234056.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056638/; classtype:trojan-activity;sid:83919738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056606)"; flow:established,from_client; content:"GET"; http_method; content:"/9753910413140.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056606/; classtype:trojan-activity;sid:83919706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056607)"; flow:established,from_client; content:"GET"; http_method; content:"/17283221221217.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056607/; classtype:trojan-activity;sid:83919707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056608)"; flow:established,from_client; content:"GET"; http_method; content:"/161101029419095.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056608/; classtype:trojan-activity;sid:83919708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056609)"; flow:established,from_client; content:"GET"; http_method; content:"/159642403518699.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056609/; classtype:trojan-activity;sid:83919709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056610)"; flow:established,from_client; content:"GET"; http_method; content:"/1871393130833.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056610/; classtype:trojan-activity;sid:83919710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056611)"; flow:established,from_client; content:"GET"; http_method; content:"/11401304018275.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056611/; classtype:trojan-activity;sid:83919711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056612)"; flow:established,from_client; content:"GET"; http_method; content:"/1905070293923.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056612/; classtype:trojan-activity;sid:83919712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056613)"; flow:established,from_client; content:"GET"; http_method; content:"/219952090612375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056613/; classtype:trojan-activity;sid:83919713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056614)"; flow:established,from_client; content:"GET"; http_method; content:"/258321656031949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056614/; classtype:trojan-activity;sid:83919714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056615)"; flow:established,from_client; content:"GET"; http_method; content:"/17959616912130.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056615/; classtype:trojan-activity;sid:83919715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056616)"; flow:established,from_client; content:"GET"; http_method; content:"/163412250512119.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056616/; classtype:trojan-activity;sid:83919716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056617)"; flow:established,from_client; content:"GET"; http_method; content:"/74612999010658.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056617/; classtype:trojan-activity;sid:83919717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056618)"; flow:established,from_client; content:"GET"; http_method; content:"/196452519319596.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056618/; classtype:trojan-activity;sid:83919718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056619)"; flow:established,from_client; content:"GET"; http_method; content:"/2517831756038.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056619/; classtype:trojan-activity;sid:83919719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056582)"; flow:established,from_client; content:"GET"; http_method; content:"/122302714028311.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056582/; classtype:trojan-activity;sid:83919682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056583)"; flow:established,from_client; content:"GET"; http_method; content:"/134881886712041.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056583/; classtype:trojan-activity;sid:83919683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056584)"; flow:established,from_client; content:"GET"; http_method; content:"/209012524319550.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056584/; classtype:trojan-activity;sid:83919684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056585)"; flow:established,from_client; content:"GET"; http_method; content:"/95541017927181.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056585/; classtype:trojan-activity;sid:83919685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056586)"; flow:established,from_client; content:"GET"; http_method; content:"/6691249755586.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056586/; classtype:trojan-activity;sid:83919686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056587)"; flow:established,from_client; content:"GET"; http_method; content:"/1111263555411.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056587/; classtype:trojan-activity;sid:83919687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056588)"; flow:established,from_client; content:"GET"; http_method; content:"/219952090612375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056588/; classtype:trojan-activity;sid:83919688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056589)"; flow:established,from_client; content:"GET"; http_method; content:"/2433346094121.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056589/; classtype:trojan-activity;sid:83919689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056590)"; flow:established,from_client; content:"GET"; http_method; content:"/9753910413140.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056590/; classtype:trojan-activity;sid:83919690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056591)"; flow:established,from_client; content:"GET"; http_method; content:"/17283221221217.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056591/; classtype:trojan-activity;sid:83919691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056592)"; flow:established,from_client; content:"GET"; http_method; content:"/2799097265884.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056592/; classtype:trojan-activity;sid:83919692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056593)"; flow:established,from_client; content:"GET"; http_method; content:"/95541017927181.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056593/; classtype:trojan-activity;sid:83919693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056594)"; flow:established,from_client; content:"GET"; http_method; content:"/17283221221217.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056594/; classtype:trojan-activity;sid:83919694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056595)"; flow:established,from_client; content:"GET"; http_method; content:"/13228279724004.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056595/; classtype:trojan-activity;sid:83919695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056596)"; flow:established,from_client; content:"GET"; http_method; content:"/1905070293923.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056596/; classtype:trojan-activity;sid:83919696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056597)"; flow:established,from_client; content:"GET"; http_method; content:"/162173226519808.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056597/; classtype:trojan-activity;sid:83919697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056598)"; flow:established,from_client; content:"GET"; http_method; content:"/16134278330185.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056598/; classtype:trojan-activity;sid:83919698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056599)"; flow:established,from_client; content:"GET"; http_method; content:"/2517831756038.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056599/; classtype:trojan-activity;sid:83919699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056600)"; flow:established,from_client; content:"GET"; http_method; content:"/23712160411586.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056600/; classtype:trojan-activity;sid:83919700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056601)"; flow:established,from_client; content:"GET"; http_method; content:"/26205218665271.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056601/; classtype:trojan-activity;sid:83919701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056602)"; flow:established,from_client; content:"GET"; http_method; content:"/1111263555411.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056602/; classtype:trojan-activity;sid:83919702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056603)"; flow:established,from_client; content:"GET"; http_method; content:"/47312627127348.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056603/; classtype:trojan-activity;sid:83919703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056604)"; flow:established,from_client; content:"GET"; http_method; content:"/26203177426594.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056604/; classtype:trojan-activity;sid:83919704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056605)"; flow:established,from_client; content:"GET"; http_method; content:"/9074271717066.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056605/; classtype:trojan-activity;sid:83919705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056573)"; flow:established,from_client; content:"GET"; http_method; content:"/95541017927181.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056573/; classtype:trojan-activity;sid:83919673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056574)"; flow:established,from_client; content:"GET"; http_method; content:"/7607213729806.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056574/; classtype:trojan-activity;sid:83919674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056575)"; flow:established,from_client; content:"GET"; http_method; content:"/186683159919091.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056575/; classtype:trojan-activity;sid:83919675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056576)"; flow:established,from_client; content:"GET"; http_method; content:"/235132567015030.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056576/; classtype:trojan-activity;sid:83919676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056577)"; flow:established,from_client; content:"GET"; http_method; content:"/26205218665271.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056577/; classtype:trojan-activity;sid:83919677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056578)"; flow:established,from_client; content:"GET"; http_method; content:"/22509121009108.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056578/; classtype:trojan-activity;sid:83919678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056579)"; flow:established,from_client; content:"GET"; http_method; content:"/259802001812467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056579/; classtype:trojan-activity;sid:83919679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056580)"; flow:established,from_client; content:"GET"; http_method; content:"/2799097265884.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056580/; classtype:trojan-activity;sid:83919680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056581)"; flow:established,from_client; content:"GET"; http_method; content:"/196452519319596.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056581/; classtype:trojan-activity;sid:83919681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056548)"; flow:established,from_client; content:"GET"; http_method; content:"/239382109316501.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056548/; classtype:trojan-activity;sid:83919648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056549)"; flow:established,from_client; content:"GET"; http_method; content:"/18301343424544.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056549/; classtype:trojan-activity;sid:83919649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056550)"; flow:established,from_client; content:"GET"; http_method; content:"/21854102773609.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056550/; classtype:trojan-activity;sid:83919650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056551)"; flow:established,from_client; content:"GET"; http_method; content:"/159642403518699.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056551/; classtype:trojan-activity;sid:83919651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056552)"; flow:established,from_client; content:"GET"; http_method; content:"/161101029419095.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056552/; classtype:trojan-activity;sid:83919652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056553)"; flow:established,from_client; content:"GET"; http_method; content:"/7450468614233.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056553/; classtype:trojan-activity;sid:83919653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056554)"; flow:established,from_client; content:"GET"; http_method; content:"/14217940225195.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056554/; classtype:trojan-activity;sid:83919654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056555)"; flow:established,from_client; content:"GET"; http_method; content:"/240702223723210.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056555/; classtype:trojan-activity;sid:83919655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056556)"; flow:established,from_client; content:"GET"; http_method; content:"/20772434815351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056556/; classtype:trojan-activity;sid:83919656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056557)"; flow:established,from_client; content:"GET"; http_method; content:"/186683159919091.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056557/; classtype:trojan-activity;sid:83919657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056558)"; flow:established,from_client; content:"GET"; http_method; content:"/2939869728525.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056558/; classtype:trojan-activity;sid:83919658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056559)"; flow:established,from_client; content:"GET"; http_method; content:"/2939869728525.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056559/; classtype:trojan-activity;sid:83919659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056560)"; flow:established,from_client; content:"GET"; http_method; content:"/113883084112122.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056560/; classtype:trojan-activity;sid:83919660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056561)"; flow:established,from_client; content:"GET"; http_method; content:"/80311668531588.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056561/; classtype:trojan-activity;sid:83919661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056562)"; flow:established,from_client; content:"GET"; http_method; content:"/3572246549187.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056562/; classtype:trojan-activity;sid:83919662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056563)"; flow:established,from_client; content:"GET"; http_method; content:"/95541017927181.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056563/; classtype:trojan-activity;sid:83919663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056564)"; flow:established,from_client; content:"GET"; http_method; content:"/2799097265884.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056564/; classtype:trojan-activity;sid:83919664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056565)"; flow:established,from_client; content:"GET"; http_method; content:"/185382785731260.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056565/; classtype:trojan-activity;sid:83919665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056566)"; flow:established,from_client; content:"GET"; http_method; content:"/179732851022052.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056566/; classtype:trojan-activity;sid:83919666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056567)"; flow:established,from_client; content:"GET"; http_method; content:"/18301343424544.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056567/; classtype:trojan-activity;sid:83919667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056568)"; flow:established,from_client; content:"GET"; http_method; content:"/297331327429949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056568/; classtype:trojan-activity;sid:83919668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056569)"; flow:established,from_client; content:"GET"; http_method; content:"/47312627127348.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056569/; classtype:trojan-activity;sid:83919669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056570)"; flow:established,from_client; content:"GET"; http_method; content:"/219162541119066.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056570/; classtype:trojan-activity;sid:83919670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056571)"; flow:established,from_client; content:"GET"; http_method; content:"/126951871630094.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056571/; classtype:trojan-activity;sid:83919671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056572)"; flow:established,from_client; content:"GET"; http_method; content:"/2939869728525.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056572/; classtype:trojan-activity;sid:83919672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056547)"; flow:established,from_client; content:"GET"; http_method; content:"/199273075630702.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056547/; classtype:trojan-activity;sid:83919647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056507)"; flow:established,from_client; content:"GET"; http_method; content:"/48121709111246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056507/; classtype:trojan-activity;sid:83919607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056508)"; flow:established,from_client; content:"GET"; http_method; content:"/11401304018275.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056508/; classtype:trojan-activity;sid:83919608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056509)"; flow:established,from_client; content:"GET"; http_method; content:"/239382109316501.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056509/; classtype:trojan-activity;sid:83919609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056510)"; flow:established,from_client; content:"GET"; http_method; content:"/904513631560.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056510/; classtype:trojan-activity;sid:83919610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056511)"; flow:established,from_client; content:"GET"; http_method; content:"/721256141486.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056511/; classtype:trojan-activity;sid:83919611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056512)"; flow:established,from_client; content:"GET"; http_method; content:"/70133027720297.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056512/; classtype:trojan-activity;sid:83919612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056513)"; flow:established,from_client; content:"GET"; http_method; content:"/154121319421467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056513/; classtype:trojan-activity;sid:83919613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056514)"; flow:established,from_client; content:"GET"; http_method; content:"/126402128422578.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056514/; classtype:trojan-activity;sid:83919614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056515)"; flow:established,from_client; content:"GET"; http_method; content:"/2230877325584.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056515/; classtype:trojan-activity;sid:83919615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056516)"; flow:established,from_client; content:"GET"; http_method; content:"/17777753213985.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056516/; classtype:trojan-activity;sid:83919616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056517)"; flow:established,from_client; content:"GET"; http_method; content:"/126402128422578.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056517/; classtype:trojan-activity;sid:83919617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056518)"; flow:established,from_client; content:"GET"; http_method; content:"/221176234056.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056518/; classtype:trojan-activity;sid:83919618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056519)"; flow:established,from_client; content:"GET"; http_method; content:"/2230877325584.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056519/; classtype:trojan-activity;sid:83919619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056520)"; flow:established,from_client; content:"GET"; http_method; content:"/275602608018447.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056520/; classtype:trojan-activity;sid:83919620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056521)"; flow:established,from_client; content:"GET"; http_method; content:"/297331327429949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056521/; classtype:trojan-activity;sid:83919621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056522)"; flow:established,from_client; content:"GET"; http_method; content:"/2230877325584.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056522/; classtype:trojan-activity;sid:83919622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056523)"; flow:established,from_client; content:"GET"; http_method; content:"/140471797424079.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056523/; classtype:trojan-activity;sid:83919623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056524)"; flow:established,from_client; content:"GET"; http_method; content:"/154121319421467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056524/; classtype:trojan-activity;sid:83919624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056525)"; flow:established,from_client; content:"GET"; http_method; content:"/3418233547651.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056525/; classtype:trojan-activity;sid:83919625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056526)"; flow:established,from_client; content:"GET"; http_method; content:"/297331327429949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056526/; classtype:trojan-activity;sid:83919626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056527)"; flow:established,from_client; content:"GET"; http_method; content:"/194642919326010.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056527/; classtype:trojan-activity;sid:83919627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056528)"; flow:established,from_client; content:"GET"; http_method; content:"/25909643110239.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056528/; classtype:trojan-activity;sid:83919628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056529)"; flow:established,from_client; content:"GET"; http_method; content:"/157732148715945.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056529/; classtype:trojan-activity;sid:83919629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056530)"; flow:established,from_client; content:"GET"; http_method; content:"/293453925026.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056530/; classtype:trojan-activity;sid:83919630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056531)"; flow:established,from_client; content:"GET"; http_method; content:"/85112116625809.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056531/; classtype:trojan-activity;sid:83919631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056532)"; flow:established,from_client; content:"GET"; http_method; content:"/27732302912131.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056532/; classtype:trojan-activity;sid:83919632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056533)"; flow:established,from_client; content:"GET"; http_method; content:"/161101029419095.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056533/; classtype:trojan-activity;sid:83919633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056534)"; flow:established,from_client; content:"GET"; http_method; content:"/58121393721311.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056534/; classtype:trojan-activity;sid:83919634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056535)"; flow:established,from_client; content:"GET"; http_method; content:"/4942163781639.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056535/; classtype:trojan-activity;sid:83919635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056536)"; flow:established,from_client; content:"GET"; http_method; content:"/47141987620729.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056536/; classtype:trojan-activity;sid:83919636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056537)"; flow:established,from_client; content:"GET"; http_method; content:"/225742142723127.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056537/; classtype:trojan-activity;sid:83919637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056538)"; flow:established,from_client; content:"GET"; http_method; content:"/179732851022052.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056538/; classtype:trojan-activity;sid:83919638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056539)"; flow:established,from_client; content:"GET"; http_method; content:"/16433258548766.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056539/; classtype:trojan-activity;sid:83919639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056540)"; flow:established,from_client; content:"GET"; http_method; content:"/721256141486.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056540/; classtype:trojan-activity;sid:83919640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056541)"; flow:established,from_client; content:"GET"; http_method; content:"/14217940225195.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056541/; classtype:trojan-activity;sid:83919641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056542)"; flow:established,from_client; content:"GET"; http_method; content:"/28792574431684.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056542/; classtype:trojan-activity;sid:83919642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056543)"; flow:established,from_client; content:"GET"; http_method; content:"/14240320923345.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056543/; classtype:trojan-activity;sid:83919643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056544)"; flow:established,from_client; content:"GET"; http_method; content:"/141626646422.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056544/; classtype:trojan-activity;sid:83919644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056545)"; flow:established,from_client; content:"GET"; http_method; content:"/186711723522606.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056545/; classtype:trojan-activity;sid:83919645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056546)"; flow:established,from_client; content:"GET"; http_method; content:"/9753910413140.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056546/; classtype:trojan-activity;sid:83919646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056469)"; flow:established,from_client; content:"GET"; http_method; content:"/17959616912130.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056469/; classtype:trojan-activity;sid:83919569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056470)"; flow:established,from_client; content:"GET"; http_method; content:"/5336150120480.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056470/; classtype:trojan-activity;sid:83919570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056471)"; flow:established,from_client; content:"GET"; http_method; content:"/238881753218283.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056471/; classtype:trojan-activity;sid:83919571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056472)"; flow:established,from_client; content:"GET"; http_method; content:"/19786138996700.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056472/; classtype:trojan-activity;sid:83919572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056473)"; flow:established,from_client; content:"GET"; http_method; content:"/21209181316742.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056473/; classtype:trojan-activity;sid:83919573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056474)"; flow:established,from_client; content:"GET"; http_method; content:"/126402128422578.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056474/; classtype:trojan-activity;sid:83919574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056475)"; flow:established,from_client; content:"GET"; http_method; content:"/240702223723210.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056475/; classtype:trojan-activity;sid:83919575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056476)"; flow:established,from_client; content:"GET"; http_method; content:"/58121393721311.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056476/; classtype:trojan-activity;sid:83919576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056477)"; flow:established,from_client; content:"GET"; http_method; content:"/126951871630094.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056477/; classtype:trojan-activity;sid:83919577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056478)"; flow:established,from_client; content:"GET"; http_method; content:"/2939869728525.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056478/; classtype:trojan-activity;sid:83919578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056479)"; flow:established,from_client; content:"GET"; http_method; content:"/16512111009916.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056479/; classtype:trojan-activity;sid:83919579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056480)"; flow:established,from_client; content:"GET"; http_method; content:"/113883084112122.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056480/; classtype:trojan-activity;sid:83919580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056481)"; flow:established,from_client; content:"GET"; http_method; content:"/1905070293923.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056481/; classtype:trojan-activity;sid:83919581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056482)"; flow:established,from_client; content:"GET"; http_method; content:"/14240320923345.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056482/; classtype:trojan-activity;sid:83919582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056483)"; flow:established,from_client; content:"GET"; http_method; content:"/239382109316501.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056483/; classtype:trojan-activity;sid:83919583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056484)"; flow:established,from_client; content:"GET"; http_method; content:"/6691249755586.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056484/; classtype:trojan-activity;sid:83919584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056485)"; flow:established,from_client; content:"GET"; http_method; content:"/202811428928372.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056485/; classtype:trojan-activity;sid:83919585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056486)"; flow:established,from_client; content:"GET"; http_method; content:"/9753910413140.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056486/; classtype:trojan-activity;sid:83919586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056487)"; flow:established,from_client; content:"GET"; http_method; content:"/721256141486.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056487/; classtype:trojan-activity;sid:83919587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056488)"; flow:established,from_client; content:"GET"; http_method; content:"/26205218665271.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056488/; classtype:trojan-activity;sid:83919588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056489)"; flow:established,from_client; content:"GET"; http_method; content:"/238881753218283.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056489/; classtype:trojan-activity;sid:83919589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056490)"; flow:established,from_client; content:"GET"; http_method; content:"/21209181316742.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056490/; classtype:trojan-activity;sid:83919590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056491)"; flow:established,from_client; content:"GET"; http_method; content:"/48121709111246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056491/; classtype:trojan-activity;sid:83919591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056492)"; flow:established,from_client; content:"GET"; http_method; content:"/2517831756038.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056492/; classtype:trojan-activity;sid:83919592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056493)"; flow:established,from_client; content:"GET"; http_method; content:"/47312627127348.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056493/; classtype:trojan-activity;sid:83919593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056494)"; flow:established,from_client; content:"GET"; http_method; content:"/1905070293923.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056494/; classtype:trojan-activity;sid:83919594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056495)"; flow:established,from_client; content:"GET"; http_method; content:"/2433346094121.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056495/; classtype:trojan-activity;sid:83919595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056496)"; flow:established,from_client; content:"GET"; http_method; content:"/113883084112122.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056496/; classtype:trojan-activity;sid:83919596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056497)"; flow:established,from_client; content:"GET"; http_method; content:"/157732148715945.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056497/; classtype:trojan-activity;sid:83919597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056498)"; flow:established,from_client; content:"GET"; http_method; content:"/25028894717122.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056498/; classtype:trojan-activity;sid:83919598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056499)"; flow:established,from_client; content:"GET"; http_method; content:"/221176234056.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056499/; classtype:trojan-activity;sid:83919599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056500)"; flow:established,from_client; content:"GET"; http_method; content:"/3418233547651.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056500/; classtype:trojan-activity;sid:83919600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056501)"; flow:established,from_client; content:"GET"; http_method; content:"/293581802922445.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056501/; classtype:trojan-activity;sid:83919601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056502)"; flow:established,from_client; content:"GET"; http_method; content:"/26205218665271.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056502/; classtype:trojan-activity;sid:83919602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056503)"; flow:established,from_client; content:"GET"; http_method; content:"/185382785731260.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056503/; classtype:trojan-activity;sid:83919603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056504)"; flow:established,from_client; content:"GET"; http_method; content:"/320611076628622.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056504/; classtype:trojan-activity;sid:83919604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056505)"; flow:established,from_client; content:"GET"; http_method; content:"/904513631560.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056505/; classtype:trojan-activity;sid:83919605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056506)"; flow:established,from_client; content:"GET"; http_method; content:"/209012524319550.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056506/; classtype:trojan-activity;sid:83919606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056467)"; flow:established,from_client; content:"GET"; http_method; content:"/199273075630702.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056467/; classtype:trojan-activity;sid:83919567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056468)"; flow:established,from_client; content:"GET"; http_method; content:"/30742057426029.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056468/; classtype:trojan-activity;sid:83919568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056448)"; flow:established,from_client; content:"GET"; http_method; content:"/26205218665271.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056448/; classtype:trojan-activity;sid:83919548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056449)"; flow:established,from_client; content:"GET"; http_method; content:"/297331327429949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056449/; classtype:trojan-activity;sid:83919549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056450)"; flow:established,from_client; content:"GET"; http_method; content:"/13645730022686.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056450/; classtype:trojan-activity;sid:83919550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056451)"; flow:established,from_client; content:"GET"; http_method; content:"/161101029419095.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056451/; classtype:trojan-activity;sid:83919551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056452)"; flow:established,from_client; content:"GET"; http_method; content:"/186711723522606.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056452/; classtype:trojan-activity;sid:83919552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056453)"; flow:established,from_client; content:"GET"; http_method; content:"/95541017927181.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056453/; classtype:trojan-activity;sid:83919553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056454)"; flow:established,from_client; content:"GET"; http_method; content:"/238881753218283.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056454/; classtype:trojan-activity;sid:83919554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056455)"; flow:established,from_client; content:"GET"; http_method; content:"/259802001812467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056455/; classtype:trojan-activity;sid:83919555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056456)"; flow:established,from_client; content:"GET"; http_method; content:"/208202596920014.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056456/; classtype:trojan-activity;sid:83919556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056457)"; flow:established,from_client; content:"GET"; http_method; content:"/235132567015030.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056457/; classtype:trojan-activity;sid:83919557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056458)"; flow:established,from_client; content:"GET"; http_method; content:"/196452519319596.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056458/; classtype:trojan-activity;sid:83919558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056459)"; flow:established,from_client; content:"GET"; http_method; content:"/21209181316742.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056459/; classtype:trojan-activity;sid:83919559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056460)"; flow:established,from_client; content:"GET"; http_method; content:"/238881753218283.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056460/; classtype:trojan-activity;sid:83919560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056461)"; flow:established,from_client; content:"GET"; http_method; content:"/160551844320505.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056461/; classtype:trojan-activity;sid:83919561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056462)"; flow:established,from_client; content:"GET"; http_method; content:"/186683159919091.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056462/; classtype:trojan-activity;sid:83919562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056463)"; flow:established,from_client; content:"GET"; http_method; content:"/1905070293923.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056463/; classtype:trojan-activity;sid:83919563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056464)"; flow:established,from_client; content:"GET"; http_method; content:"/275602608018447.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056464/; classtype:trojan-activity;sid:83919564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056465)"; flow:established,from_client; content:"GET"; http_method; content:"/85112116625809.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056465/; classtype:trojan-activity;sid:83919565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056466)"; flow:established,from_client; content:"GET"; http_method; content:"/293453925026.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056466/; classtype:trojan-activity;sid:83919566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056432)"; flow:established,from_client; content:"GET"; http_method; content:"/240702223723210.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056432/; classtype:trojan-activity;sid:83919532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056433)"; flow:established,from_client; content:"GET"; http_method; content:"/95541017927181.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056433/; classtype:trojan-activity;sid:83919533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056434)"; flow:established,from_client; content:"GET"; http_method; content:"/13228279724004.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056434/; classtype:trojan-activity;sid:83919534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056435)"; flow:established,from_client; content:"GET"; http_method; content:"/26203177426594.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056435/; classtype:trojan-activity;sid:83919535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056436)"; flow:established,from_client; content:"GET"; http_method; content:"/62693180814501.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056436/; classtype:trojan-activity;sid:83919536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056437)"; flow:established,from_client; content:"GET"; http_method; content:"/209012524319550.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056437/; classtype:trojan-activity;sid:83919537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056438)"; flow:established,from_client; content:"GET"; http_method; content:"/258321656031949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056438/; classtype:trojan-activity;sid:83919538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056439)"; flow:established,from_client; content:"GET"; http_method; content:"/17283221221217.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056439/; classtype:trojan-activity;sid:83919539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056440)"; flow:established,from_client; content:"GET"; http_method; content:"/21218949518664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056440/; classtype:trojan-activity;sid:83919540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056441)"; flow:established,from_client; content:"GET"; http_method; content:"/6840784313807.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056441/; classtype:trojan-activity;sid:83919541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056442)"; flow:established,from_client; content:"GET"; http_method; content:"/1871393130833.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056442/; classtype:trojan-activity;sid:83919542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056443)"; flow:established,from_client; content:"GET"; http_method; content:"/293581802922445.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056443/; classtype:trojan-activity;sid:83919543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056444)"; flow:established,from_client; content:"GET"; http_method; content:"/157732148715945.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056444/; classtype:trojan-activity;sid:83919544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056445)"; flow:established,from_client; content:"GET"; http_method; content:"/14045293869401.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056445/; classtype:trojan-activity;sid:83919545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056446)"; flow:established,from_client; content:"GET"; http_method; content:"/282882462825858.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056446/; classtype:trojan-activity;sid:83919546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056447)"; flow:established,from_client; content:"GET"; http_method; content:"/208202596920014.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056447/; classtype:trojan-activity;sid:83919547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056427)"; flow:established,from_client; content:"GET"; http_method; content:"/157732148715945.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056427/; classtype:trojan-activity;sid:83919527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056428)"; flow:established,from_client; content:"GET"; http_method; content:"/4942163781639.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056428/; classtype:trojan-activity;sid:83919528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056429)"; flow:established,from_client; content:"GET"; http_method; content:"/186683159919091.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056429/; classtype:trojan-activity;sid:83919529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056430)"; flow:established,from_client; content:"GET"; http_method; content:"/162312656229872.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056430/; classtype:trojan-activity;sid:83919530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056431)"; flow:established,from_client; content:"GET"; http_method; content:"/194642919326010.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056431/; classtype:trojan-activity;sid:83919531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056405)"; flow:established,from_client; content:"GET"; http_method; content:"/209012524319550.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056405/; classtype:trojan-activity;sid:83919505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056406)"; flow:established,from_client; content:"GET"; http_method; content:"/122302714028311.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056406/; classtype:trojan-activity;sid:83919506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056407)"; flow:established,from_client; content:"GET"; http_method; content:"/219162541119066.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056407/; classtype:trojan-activity;sid:83919507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056408)"; flow:established,from_client; content:"GET"; http_method; content:"/16134278330185.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056408/; classtype:trojan-activity;sid:83919508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056409)"; flow:established,from_client; content:"GET"; http_method; content:"/186711723522606.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056409/; classtype:trojan-activity;sid:83919509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056410)"; flow:established,from_client; content:"GET"; http_method; content:"/238881753218283.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056410/; classtype:trojan-activity;sid:83919510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056411)"; flow:established,from_client; content:"GET"; http_method; content:"/30742057426029.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056411/; classtype:trojan-activity;sid:83919511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056412)"; flow:established,from_client; content:"GET"; http_method; content:"/13645730022686.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056412/; classtype:trojan-activity;sid:83919512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056413)"; flow:established,from_client; content:"GET"; http_method; content:"/48111999325022.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056413/; classtype:trojan-activity;sid:83919513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056414)"; flow:established,from_client; content:"GET"; http_method; content:"/9074271717066.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056414/; classtype:trojan-activity;sid:83919514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056415)"; flow:established,from_client; content:"GET"; http_method; content:"/258321656031949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056415/; classtype:trojan-activity;sid:83919515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056416)"; flow:established,from_client; content:"GET"; http_method; content:"/21854102773609.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056416/; classtype:trojan-activity;sid:83919516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056417)"; flow:established,from_client; content:"GET"; http_method; content:"/2230877325584.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056417/; classtype:trojan-activity;sid:83919517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056418)"; flow:established,from_client; content:"GET"; http_method; content:"/160551844320505.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056418/; classtype:trojan-activity;sid:83919518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056419)"; flow:established,from_client; content:"GET"; http_method; content:"/47312627127348.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056419/; classtype:trojan-activity;sid:83919519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056420)"; flow:established,from_client; content:"GET"; http_method; content:"/27732302912131.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056420/; classtype:trojan-activity;sid:83919520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056421)"; flow:established,from_client; content:"GET"; http_method; content:"/18301343424544.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056421/; classtype:trojan-activity;sid:83919521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056422)"; flow:established,from_client; content:"GET"; http_method; content:"/235132567015030.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056422/; classtype:trojan-activity;sid:83919522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056423)"; flow:established,from_client; content:"GET"; http_method; content:"/221176234056.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056423/; classtype:trojan-activity;sid:83919523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056424)"; flow:established,from_client; content:"GET"; http_method; content:"/95491831519039.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056424/; classtype:trojan-activity;sid:83919524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056425)"; flow:established,from_client; content:"GET"; http_method; content:"/17959616912130.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056425/; classtype:trojan-activity;sid:83919525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056426)"; flow:established,from_client; content:"GET"; http_method; content:"/208202596920014.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056426/; classtype:trojan-activity;sid:83919526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056387)"; flow:established,from_client; content:"GET"; http_method; content:"/238881753218283.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056387/; classtype:trojan-activity;sid:83919487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056388)"; flow:established,from_client; content:"GET"; http_method; content:"/160551844320505.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056388/; classtype:trojan-activity;sid:83919488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056389)"; flow:established,from_client; content:"GET"; http_method; content:"/259802001812467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056389/; classtype:trojan-activity;sid:83919489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056390)"; flow:established,from_client; content:"GET"; http_method; content:"/320611076628622.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056390/; classtype:trojan-activity;sid:83919490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056391)"; flow:established,from_client; content:"GET"; http_method; content:"/163412250512119.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056391/; classtype:trojan-activity;sid:83919491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056392)"; flow:established,from_client; content:"GET"; http_method; content:"/18301343424544.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056392/; classtype:trojan-activity;sid:83919492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056393)"; flow:established,from_client; content:"GET"; http_method; content:"/80311668531588.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056393/; classtype:trojan-activity;sid:83919493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056394)"; flow:established,from_client; content:"GET"; http_method; content:"/133743007529826.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056394/; classtype:trojan-activity;sid:83919494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056395)"; flow:established,from_client; content:"GET"; http_method; content:"/11401304018275.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056395/; classtype:trojan-activity;sid:83919495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056396)"; flow:established,from_client; content:"GET"; http_method; content:"/17777753213985.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056396/; classtype:trojan-activity;sid:83919496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056397)"; flow:established,from_client; content:"GET"; http_method; content:"/2939869728525.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056397/; classtype:trojan-activity;sid:83919497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056398)"; flow:established,from_client; content:"GET"; http_method; content:"/21209181316742.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056398/; classtype:trojan-activity;sid:83919498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056399)"; flow:established,from_client; content:"GET"; http_method; content:"/209012524319550.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056399/; classtype:trojan-activity;sid:83919499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056400)"; flow:established,from_client; content:"GET"; http_method; content:"/163412250512119.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056400/; classtype:trojan-activity;sid:83919500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056401)"; flow:established,from_client; content:"GET"; http_method; content:"/157732148715945.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056401/; classtype:trojan-activity;sid:83919501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056402)"; flow:established,from_client; content:"GET"; http_method; content:"/225742142723127.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056402/; classtype:trojan-activity;sid:83919502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056403)"; flow:established,from_client; content:"GET"; http_method; content:"/2939869728525.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056403/; classtype:trojan-activity;sid:83919503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056404)"; flow:established,from_client; content:"GET"; http_method; content:"/21854102773609.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056404/; classtype:trojan-activity;sid:83919504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056384)"; flow:established,from_client; content:"GET"; http_method; content:"/234647089425.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056384/; classtype:trojan-activity;sid:83919484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056385)"; flow:established,from_client; content:"GET"; http_method; content:"/3572246549187.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056385/; classtype:trojan-activity;sid:83919485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056386)"; flow:established,from_client; content:"GET"; http_method; content:"/8623717231350.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056386/; classtype:trojan-activity;sid:83919486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056361)"; flow:established,from_client; content:"GET"; http_method; content:"/19786138996700.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056361/; classtype:trojan-activity;sid:83919461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056362)"; flow:established,from_client; content:"GET"; http_method; content:"/160551844320505.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056362/; classtype:trojan-activity;sid:83919462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056363)"; flow:established,from_client; content:"GET"; http_method; content:"/186683159919091.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056363/; classtype:trojan-activity;sid:83919463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056364)"; flow:established,from_client; content:"GET"; http_method; content:"/10021225958516.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056364/; classtype:trojan-activity;sid:83919464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056365)"; flow:established,from_client; content:"GET"; http_method; content:"/122302714028311.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056365/; classtype:trojan-activity;sid:83919465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056366)"; flow:established,from_client; content:"GET"; http_method; content:"/140471797424079.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056366/; classtype:trojan-activity;sid:83919466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056367)"; flow:established,from_client; content:"GET"; http_method; content:"/21218949518664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056367/; classtype:trojan-activity;sid:83919467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056368)"; flow:established,from_client; content:"GET"; http_method; content:"/6840784313807.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056368/; classtype:trojan-activity;sid:83919468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056369)"; flow:established,from_client; content:"GET"; http_method; content:"/240702223723210.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056369/; classtype:trojan-activity;sid:83919469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056370)"; flow:established,from_client; content:"GET"; http_method; content:"/6254308077500.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056370/; classtype:trojan-activity;sid:83919470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056371)"; flow:established,from_client; content:"GET"; http_method; content:"/8623717231350.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056371/; classtype:trojan-activity;sid:83919471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056372)"; flow:established,from_client; content:"GET"; http_method; content:"/20772434815351.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056372/; classtype:trojan-activity;sid:83919472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056373)"; flow:established,from_client; content:"GET"; http_method; content:"/126402128422578.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056373/; classtype:trojan-activity;sid:83919473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056374)"; flow:established,from_client; content:"GET"; http_method; content:"/95491831519039.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056374/; classtype:trojan-activity;sid:83919474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056375)"; flow:established,from_client; content:"GET"; http_method; content:"/3418233547651.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056375/; classtype:trojan-activity;sid:83919475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056376)"; flow:established,from_client; content:"GET"; http_method; content:"/48111999325022.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056376/; classtype:trojan-activity;sid:83919476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056377)"; flow:established,from_client; content:"GET"; http_method; content:"/2645972026200.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056377/; classtype:trojan-activity;sid:83919477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056378)"; flow:established,from_client; content:"GET"; http_method; content:"/133743007529826.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056378/; classtype:trojan-activity;sid:83919478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056379)"; flow:established,from_client; content:"GET"; http_method; content:"/297331327429949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056379/; classtype:trojan-activity;sid:83919479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056380)"; flow:established,from_client; content:"GET"; http_method; content:"/258321656031949.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056380/; classtype:trojan-activity;sid:83919480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056381)"; flow:established,from_client; content:"GET"; http_method; content:"/58121393721311.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056381/; classtype:trojan-activity;sid:83919481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056382)"; flow:established,from_client; content:"GET"; http_method; content:"/25909643110239.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056382/; classtype:trojan-activity;sid:83919482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056383)"; flow:established,from_client; content:"GET"; http_method; content:"/186711723522606.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056383/; classtype:trojan-activity;sid:83919483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056348)"; flow:established,from_client; content:"GET"; http_method; content:"/219952090612375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056348/; classtype:trojan-activity;sid:83919448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056349)"; flow:established,from_client; content:"GET"; http_method; content:"/95541017927181.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056349/; classtype:trojan-activity;sid:83919449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056350)"; flow:established,from_client; content:"GET"; http_method; content:"/31852834330664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056350/; classtype:trojan-activity;sid:83919450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056351)"; flow:established,from_client; content:"GET"; http_method; content:"/14217940225195.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056351/; classtype:trojan-activity;sid:83919451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056352)"; flow:established,from_client; content:"GET"; http_method; content:"/160551844320505.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056352/; classtype:trojan-activity;sid:83919452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056353)"; flow:established,from_client; content:"GET"; http_method; content:"/4942163781639.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056353/; classtype:trojan-activity;sid:83919453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056354)"; flow:established,from_client; content:"GET"; http_method; content:"/199273075630702.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056354/; classtype:trojan-activity;sid:83919454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056355)"; flow:established,from_client; content:"GET"; http_method; content:"/86781133818144.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056355/; classtype:trojan-activity;sid:83919455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056356)"; flow:established,from_client; content:"GET"; http_method; content:"/289341765223497.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056356/; classtype:trojan-activity;sid:83919456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056357)"; flow:established,from_client; content:"GET"; http_method; content:"/22509121009108.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056357/; classtype:trojan-activity;sid:83919457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056358)"; flow:established,from_client; content:"GET"; http_method; content:"/13228279724004.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056358/; classtype:trojan-activity;sid:83919458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056359)"; flow:established,from_client; content:"GET"; http_method; content:"/2517831756038.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056359/; classtype:trojan-activity;sid:83919459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056360)"; flow:established,from_client; content:"GET"; http_method; content:"/16433258548766.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056360/; classtype:trojan-activity;sid:83919460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056343)"; flow:established,from_client; content:"GET"; http_method; content:"/289341765223497.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056343/; classtype:trojan-activity;sid:83919443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056344)"; flow:established,from_client; content:"GET"; http_method; content:"/122302714028311.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056344/; classtype:trojan-activity;sid:83919444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056345)"; flow:established,from_client; content:"GET"; http_method; content:"/194642919326010.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056345/; classtype:trojan-activity;sid:83919445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056346)"; flow:established,from_client; content:"GET"; http_method; content:"/6840784313807.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056346/; classtype:trojan-activity;sid:83919446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056347)"; flow:established,from_client; content:"GET"; http_method; content:"/85112116625809.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056347/; classtype:trojan-activity;sid:83919447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056307)"; flow:established,from_client; content:"GET"; http_method; content:"/2645972026200.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056307/; classtype:trojan-activity;sid:83919407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056308)"; flow:established,from_client; content:"GET"; http_method; content:"/7285986021605.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056308/; classtype:trojan-activity;sid:83919408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056309)"; flow:established,from_client; content:"GET"; http_method; content:"/2939869728525.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056309/; classtype:trojan-activity;sid:83919409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056310)"; flow:established,from_client; content:"GET"; http_method; content:"/1111263555411.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056310/; classtype:trojan-activity;sid:83919410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056311)"; flow:established,from_client; content:"GET"; http_method; content:"/23712160411586.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056311/; classtype:trojan-activity;sid:83919411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056312)"; flow:established,from_client; content:"GET"; http_method; content:"/62693180814501.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056312/; classtype:trojan-activity;sid:83919412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056313)"; flow:established,from_client; content:"GET"; http_method; content:"/70133027720297.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056313/; classtype:trojan-activity;sid:83919413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056314)"; flow:established,from_client; content:"GET"; http_method; content:"/7607213729806.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056314/; classtype:trojan-activity;sid:83919414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056315)"; flow:established,from_client; content:"GET"; http_method; content:"/159642403518699.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056315/; classtype:trojan-activity;sid:83919415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056316)"; flow:established,from_client; content:"GET"; http_method; content:"/16433258548766.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056316/; classtype:trojan-activity;sid:83919416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056317)"; flow:established,from_client; content:"GET"; http_method; content:"/293581802922445.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056317/; classtype:trojan-activity;sid:83919417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056318)"; flow:established,from_client; content:"GET"; http_method; content:"/21209181316742.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056318/; classtype:trojan-activity;sid:83919418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056319)"; flow:established,from_client; content:"GET"; http_method; content:"/185382785731260.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056319/; classtype:trojan-activity;sid:83919419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056320)"; flow:established,from_client; content:"GET"; http_method; content:"/25909643110239.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056320/; classtype:trojan-activity;sid:83919420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056321)"; flow:established,from_client; content:"GET"; http_method; content:"/18301343424544.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056321/; classtype:trojan-activity;sid:83919421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056322)"; flow:established,from_client; content:"GET"; http_method; content:"/13228279724004.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056322/; classtype:trojan-activity;sid:83919422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056323)"; flow:established,from_client; content:"GET"; http_method; content:"/208202596920014.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056323/; classtype:trojan-activity;sid:83919423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056324)"; flow:established,from_client; content:"GET"; http_method; content:"/13645730022686.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056324/; classtype:trojan-activity;sid:83919424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056325)"; flow:established,from_client; content:"GET"; http_method; content:"/21218949518664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056325/; classtype:trojan-activity;sid:83919425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056326)"; flow:established,from_client; content:"GET"; http_method; content:"/2517831756038.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056326/; classtype:trojan-activity;sid:83919426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056327)"; flow:established,from_client; content:"GET"; http_method; content:"/141626646422.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056327/; classtype:trojan-activity;sid:83919427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056328)"; flow:established,from_client; content:"GET"; http_method; content:"/27732302912131.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056328/; classtype:trojan-activity;sid:83919428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056329)"; flow:established,from_client; content:"GET"; http_method; content:"/48121709111246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056329/; classtype:trojan-activity;sid:83919429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056330)"; flow:established,from_client; content:"GET"; http_method; content:"/80311668531588.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056330/; classtype:trojan-activity;sid:83919430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056331)"; flow:established,from_client; content:"GET"; http_method; content:"/208202596920014.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056331/; classtype:trojan-activity;sid:83919431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056332)"; flow:established,from_client; content:"GET"; http_method; content:"/157732148715945.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056332/; classtype:trojan-activity;sid:83919432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056333)"; flow:established,from_client; content:"GET"; http_method; content:"/235132567015030.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056333/; classtype:trojan-activity;sid:83919433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056334)"; flow:established,from_client; content:"GET"; http_method; content:"/21854102773609.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056334/; classtype:trojan-activity;sid:83919434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056335)"; flow:established,from_client; content:"GET"; http_method; content:"/3418233547651.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056335/; classtype:trojan-activity;sid:83919435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056336)"; flow:established,from_client; content:"GET"; http_method; content:"/2230877325584.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056336/; classtype:trojan-activity;sid:83919436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056337)"; flow:established,from_client; content:"GET"; http_method; content:"/1871393130833.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056337/; classtype:trojan-activity;sid:83919437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056338)"; flow:established,from_client; content:"GET"; http_method; content:"/219952090612375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056338/; classtype:trojan-activity;sid:83919438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056339)"; flow:established,from_client; content:"GET"; http_method; content:"/58121393721311.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056339/; classtype:trojan-activity;sid:83919439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056340)"; flow:established,from_client; content:"GET"; http_method; content:"/80311668531588.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056340/; classtype:trojan-activity;sid:83919440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056341)"; flow:established,from_client; content:"GET"; http_method; content:"/23712160411586.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056341/; classtype:trojan-activity;sid:83919441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056342)"; flow:established,from_client; content:"GET"; http_method; content:"/154121319421467.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056342/; classtype:trojan-activity;sid:83919442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056305)"; flow:established,from_client; content:"GET"; http_method; content:"/21218949518664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056305/; classtype:trojan-activity;sid:83919405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056306)"; flow:established,from_client; content:"GET"; http_method; content:"/159642403518699.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056306/; classtype:trojan-activity;sid:83919406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056292)"; flow:established,from_client; content:"GET"; http_method; content:"/31852834330664.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056292/; classtype:trojan-activity;sid:83919392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056293)"; flow:established,from_client; content:"GET"; http_method; content:"/234647089425.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056293/; classtype:trojan-activity;sid:83919393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056294)"; flow:established,from_client; content:"GET"; http_method; content:"/25035723513366.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056294/; classtype:trojan-activity;sid:83919394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056295)"; flow:established,from_client; content:"GET"; http_method; content:"/16134278330185.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056295/; classtype:trojan-activity;sid:83919395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056296)"; flow:established,from_client; content:"GET"; http_method; content:"/157732148715945.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056296/; classtype:trojan-activity;sid:83919396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056297)"; flow:established,from_client; content:"GET"; http_method; content:"/294231561923485.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056297/; classtype:trojan-activity;sid:83919397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056298)"; flow:established,from_client; content:"GET"; http_method; content:"/74612999010658.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056298/; classtype:trojan-activity;sid:83919398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056299)"; flow:established,from_client; content:"GET"; http_method; content:"/5685636510042.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056299/; classtype:trojan-activity;sid:83919399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056300)"; flow:established,from_client; content:"GET"; http_method; content:"/126951871630094.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056300/; classtype:trojan-activity;sid:83919400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056301)"; flow:established,from_client; content:"GET"; http_method; content:"/2645972026200.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056301/; classtype:trojan-activity;sid:83919401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056302)"; flow:established,from_client; content:"GET"; http_method; content:"/235132567015030.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056302/; classtype:trojan-activity;sid:83919402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056303)"; flow:established,from_client; content:"GET"; http_method; content:"/320611076628622.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056303/; classtype:trojan-activity;sid:83919403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056304)"; flow:established,from_client; content:"GET"; http_method; content:"/95491831519039.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056304/; classtype:trojan-activity;sid:83919404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056265)"; flow:established,from_client; content:"GET"; http_method; content:"/7607213729806.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056265/; classtype:trojan-activity;sid:83919365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056266)"; flow:established,from_client; content:"GET"; http_method; content:"/162173226519808.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056266/; classtype:trojan-activity;sid:83919366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056267)"; flow:established,from_client; content:"GET"; http_method; content:"/9106210789637.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056267/; classtype:trojan-activity;sid:83919367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056268)"; flow:established,from_client; content:"GET"; http_method; content:"/185382785731260.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056268/; classtype:trojan-activity;sid:83919368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056269)"; flow:established,from_client; content:"GET"; http_method; content:"/10021225958516.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056269/; classtype:trojan-activity;sid:83919369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056270)"; flow:established,from_client; content:"GET"; http_method; content:"/27732302912131.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056270/; classtype:trojan-activity;sid:83919370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056271)"; flow:established,from_client; content:"GET"; http_method; content:"/126951871630094.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056271/; classtype:trojan-activity;sid:83919371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056272)"; flow:established,from_client; content:"GET"; http_method; content:"/126402128422578.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056272/; classtype:trojan-activity;sid:83919372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056273)"; flow:established,from_client; content:"GET"; http_method; content:"/295711304116423.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056273/; classtype:trojan-activity;sid:83919373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056274)"; flow:established,from_client; content:"GET"; http_method; content:"/23712160411586.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056274/; classtype:trojan-activity;sid:83919374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056275)"; flow:established,from_client; content:"GET"; http_method; content:"/219162541119066.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056275/; classtype:trojan-activity;sid:83919375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056276)"; flow:established,from_client; content:"GET"; http_method; content:"/27732302912131.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056276/; classtype:trojan-activity;sid:83919376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056277)"; flow:established,from_client; content:"GET"; http_method; content:"/186711723522606.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056277/; classtype:trojan-activity;sid:83919377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056278)"; flow:established,from_client; content:"GET"; http_method; content:"/2433346094121.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056278/; classtype:trojan-activity;sid:83919378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056279)"; flow:established,from_client; content:"GET"; http_method; content:"/160551844320505.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056279/; classtype:trojan-activity;sid:83919379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056280)"; flow:established,from_client; content:"GET"; http_method; content:"/48111999325022.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056280/; classtype:trojan-activity;sid:83919380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056281)"; flow:established,from_client; content:"GET"; http_method; content:"/17283221221217.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056281/; classtype:trojan-activity;sid:83919381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056282)"; flow:established,from_client; content:"GET"; http_method; content:"/13645730022686.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056282/; classtype:trojan-activity;sid:83919382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056283)"; flow:established,from_client; content:"GET"; http_method; content:"/7450468614233.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056283/; classtype:trojan-activity;sid:83919383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056284)"; flow:established,from_client; content:"GET"; http_method; content:"/179732851022052.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056284/; classtype:trojan-activity;sid:83919384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056285)"; flow:established,from_client; content:"GET"; http_method; content:"/3572246549187.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056285/; classtype:trojan-activity;sid:83919385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056286)"; flow:established,from_client; content:"GET"; http_method; content:"/22509121009108.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056286/; classtype:trojan-activity;sid:83919386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056287)"; flow:established,from_client; content:"GET"; http_method; content:"/294231561923485.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056287/; classtype:trojan-activity;sid:83919387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056288)"; flow:established,from_client; content:"GET"; http_method; content:"/1111263555411.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056288/; classtype:trojan-activity;sid:83919388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056289)"; flow:established,from_client; content:"GET"; http_method; content:"/70133027720297.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056289/; classtype:trojan-activity;sid:83919389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056290)"; flow:established,from_client; content:"GET"; http_method; content:"/80311668531588.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056290/; classtype:trojan-activity;sid:83919390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056291)"; flow:established,from_client; content:"GET"; http_method; content:"/26203177426594.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056291/; classtype:trojan-activity;sid:83919391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.237.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056264/; classtype:trojan-activity;sid:83919364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.61.93.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056263/; classtype:trojan-activity;sid:83919363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056262)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.33.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056262/; classtype:trojan-activity;sid:83919362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056260)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.149.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056260/; classtype:trojan-activity;sid:83919360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.194.125.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056261/; classtype:trojan-activity;sid:83919361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056259)"; flow:established,from_client; content:"GET"; http_method; content:"/98098/utnn.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.198.26.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056259/; classtype:trojan-activity;sid:83919359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056258)"; flow:established,from_client; content:"GET"; http_method; content:"/98098/crosscheckingentirethingfllowing.gif"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"103.198.26.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056258/; classtype:trojan-activity;sid:83919358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.184.31.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056256/; classtype:trojan-activity;sid:83919356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.224.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056257/; classtype:trojan-activity;sid:83919357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.14.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056251/; classtype:trojan-activity;sid:83919351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.161.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056250/; classtype:trojan-activity;sid:83919350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.90.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056249/; classtype:trojan-activity;sid:83919349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056248)"; flow:established,from_client; content:"GET"; http_method; content:"/98098/ou/ou.ou.ou.ou.ou.doc"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"103.198.26.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056248/; classtype:trojan-activity;sid:83919348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.19.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056243/; classtype:trojan-activity;sid:83919343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056242)"; flow:established,from_client; content:"GET"; http_method; content:"/33133/cnu/cnu.cnu.cnu.cnu........x..cnu...cnuc.cnu...cnu.....doc"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"141.95.110.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056242/; classtype:trojan-activity;sid:83919342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056241)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.77.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056241/; classtype:trojan-activity;sid:83919341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056240)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.170.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056240/; classtype:trojan-activity;sid:83919340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056238/; classtype:trojan-activity;sid:83919338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.77.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056239/; classtype:trojan-activity;sid:83919339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.58.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056237/; classtype:trojan-activity;sid:83919337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.251.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056236/; classtype:trojan-activity;sid:83919336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056235)"; flow:established,from_client; content:"GET"; http_method; content:"/34134/winiti.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.3.13.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056235/; classtype:trojan-activity;sid:83919335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056234)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.18.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056234/; classtype:trojan-activity;sid:83919334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.163.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056233/; classtype:trojan-activity;sid:83919333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.124.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056232/; classtype:trojan-activity;sid:83919332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.108.14.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056230/; classtype:trojan-activity;sid:83919330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.230.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056231/; classtype:trojan-activity;sid:83919331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.85.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056229/; classtype:trojan-activity;sid:83919329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056227)"; flow:established,from_client; content:"GET"; http_method; content:"/xc.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"192.227.190.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056227/; classtype:trojan-activity;sid:83919327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.152.9.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056228/; classtype:trojan-activity;sid:83919328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.224.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056226/; classtype:trojan-activity;sid:83919326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.138.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056225/; classtype:trojan-activity;sid:83919325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.175.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056223/; classtype:trojan-activity;sid:83919323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056224)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic5.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"mussangroup.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056224/; classtype:trojan-activity;sid:83919324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056222)"; flow:established,from_client; content:"GET"; http_method; content:"/xc.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"test.ddosvps.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056222/; classtype:trojan-activity;sid:83919322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.128.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056221/; classtype:trojan-activity;sid:83919321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.161.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056220/; classtype:trojan-activity;sid:83919320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056216)"; flow:established,from_client; content:"GET"; http_method; content:"/most.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"games.njanzen.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056216/; classtype:trojan-activity;sid:83919316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056217)"; flow:established,from_client; content:"GET"; http_method; content:"/most.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"games.njanzen.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056217/; classtype:trojan-activity;sid:83919317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056218)"; flow:established,from_client; content:"GET"; http_method; content:"/fix.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"games.njanzen.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056218/; classtype:trojan-activity;sid:83919318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056219)"; flow:established,from_client; content:"GET"; http_method; content:"/most.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"games.njanzen.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056219/; classtype:trojan-activity;sid:83919319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056214)"; flow:established,from_client; content:"GET"; http_method; content:"/most.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"games.njanzen.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056214/; classtype:trojan-activity;sid:83919314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056215)"; flow:established,from_client; content:"GET"; http_method; content:"/cache"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"games.njanzen.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056215/; classtype:trojan-activity;sid:83919315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.40.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056205/; classtype:trojan-activity;sid:83919305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056206)"; flow:established,from_client; content:"GET"; http_method; content:"/most.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"games.njanzen.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056206/; classtype:trojan-activity;sid:83919306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.79.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056207/; classtype:trojan-activity;sid:83919307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056208)"; flow:established,from_client; content:"GET"; http_method; content:"/most.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"games.njanzen.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056208/; classtype:trojan-activity;sid:83919308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056209)"; flow:established,from_client; content:"GET"; http_method; content:"/most.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"games.njanzen.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056209/; classtype:trojan-activity;sid:83919309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056210)"; flow:established,from_client; content:"GET"; http_method; content:"/fix.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"games.njanzen.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056210/; classtype:trojan-activity;sid:83919310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056211)"; flow:established,from_client; content:"GET"; http_method; content:"/most.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"games.njanzen.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056211/; classtype:trojan-activity;sid:83919311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.90.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056212/; classtype:trojan-activity;sid:83919312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056213)"; flow:established,from_client; content:"GET"; http_method; content:"/fix.arm4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"games.njanzen.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056213/; classtype:trojan-activity;sid:83919313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.186.207.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056203/; classtype:trojan-activity;sid:83919303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.85.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056204/; classtype:trojan-activity;sid:83919304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056201)"; flow:established,from_client; content:"GET"; http_method; content:"/386"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.248.157.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056201/; classtype:trojan-activity;sid:83919301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056202)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.248.157.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056202/; classtype:trojan-activity;sid:83919302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056200)"; flow:established,from_client; content:"GET"; http_method; content:"/amd64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"104.248.157.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056200/; classtype:trojan-activity;sid:83919300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056193)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.248.157.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056193/; classtype:trojan-activity;sid:83919293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056194)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.248.157.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056194/; classtype:trojan-activity;sid:83919294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056195)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.248.157.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056195/; classtype:trojan-activity;sid:83919295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056196)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.248.157.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056196/; classtype:trojan-activity;sid:83919296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056197)"; flow:established,from_client; content:"GET"; http_method; content:"/mips64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.248.157.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056197/; classtype:trojan-activity;sid:83919297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056198)"; flow:established,from_client; content:"GET"; http_method; content:"/mips64el"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"104.248.157.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056198/; classtype:trojan-activity;sid:83919298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056199)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"104.248.157.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056199/; classtype:trojan-activity;sid:83919299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056192)"; flow:established,from_client; content:"GET"; http_method; content:"/execute_and_cleanup.sh"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"104.248.157.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056192/; classtype:trojan-activity;sid:83919292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056190)"; flow:established,from_client; content:"GET"; http_method; content:"/fix.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.215.66.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056190/; classtype:trojan-activity;sid:83919290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056191)"; flow:established,from_client; content:"GET"; http_method; content:"/fix.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.215.66.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056191/; classtype:trojan-activity;sid:83919291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.177.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056189/; classtype:trojan-activity;sid:83919289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056179)"; flow:established,from_client; content:"GET"; http_method; content:"/most.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.215.66.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056179/; classtype:trojan-activity;sid:83919279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056180)"; flow:established,from_client; content:"GET"; http_method; content:"/most.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.215.66.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056180/; classtype:trojan-activity;sid:83919280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056181)"; flow:established,from_client; content:"GET"; http_method; content:"/most.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.215.66.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056181/; classtype:trojan-activity;sid:83919281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056182)"; flow:established,from_client; content:"GET"; http_method; content:"/most.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.215.66.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056182/; classtype:trojan-activity;sid:83919282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056183)"; flow:established,from_client; content:"GET"; http_method; content:"/fix.arm4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.215.66.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056183/; classtype:trojan-activity;sid:83919283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056184)"; flow:established,from_client; content:"GET"; http_method; content:"/most.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.215.66.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056184/; classtype:trojan-activity;sid:83919284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056185)"; flow:established,from_client; content:"GET"; http_method; content:"/most.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.215.66.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056185/; classtype:trojan-activity;sid:83919285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056186)"; flow:established,from_client; content:"GET"; http_method; content:"/cache"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"85.215.66.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056186/; classtype:trojan-activity;sid:83919286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056187)"; flow:established,from_client; content:"GET"; http_method; content:"/most.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.215.66.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056187/; classtype:trojan-activity;sid:83919287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056188)"; flow:established,from_client; content:"GET"; http_method; content:"/most.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.215.66.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056188/; classtype:trojan-activity;sid:83919288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.19.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056178/; classtype:trojan-activity;sid:83919278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056174)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.51.126.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056174/; classtype:trojan-activity;sid:83919274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056175)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.51.126.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056175/; classtype:trojan-activity;sid:83919275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056176)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.51.126.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056176/; classtype:trojan-activity;sid:83919276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056177)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.51.126.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056177/; classtype:trojan-activity;sid:83919277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056173)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.126.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056173/; classtype:trojan-activity;sid:83919273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056172)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.201.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056172/; classtype:trojan-activity;sid:83919272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.251.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056171/; classtype:trojan-activity;sid:83919271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056170)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.194.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056170/; classtype:trojan-activity;sid:83919270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056168)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.3.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056168/; classtype:trojan-activity;sid:83919268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.13.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056169/; classtype:trojan-activity;sid:83919269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.138.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056167/; classtype:trojan-activity;sid:83919267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056166)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.6.88.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056166/; classtype:trojan-activity;sid:83919266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.108.14.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056165/; classtype:trojan-activity;sid:83919265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.170.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056164/; classtype:trojan-activity;sid:83919264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.76.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056163/; classtype:trojan-activity;sid:83919263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056162)"; flow:established,from_client; content:"GET"; http_method; content:"/5.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"108.174.58.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056162/; classtype:trojan-activity;sid:83919262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.83.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056161/; classtype:trojan-activity;sid:83919261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056160)"; flow:established,from_client; content:"GET"; http_method; content:"/api.php"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"108.174.58.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056160/; classtype:trojan-activity;sid:83919260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056158)"; flow:established,from_client; content:"GET"; http_method; content:"/http.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"108.174.58.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056158/; classtype:trojan-activity;sid:83919258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056159)"; flow:established,from_client; content:"GET"; http_method; content:"/clean.bat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"108.174.58.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056159/; classtype:trojan-activity;sid:83919259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056155)"; flow:established,from_client; content:"GET"; http_method; content:"/exploit_device.py"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"108.174.58.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056155/; classtype:trojan-activity;sid:83919255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056156)"; flow:established,from_client; content:"GET"; http_method; content:"/httpapi.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"108.174.58.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056156/; classtype:trojan-activity;sid:83919256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056157)"; flow:established,from_client; content:"GET"; http_method; content:"/old.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"108.174.58.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056157/; classtype:trojan-activity;sid:83919257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.152.9.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056152/; classtype:trojan-activity;sid:83919252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056153)"; flow:established,from_client; content:"GET"; http_method; content:"/sarm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.156.79.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056153/; classtype:trojan-activity;sid:83919253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056154)"; flow:established,from_client; content:"GET"; http_method; content:"/sarm6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.156.79.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056154/; classtype:trojan-activity;sid:83919254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.28.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056151/; classtype:trojan-activity;sid:83919251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.216.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056150/; classtype:trojan-activity;sid:83919250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056149/; classtype:trojan-activity;sid:83919249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056148)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.79.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056148/; classtype:trojan-activity;sid:83919248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.194.125.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056147/; classtype:trojan-activity;sid:83919247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056145)"; flow:established,from_client; content:"GET"; http_method; content:"/smips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.156.79.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056145/; classtype:trojan-activity;sid:83919245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056146)"; flow:established,from_client; content:"GET"; http_method; content:"/sarm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.156.79.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056146/; classtype:trojan-activity;sid:83919246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056144)"; flow:established,from_client; content:"GET"; http_method; content:"/smpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.156.79.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056144/; classtype:trojan-activity;sid:83919244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.224.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056141/; classtype:trojan-activity;sid:83919241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056142)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.156.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056142/; classtype:trojan-activity;sid:83919242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.173.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056143/; classtype:trojan-activity;sid:83919243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056140)"; flow:established,from_client; content:"GET"; http_method; content:"/sarm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.79.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056140/; classtype:trojan-activity;sid:83919240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.79.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056139/; classtype:trojan-activity;sid:83919239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.85.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056138/; classtype:trojan-activity;sid:83919238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.177.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056137/; classtype:trojan-activity;sid:83919237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.207.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056136/; classtype:trojan-activity;sid:83919236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.125.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056135/; classtype:trojan-activity;sid:83919235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.44.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056134/; classtype:trojan-activity;sid:83919234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.251.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056133/; classtype:trojan-activity;sid:83919233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.197.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056132/; classtype:trojan-activity;sid:83919232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.94.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056131/; classtype:trojan-activity;sid:83919231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056130)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.80.24"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056130/; classtype:trojan-activity;sid:83919230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056129)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.20.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056129/; classtype:trojan-activity;sid:83919229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056126)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.172.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056126/; classtype:trojan-activity;sid:83919226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056127)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.83.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056127/; classtype:trojan-activity;sid:83919227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056128)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.145.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056128/; classtype:trojan-activity;sid:83919228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.114.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056125/; classtype:trojan-activity;sid:83919225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.233.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056124/; classtype:trojan-activity;sid:83919224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.125.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056123/; classtype:trojan-activity;sid:83919223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.83.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056122/; classtype:trojan-activity;sid:83919222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.212.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056121/; classtype:trojan-activity;sid:83919221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.14.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056120/; classtype:trojan-activity;sid:83919220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056119)"; flow:established,from_client; content:"GET"; http_method; content:"/selectex-file-host/acev.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.196.10.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056119/; classtype:trojan-activity;sid:83919219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.112.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056118/; classtype:trojan-activity;sid:83919218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.210.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056117/; classtype:trojan-activity;sid:83919217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.85.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056116/; classtype:trojan-activity;sid:83919216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.194.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056115/; classtype:trojan-activity;sid:83919215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.109.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056114/; classtype:trojan-activity;sid:83919214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.91.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056113/; classtype:trojan-activity;sid:83919213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056112)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.126.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056112/; classtype:trojan-activity;sid:83919212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.99.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056111/; classtype:trojan-activity;sid:83919211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.241.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056110/; classtype:trojan-activity;sid:83919210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.197.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056107/; classtype:trojan-activity;sid:83919207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.186.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056108/; classtype:trojan-activity;sid:83919208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.210.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056109/; classtype:trojan-activity;sid:83919209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.58.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056106/; classtype:trojan-activity;sid:83919206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.168.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056105/; classtype:trojan-activity;sid:83919205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.114.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056104/; classtype:trojan-activity;sid:83919204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.196.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056103/; classtype:trojan-activity;sid:83919203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056102)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.92.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056102/; classtype:trojan-activity;sid:83919202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.12.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056101/; classtype:trojan-activity;sid:83919201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056098)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.36.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056098/; classtype:trojan-activity;sid:83919198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.233.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056099/; classtype:trojan-activity;sid:83919199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056100)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.97.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056100/; classtype:trojan-activity;sid:83919200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.68.179"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056096/; classtype:trojan-activity;sid:83919196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.162.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056097/; classtype:trojan-activity;sid:83919197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.168.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056095/; classtype:trojan-activity;sid:83919195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056094)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.171.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056094/; classtype:trojan-activity;sid:83919194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.67.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056091/; classtype:trojan-activity;sid:83919191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.104.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056092/; classtype:trojan-activity;sid:83919192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.34.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056093/; classtype:trojan-activity;sid:83919193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.41.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056090/; classtype:trojan-activity;sid:83919190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.21.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056089/; classtype:trojan-activity;sid:83919189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.12.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056088/; classtype:trojan-activity;sid:83919188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.34.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056087/; classtype:trojan-activity;sid:83919187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.194.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056086/; classtype:trojan-activity;sid:83919186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.23.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056085/; classtype:trojan-activity;sid:83919185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.186.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056084/; classtype:trojan-activity;sid:83919184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.99.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056083/; classtype:trojan-activity;sid:83919183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.12.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056082/; classtype:trojan-activity;sid:83919182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056081)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056081/; classtype:trojan-activity;sid:83919181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056080)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.209.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056080/; classtype:trojan-activity;sid:83919180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056078)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.112.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056078/; classtype:trojan-activity;sid:83919178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056079)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.82.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056079/; classtype:trojan-activity;sid:83919179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056077)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.20.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056077/; classtype:trojan-activity;sid:83919177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056076)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.98.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056076/; classtype:trojan-activity;sid:83919176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056073)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.46.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056073/; classtype:trojan-activity;sid:83919173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056074)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.167.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056074/; classtype:trojan-activity;sid:83919174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056075)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.172.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056075/; classtype:trojan-activity;sid:83919175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056068)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.95.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056068/; classtype:trojan-activity;sid:83919168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056069)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.61.169.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056069/; classtype:trojan-activity;sid:83919169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056070)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.186.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056070/; classtype:trojan-activity;sid:83919170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056071)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.161.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056071/; classtype:trojan-activity;sid:83919171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056072)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056072/; classtype:trojan-activity;sid:83919172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056067)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.238.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056067/; classtype:trojan-activity;sid:83919167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056066)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.98.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056066/; classtype:trojan-activity;sid:83919166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.127.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056065/; classtype:trojan-activity;sid:83919165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.180.140.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056064/; classtype:trojan-activity;sid:83919164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.67.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056063/; classtype:trojan-activity;sid:83919163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.80.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056062/; classtype:trojan-activity;sid:83919162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.117.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056061/; classtype:trojan-activity;sid:83919161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056060)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.241.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056060/; classtype:trojan-activity;sid:83919160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.38.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056059/; classtype:trojan-activity;sid:83919159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.168.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056058/; classtype:trojan-activity;sid:83919158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.210.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056057/; classtype:trojan-activity;sid:83919157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.196.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056056/; classtype:trojan-activity;sid:83919156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.76.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056055/; classtype:trojan-activity;sid:83919155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056053)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.105.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056053/; classtype:trojan-activity;sid:83919153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056054)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.91.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056054/; classtype:trojan-activity;sid:83919154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.40.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056050/; classtype:trojan-activity;sid:83919150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.225.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056051/; classtype:trojan-activity;sid:83919151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056052)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.86.249.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056052/; classtype:trojan-activity;sid:83919152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.189.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056049/; classtype:trojan-activity;sid:83919149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056048)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.56.237.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056048/; classtype:trojan-activity;sid:83919148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056046)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.76.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056046/; classtype:trojan-activity;sid:83919146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056047/; classtype:trojan-activity;sid:83919147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.12.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056043/; classtype:trojan-activity;sid:83919143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056044)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.193.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056044/; classtype:trojan-activity;sid:83919144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056045)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.35.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056045/; classtype:trojan-activity;sid:83919145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.213.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056041/; classtype:trojan-activity;sid:83919141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.153.109.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056042/; classtype:trojan-activity;sid:83919142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.19.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056039/; classtype:trojan-activity;sid:83919139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.127.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056040/; classtype:trojan-activity;sid:83919140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.171.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056038/; classtype:trojan-activity;sid:83919138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.173.87.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056037/; classtype:trojan-activity;sid:83919137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.220.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056036/; classtype:trojan-activity;sid:83919136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.40.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056035/; classtype:trojan-activity;sid:83919135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.41.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056034/; classtype:trojan-activity;sid:83919134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.129.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056033/; classtype:trojan-activity;sid:83919133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.49.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056031/; classtype:trojan-activity;sid:83919131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.21.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056032/; classtype:trojan-activity;sid:83919132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.58.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056030/; classtype:trojan-activity;sid:83919130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.23.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056029/; classtype:trojan-activity;sid:83919129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.245.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056028/; classtype:trojan-activity;sid:83919128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.7.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056027/; classtype:trojan-activity;sid:83919127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056026)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.139.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056026/; classtype:trojan-activity;sid:83919126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056025)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.135.221.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056025/; classtype:trojan-activity;sid:83919125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.127.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056024/; classtype:trojan-activity;sid:83919124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056022)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.173.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056022/; classtype:trojan-activity;sid:83919122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.120.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056023/; classtype:trojan-activity;sid:83919123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.41.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056021/; classtype:trojan-activity;sid:83919121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.182.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056020/; classtype:trojan-activity;sid:83919120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.117.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056019/; classtype:trojan-activity;sid:83919119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.58.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056018/; classtype:trojan-activity;sid:83919118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.191.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056017/; classtype:trojan-activity;sid:83919117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.38.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056016/; classtype:trojan-activity;sid:83919116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.239.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056015/; classtype:trojan-activity;sid:83919115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.171.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056014/; classtype:trojan-activity;sid:83919114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.8.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056013/; classtype:trojan-activity;sid:83919113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.221.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056012/; classtype:trojan-activity;sid:83919112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.10.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056011/; classtype:trojan-activity;sid:83919111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056010)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.245.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056010/; classtype:trojan-activity;sid:83919110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056008)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.136.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056008/; classtype:trojan-activity;sid:83919108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.234.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056009/; classtype:trojan-activity;sid:83919109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.220.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056007/; classtype:trojan-activity;sid:83919107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.220.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056006/; classtype:trojan-activity;sid:83919106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.80.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056005/; classtype:trojan-activity;sid:83919105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.225.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056004/; classtype:trojan-activity;sid:83919104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.133.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056003/; classtype:trojan-activity;sid:83919103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.21.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056002/; classtype:trojan-activity;sid:83919102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.127.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056001/; classtype:trojan-activity;sid:83919101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3056000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.40.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3056000/; classtype:trojan-activity;sid:83919100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.49.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055999/; classtype:trojan-activity;sid:83919099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.221.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055998/; classtype:trojan-activity;sid:83919098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.134.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055997/; classtype:trojan-activity;sid:83919097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.60.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055996/; classtype:trojan-activity;sid:83919096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.129.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055995/; classtype:trojan-activity;sid:83919095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.7.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055994/; classtype:trojan-activity;sid:83919094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.173.87.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055993/; classtype:trojan-activity;sid:83919093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.229.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055991/; classtype:trojan-activity;sid:83919091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.163.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055992/; classtype:trojan-activity;sid:83919092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.58.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055990/; classtype:trojan-activity;sid:83919090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.133.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055988/; classtype:trojan-activity;sid:83919088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.174.238.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055989/; classtype:trojan-activity;sid:83919089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.188.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055987/; classtype:trojan-activity;sid:83919087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055986)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.41.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055986/; classtype:trojan-activity;sid:83919086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.187.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055985/; classtype:trojan-activity;sid:83919085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.183.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055984/; classtype:trojan-activity;sid:83919084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.40.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055983/; classtype:trojan-activity;sid:83919083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.68.142.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055982/; classtype:trojan-activity;sid:83919082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.221.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055981/; classtype:trojan-activity;sid:83919081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.4.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055980/; classtype:trojan-activity;sid:83919080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.239.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055979/; classtype:trojan-activity;sid:83919079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.6.199.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055978/; classtype:trojan-activity;sid:83919078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.175.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055977/; classtype:trojan-activity;sid:83919077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.220.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055975/; classtype:trojan-activity;sid:83919075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055976)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.220.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055976/; classtype:trojan-activity;sid:83919076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.31.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055974/; classtype:trojan-activity;sid:83919074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.80.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055973/; classtype:trojan-activity;sid:83919073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055972)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.123.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055972/; classtype:trojan-activity;sid:83919072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.40.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055971/; classtype:trojan-activity;sid:83919071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055970)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.190.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055970/; classtype:trojan-activity;sid:83919070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.240.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055969/; classtype:trojan-activity;sid:83919069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.134.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055968/; classtype:trojan-activity;sid:83919068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.243.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055967/; classtype:trojan-activity;sid:83919067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.95.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055966/; classtype:trojan-activity;sid:83919066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.81.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055965/; classtype:trojan-activity;sid:83919065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.174.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055964/; classtype:trojan-activity;sid:83919064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055963)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.217.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055963/; classtype:trojan-activity;sid:83919063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055962)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.56.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055962/; classtype:trojan-activity;sid:83919062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.170.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055959/; classtype:trojan-activity;sid:83919059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.15.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055960/; classtype:trojan-activity;sid:83919060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.60.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055961/; classtype:trojan-activity;sid:83919061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055958)"; flow:established,from_client; content:"GET"; http_method; content:"/cmfa.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.69.22.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055958/; classtype:trojan-activity;sid:83919058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055957)"; flow:established,from_client; content:"GET"; http_method; content:"/sgsbrowsersetup_1.2.32.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"81.69.22.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055957/; classtype:trojan-activity;sid:83919057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055956)"; flow:established,from_client; content:"GET"; http_method; content:"/clash.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.69.22.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055956/; classtype:trojan-activity;sid:83919056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.167.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055953/; classtype:trojan-activity;sid:83919053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.151.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055954/; classtype:trojan-activity;sid:83919054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055955)"; flow:established,from_client; content:"GET"; http_method; content:"/les.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.69.22.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055955/; classtype:trojan-activity;sid:83919055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055952)"; flow:established,from_client; content:"GET"; http_method; content:"/ciyun.py"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.69.22.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055952/; classtype:trojan-activity;sid:83919052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055951)"; flow:established,from_client; content:"GET"; http_method; content:"/cve-2021-4034-poc.c"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"81.69.22.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055951/; classtype:trojan-activity;sid:83919051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055950)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.12.60.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055950/; classtype:trojan-activity;sid:83919050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055946)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.12.60.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055946/; classtype:trojan-activity;sid:83919046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.182.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055947/; classtype:trojan-activity;sid:83919047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055948)"; flow:established,from_client; content:"GET"; http_method; content:"/cve-2021-4034"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"154.12.60.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055948/; classtype:trojan-activity;sid:83919048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055949)"; flow:established,from_client; content:"GET"; http_method; content:"/in.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"154.12.60.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055949/; classtype:trojan-activity;sid:83919049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055945)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.31.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055945/; classtype:trojan-activity;sid:83919045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055944)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.251.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055944/; classtype:trojan-activity;sid:83919044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055943)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.251.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055943/; classtype:trojan-activity;sid:83919043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055942)"; flow:established,from_client; content:"GET"; http_method; content:"/archsirsuppoat/sp.png"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.92.255.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055942/; classtype:trojan-activity;sid:83919042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055940)"; flow:established,from_client; content:"GET"; http_method; content:"/attack.jpeg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.92.255.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055940/; classtype:trojan-activity;sid:83919040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055941)"; flow:established,from_client; content:"GET"; http_method; content:"/screenshot.jpeg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"91.92.255.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055941/; classtype:trojan-activity;sid:83919041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055938)"; flow:established,from_client; content:"GET"; http_method; content:"/arch.ps1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.92.255.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055938/; classtype:trojan-activity;sid:83919038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055939)"; flow:established,from_client; content:"GET"; http_method; content:"/archsirsuppoat/arch.ps1"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.92.255.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055939/; classtype:trojan-activity;sid:83919039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055937)"; flow:established,from_client; content:"GET"; http_method; content:"/systray.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.92.255.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055937/; classtype:trojan-activity;sid:83919037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055934)"; flow:established,from_client; content:"GET"; http_method; content:"/archcwload/archcwbat.ps1"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.92.255.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055934/; classtype:trojan-activity;sid:83919034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055935)"; flow:established,from_client; content:"GET"; http_method; content:"/archsirsuppoat/anyclesk.ps1"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"91.92.255.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055935/; classtype:trojan-activity;sid:83919035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055936)"; flow:established,from_client; content:"GET"; http_method; content:"/archcwload/archcw.ps1"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.92.255.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055936/; classtype:trojan-activity;sid:83919036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055933)"; flow:established,from_client; content:"GET"; http_method; content:"/ban.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.92.255.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055933/; classtype:trojan-activity;sid:83919033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.209.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055932/; classtype:trojan-activity;sid:83919032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055931/; classtype:trojan-activity;sid:83919031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.89.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055930/; classtype:trojan-activity;sid:83919030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.4.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055929/; classtype:trojan-activity;sid:83919029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055928)"; flow:established,from_client; content:"GET"; http_method; content:"/kr6ndu9flhop1bfe.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"91.92.248.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055928/; classtype:trojan-activity;sid:83919028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.110.7.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055925/; classtype:trojan-activity;sid:83919025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055926)"; flow:established,from_client; content:"GET"; http_method; content:"/build.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.92.248.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055926/; classtype:trojan-activity;sid:83919026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055927)"; flow:established,from_client; content:"GET"; http_method; content:"/java.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.141.26.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055927/; classtype:trojan-activity;sid:83919027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055924)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.66.231.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055924/; classtype:trojan-activity;sid:83919024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055923)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.66.231.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055923/; classtype:trojan-activity;sid:83919023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055920)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.66.231.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055920/; classtype:trojan-activity;sid:83919020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.18.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055921/; classtype:trojan-activity;sid:83919021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055922)"; flow:established,from_client; content:"GET"; http_method; content:"/r"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.66.231.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055922/; classtype:trojan-activity;sid:83919022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055912)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.66.231.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055912/; classtype:trojan-activity;sid:83919012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055913)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.66.231.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055913/; classtype:trojan-activity;sid:83919013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055914)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.66.231.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055914/; classtype:trojan-activity;sid:83919014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055915)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.66.231.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055915/; classtype:trojan-activity;sid:83919015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055916)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.66.231.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055916/; classtype:trojan-activity;sid:83919016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055917)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.66.231.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055917/; classtype:trojan-activity;sid:83919017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055918)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.66.231.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055918/; classtype:trojan-activity;sid:83919018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055919)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.66.231.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055919/; classtype:trojan-activity;sid:83919019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055911)"; flow:established,from_client; content:"GET"; http_method; content:"/go.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.66.231.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055911/; classtype:trojan-activity;sid:83919011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.232.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055910/; classtype:trojan-activity;sid:83919010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.52.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055907/; classtype:trojan-activity;sid:83919007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.15.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055908/; classtype:trojan-activity;sid:83919008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.40.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055909/; classtype:trojan-activity;sid:83919009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.162.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055905/; classtype:trojan-activity;sid:83919005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.141.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055906/; classtype:trojan-activity;sid:83919006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.161.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055904/; classtype:trojan-activity;sid:83919004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.15.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055903/; classtype:trojan-activity;sid:83919003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.170.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055902/; classtype:trojan-activity;sid:83919002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.212.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055901/; classtype:trojan-activity;sid:83919001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.35.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055900/; classtype:trojan-activity;sid:83919000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.167.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055899/; classtype:trojan-activity;sid:83918999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.86.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055897/; classtype:trojan-activity;sid:83918997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.182.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055898/; classtype:trojan-activity;sid:83918998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055896)"; flow:established,from_client; content:"GET"; http_method; content:"/win.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.208.158.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055896/; classtype:trojan-activity;sid:83918996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055894)"; flow:established,from_client; content:"GET"; http_method; content:"/inject.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.208.158.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055894/; classtype:trojan-activity;sid:83918994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055895)"; flow:established,from_client; content:"GET"; http_method; content:"/get.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.208.158.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055895/; classtype:trojan-activity;sid:83918995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055891)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.249.48.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055891/; classtype:trojan-activity;sid:83918991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055892)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"92.249.48.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055892/; classtype:trojan-activity;sid:83918992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055893)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.249.48.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055893/; classtype:trojan-activity;sid:83918993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055890)"; flow:established,from_client; content:"GET"; http_method; content:"/download.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"wasabiwallet.is"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055890/; classtype:trojan-activity;sid:83918990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.92.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055889/; classtype:trojan-activity;sid:83918989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055879)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"147.78.103.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055879/; classtype:trojan-activity;sid:83918979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055880)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.190.231.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055880/; classtype:trojan-activity;sid:83918980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055881)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.249.48.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055881/; classtype:trojan-activity;sid:83918981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055882)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.230.63.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055882/; classtype:trojan-activity;sid:83918982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055883)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.249.48.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055883/; classtype:trojan-activity;sid:83918983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055884)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.249.48.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055884/; classtype:trojan-activity;sid:83918984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055885)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.249.48.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055885/; classtype:trojan-activity;sid:83918985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055886)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.249.48.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055886/; classtype:trojan-activity;sid:83918986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055887)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.249.48.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055887/; classtype:trojan-activity;sid:83918987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.217.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055877/; classtype:trojan-activity;sid:83918977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055878)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"147.78.103.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055878/; classtype:trojan-activity;sid:83918978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.175.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055875/; classtype:trojan-activity;sid:83918975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055876)"; flow:established,from_client; content:"GET"; http_method; content:"/hmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.92.240.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055876/; classtype:trojan-activity;sid:83918976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.164.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055874/; classtype:trojan-activity;sid:83918974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055872)"; flow:established,from_client; content:"GET"; http_method; content:"/new-green/update-1.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055872/; classtype:trojan-activity;sid:83918972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.31.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055873/; classtype:trojan-activity;sid:83918973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.162.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055871/; classtype:trojan-activity;sid:83918971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.202.89.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055870/; classtype:trojan-activity;sid:83918970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055866)"; flow:established,from_client; content:"GET"; http_method; content:"/hwid-spoofer/cyptpaspoofer-3.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055866/; classtype:trojan-activity;sid:83918966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055867)"; flow:established,from_client; content:"GET"; http_method; content:"/hwid-spoofer/cyptpaspoofer-1.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055867/; classtype:trojan-activity;sid:83918967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055868)"; flow:established,from_client; content:"GET"; http_method; content:"/hwid-spoofer/cyptpaspoofer-2.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055868/; classtype:trojan-activity;sid:83918968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055869)"; flow:established,from_client; content:"GET"; http_method; content:"/hwid-spoofer/cyptpaspoofer-4.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055869/; classtype:trojan-activity;sid:83918969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.47.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055865/; classtype:trojan-activity;sid:83918965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055864)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.183.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055864/; classtype:trojan-activity;sid:83918964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.169.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055863/; classtype:trojan-activity;sid:83918963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055862)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.181.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055862/; classtype:trojan-activity;sid:83918962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055861)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.239.38.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055861/; classtype:trojan-activity;sid:83918961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.244.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055860/; classtype:trojan-activity;sid:83918960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.163.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055859/; classtype:trojan-activity;sid:83918959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.41.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055857/; classtype:trojan-activity;sid:83918957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.167.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055858/; classtype:trojan-activity;sid:83918958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.31.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055856/; classtype:trojan-activity;sid:83918956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.0.14"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055855/; classtype:trojan-activity;sid:83918955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.183.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055854/; classtype:trojan-activity;sid:83918954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.40.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055853/; classtype:trojan-activity;sid:83918953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.110.7.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055851/; classtype:trojan-activity;sid:83918951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.227.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055852/; classtype:trojan-activity;sid:83918952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.120.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055850/; classtype:trojan-activity;sid:83918950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055849/; classtype:trojan-activity;sid:83918949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.214.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055848/; classtype:trojan-activity;sid:83918948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.148.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055846/; classtype:trojan-activity;sid:83918946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.104.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055847/; classtype:trojan-activity;sid:83918947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055845/; classtype:trojan-activity;sid:83918945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.18.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055844/; classtype:trojan-activity;sid:83918944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.171.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055843/; classtype:trojan-activity;sid:83918943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.182.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055841/; classtype:trojan-activity;sid:83918941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055842)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.6.11"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055842/; classtype:trojan-activity;sid:83918942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055840)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.123.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055840/; classtype:trojan-activity;sid:83918940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055838)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.169.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055838/; classtype:trojan-activity;sid:83918938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055839)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.11.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055839/; classtype:trojan-activity;sid:83918939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055837)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.116.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055837/; classtype:trojan-activity;sid:83918937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.33.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055835/; classtype:trojan-activity;sid:83918935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.249.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055834/; classtype:trojan-activity;sid:83918934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.181.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055833/; classtype:trojan-activity;sid:83918933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.131.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055830/; classtype:trojan-activity;sid:83918930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055829)"; flow:established,from_client; content:"GET"; http_method; content:"/activation/nyexjpw-torrentold.pif"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055829/; classtype:trojan-activity;sid:83918929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055828)"; flow:established,from_client; content:"GET"; http_method; content:"/activation/mfceum-4.pif"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055828/; classtype:trojan-activity;sid:83918928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055826)"; flow:established,from_client; content:"GET"; http_method; content:"/web-source/web-source-1.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055826/; classtype:trojan-activity;sid:83918926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055827)"; flow:established,from_client; content:"GET"; http_method; content:"/activation/oxdmnmj-old-3.pif"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055827/; classtype:trojan-activity;sid:83918927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.89.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055825/; classtype:trojan-activity;sid:83918925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055821)"; flow:established,from_client; content:"GET"; http_method; content:"/activation/oxdmnmj-old-2.pif"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055821/; classtype:trojan-activity;sid:83918921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.202.89.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055822/; classtype:trojan-activity;sid:83918922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055823)"; flow:established,from_client; content:"GET"; http_method; content:"/activation/torrentold-1.pif"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055823/; classtype:trojan-activity;sid:83918923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055824)"; flow:established,from_client; content:"GET"; http_method; content:"/web-source/web-source-2.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055824/; classtype:trojan-activity;sid:83918924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055820/; classtype:trojan-activity;sid:83918920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.161.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055819/; classtype:trojan-activity;sid:83918919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.239.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055818/; classtype:trojan-activity;sid:83918918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055817)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.116.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055817/; classtype:trojan-activity;sid:83918917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055816)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.171.87.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055816/; classtype:trojan-activity;sid:83918916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.109.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055815/; classtype:trojan-activity;sid:83918915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055814)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.192.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055814/; classtype:trojan-activity;sid:83918914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055813)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.59.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055813/; classtype:trojan-activity;sid:83918913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.131.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055812/; classtype:trojan-activity;sid:83918912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055810)"; flow:established,from_client; content:"GET"; http_method; content:"/h9fmdw7/plugins/clip.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.196.8.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055810/; classtype:trojan-activity;sid:83918910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055811)"; flow:established,from_client; content:"GET"; http_method; content:"/h9fmdw7/plugins/cred.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.196.8.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055811/; classtype:trojan-activity;sid:83918911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.81.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055808/; classtype:trojan-activity;sid:83918908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.165.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055809/; classtype:trojan-activity;sid:83918909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055807)"; flow:established,from_client; content:"GET"; http_method; content:"/prog/669b5b78252ea_googlesoft.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"79.137.192.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055807/; classtype:trojan-activity;sid:83918907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.188.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055806/; classtype:trojan-activity;sid:83918906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.163.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055805/; classtype:trojan-activity;sid:83918905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.40.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055804/; classtype:trojan-activity;sid:83918904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.192.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055803/; classtype:trojan-activity;sid:83918903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.2.164"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055802/; classtype:trojan-activity;sid:83918902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.181.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055801/; classtype:trojan-activity;sid:83918901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.223.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055800/; classtype:trojan-activity;sid:83918900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.120.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055799/; classtype:trojan-activity;sid:83918899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.95.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055798/; classtype:trojan-activity;sid:83918898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.41.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055797/; classtype:trojan-activity;sid:83918897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.23.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055796/; classtype:trojan-activity;sid:83918896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055795)"; flow:established,from_client; content:"GET"; http_method; content:"/d//385132"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.111.172.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055795/; classtype:trojan-activity;sid:83918895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.182.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055794/; classtype:trojan-activity;sid:83918894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.239.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055790/; classtype:trojan-activity;sid:83918890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055788)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.231.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055788/; classtype:trojan-activity;sid:83918888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055789)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.162.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055789/; classtype:trojan-activity;sid:83918889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.229.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055787/; classtype:trojan-activity;sid:83918887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.66.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055786/; classtype:trojan-activity;sid:83918886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.161.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055785/; classtype:trojan-activity;sid:83918885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.81.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055784/; classtype:trojan-activity;sid:83918884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.3.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055783/; classtype:trojan-activity;sid:83918883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.11.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055782/; classtype:trojan-activity;sid:83918882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.70.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055781/; classtype:trojan-activity;sid:83918881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.170.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055780/; classtype:trojan-activity;sid:83918880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.184.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055779/; classtype:trojan-activity;sid:83918879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.232.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055778/; classtype:trojan-activity;sid:83918878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.210.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055777/; classtype:trojan-activity;sid:83918877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.166.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055776/; classtype:trojan-activity;sid:83918876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.172.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055775/; classtype:trojan-activity;sid:83918875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.0.14"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055774/; classtype:trojan-activity;sid:83918874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055773/; classtype:trojan-activity;sid:83918873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.215.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055772/; classtype:trojan-activity;sid:83918872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055771)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.188.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055771/; classtype:trojan-activity;sid:83918871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.232.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055769/; classtype:trojan-activity;sid:83918869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.59.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055770/; classtype:trojan-activity;sid:83918870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.214.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055768/; classtype:trojan-activity;sid:83918868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.5.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055767/; classtype:trojan-activity;sid:83918867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.254.2.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055766/; classtype:trojan-activity;sid:83918866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.232.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055765/; classtype:trojan-activity;sid:83918865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.148.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055763/; classtype:trojan-activity;sid:83918863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055764/; classtype:trojan-activity;sid:83918864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.111.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055762/; classtype:trojan-activity;sid:83918862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.127.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055761/; classtype:trojan-activity;sid:83918861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055760)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.225.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055760/; classtype:trojan-activity;sid:83918860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.142.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055759/; classtype:trojan-activity;sid:83918859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.210.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055758/; classtype:trojan-activity;sid:83918858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.170.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055757/; classtype:trojan-activity;sid:83918857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.189.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055756/; classtype:trojan-activity;sid:83918856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.100.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055755/; classtype:trojan-activity;sid:83918855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055754)"; flow:established,from_client; content:"GET"; http_method; content:"/prog/6698c0ab59e68_aerosoft.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"79.137.192.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055754/; classtype:trojan-activity;sid:83918854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.2.106"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055753/; classtype:trojan-activity;sid:83918853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.144.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055752/; classtype:trojan-activity;sid:83918852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.109.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055751/; classtype:trojan-activity;sid:83918851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.160.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055750/; classtype:trojan-activity;sid:83918850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.162.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055749/; classtype:trojan-activity;sid:83918849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055748)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.173.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055748/; classtype:trojan-activity;sid:83918848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055747)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.168.173.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055747/; classtype:trojan-activity;sid:83918847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055746)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.184.31.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055746/; classtype:trojan-activity;sid:83918846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.2.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055745/; classtype:trojan-activity;sid:83918845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.132.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055744/; classtype:trojan-activity;sid:83918844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.59.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055743/; classtype:trojan-activity;sid:83918843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.106.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055741/; classtype:trojan-activity;sid:83918841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.133.102.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055742/; classtype:trojan-activity;sid:83918842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.135.183.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055740/; classtype:trojan-activity;sid:83918840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.67.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055738/; classtype:trojan-activity;sid:83918838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.162.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055739/; classtype:trojan-activity;sid:83918839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.196.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055737/; classtype:trojan-activity;sid:83918837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.180.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055736/; classtype:trojan-activity;sid:83918836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.229.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055735/; classtype:trojan-activity;sid:83918835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.35.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055734/; classtype:trojan-activity;sid:83918834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055733)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.33.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055733/; classtype:trojan-activity;sid:83918833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.238.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055732/; classtype:trojan-activity;sid:83918832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055730)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.95.233"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055730/; classtype:trojan-activity;sid:83918830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055731/; classtype:trojan-activity;sid:83918831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.167.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055729/; classtype:trojan-activity;sid:83918829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.248.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055728/; classtype:trojan-activity;sid:83918828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.215.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055727/; classtype:trojan-activity;sid:83918827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.181.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055726/; classtype:trojan-activity;sid:83918826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.2.106"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055725/; classtype:trojan-activity;sid:83918825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.100.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055724/; classtype:trojan-activity;sid:83918824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.144.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055723/; classtype:trojan-activity;sid:83918823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.231.167.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055722/; classtype:trojan-activity;sid:83918822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.160.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055721/; classtype:trojan-activity;sid:83918821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.9.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055720/; classtype:trojan-activity;sid:83918820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.179.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055719/; classtype:trojan-activity;sid:83918819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.113.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055718/; classtype:trojan-activity;sid:83918818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.197.174.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055717/; classtype:trojan-activity;sid:83918817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.71.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055716/; classtype:trojan-activity;sid:83918816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.69.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055715/; classtype:trojan-activity;sid:83918815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.175.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055714/; classtype:trojan-activity;sid:83918814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055713)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.173.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055713/; classtype:trojan-activity;sid:83918813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055712)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"73.171.230.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055712/; classtype:trojan-activity;sid:83918812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055711)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.154.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055711/; classtype:trojan-activity;sid:83918811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.132.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055710/; classtype:trojan-activity;sid:83918810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.124.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055709/; classtype:trojan-activity;sid:83918809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.162.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055708/; classtype:trojan-activity;sid:83918808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.93.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055707/; classtype:trojan-activity;sid:83918807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055706)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.21.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055706/; classtype:trojan-activity;sid:83918806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.195.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055704/; classtype:trojan-activity;sid:83918804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.52.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055705/; classtype:trojan-activity;sid:83918805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055703)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055703/; classtype:trojan-activity;sid:83918803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.196.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055702/; classtype:trojan-activity;sid:83918802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055698)"; flow:established,from_client; content:"GET"; http_method; content:"/prog/66990947b9f24_crypted.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"79.137.192.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055698/; classtype:trojan-activity;sid:83918798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055699)"; flow:established,from_client; content:"GET"; http_method; content:"/prog/669bd79ba7b76_crypted.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"79.137.192.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055699/; classtype:trojan-activity;sid:83918799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055700)"; flow:established,from_client; content:"GET"; http_method; content:"/prog/6699582c986e9_appdrivevideo.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"79.137.192.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055700/; classtype:trojan-activity;sid:83918800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.118.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055701/; classtype:trojan-activity;sid:83918801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.133.102.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055697/; classtype:trojan-activity;sid:83918797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055695)"; flow:established,from_client; content:"GET"; http_method; content:"/selectex-file-host/svhosts.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.196.10.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055695/; classtype:trojan-activity;sid:83918795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055696)"; flow:established,from_client; content:"GET"; http_method; content:"/prog/669a659129ee2_crypted.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"79.137.192.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055696/; classtype:trojan-activity;sid:83918796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.238.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055694/; classtype:trojan-activity;sid:83918794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.26.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055693/; classtype:trojan-activity;sid:83918793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.181.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055692/; classtype:trojan-activity;sid:83918792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.180.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055691/; classtype:trojan-activity;sid:83918791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.35.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055690/; classtype:trojan-activity;sid:83918790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055689)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.228.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055689/; classtype:trojan-activity;sid:83918789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.167.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055688/; classtype:trojan-activity;sid:83918788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.248.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055687/; classtype:trojan-activity;sid:83918787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.8.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055685/; classtype:trojan-activity;sid:83918785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055686)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.44.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055686/; classtype:trojan-activity;sid:83918786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.90.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055683/; classtype:trojan-activity;sid:83918783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.149.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055684/; classtype:trojan-activity;sid:83918784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.17.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055681/; classtype:trojan-activity;sid:83918781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.166.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055682/; classtype:trojan-activity;sid:83918782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.141.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055680/; classtype:trojan-activity;sid:83918780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.227.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055679/; classtype:trojan-activity;sid:83918779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.71.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055677/; classtype:trojan-activity;sid:83918777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.13.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055678/; classtype:trojan-activity;sid:83918778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.17.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055676/; classtype:trojan-activity;sid:83918776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.9.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055675/; classtype:trojan-activity;sid:83918775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.19.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055673/; classtype:trojan-activity;sid:83918773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.138.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055674/; classtype:trojan-activity;sid:83918774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.71.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055672/; classtype:trojan-activity;sid:83918772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.68.142.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055670/; classtype:trojan-activity;sid:83918770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.197.174.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055671/; classtype:trojan-activity;sid:83918771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.69.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055669/; classtype:trojan-activity;sid:83918769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055668/; classtype:trojan-activity;sid:83918768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.228.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055667/; classtype:trojan-activity;sid:83918767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.242.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055666/; classtype:trojan-activity;sid:83918766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.252.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055664/; classtype:trojan-activity;sid:83918764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.195.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055665/; classtype:trojan-activity;sid:83918765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055662)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.252.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055662/; classtype:trojan-activity;sid:83918762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055663)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.11.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055663/; classtype:trojan-activity;sid:83918763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.180.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055661/; classtype:trojan-activity;sid:83918761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.242.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055660/; classtype:trojan-activity;sid:83918760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.93.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055659/; classtype:trojan-activity;sid:83918759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.225.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055658/; classtype:trojan-activity;sid:83918758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.34.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055656/; classtype:trojan-activity;sid:83918756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.112.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055657/; classtype:trojan-activity;sid:83918757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.167.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055655/; classtype:trojan-activity;sid:83918755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.148.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055654/; classtype:trojan-activity;sid:83918754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.91.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055653/; classtype:trojan-activity;sid:83918753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.124.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055652/; classtype:trojan-activity;sid:83918752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055651)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055651/; classtype:trojan-activity;sid:83918751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.123.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055650/; classtype:trojan-activity;sid:83918750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055649)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.247.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055649/; classtype:trojan-activity;sid:83918749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.212.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055648/; classtype:trojan-activity;sid:83918748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.137.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055647/; classtype:trojan-activity;sid:83918747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.175.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055646/; classtype:trojan-activity;sid:83918746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.51.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055645/; classtype:trojan-activity;sid:83918745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.96.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055644/; classtype:trojan-activity;sid:83918744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.60.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055643/; classtype:trojan-activity;sid:83918743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.13.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055641/; classtype:trojan-activity;sid:83918741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.223.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055642/; classtype:trojan-activity;sid:83918742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.90.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055640/; classtype:trojan-activity;sid:83918740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.126.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055639/; classtype:trojan-activity;sid:83918739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.138.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055638/; classtype:trojan-activity;sid:83918738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.43.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055637/; classtype:trojan-activity;sid:83918737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.149.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055636/; classtype:trojan-activity;sid:83918736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.255.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055635/; classtype:trojan-activity;sid:83918735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.116.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055634/; classtype:trojan-activity;sid:83918734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.189.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055633/; classtype:trojan-activity;sid:83918733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.71.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055632/; classtype:trojan-activity;sid:83918732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.19.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055630/; classtype:trojan-activity;sid:83918730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.225.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055631/; classtype:trojan-activity;sid:83918731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055629)"; flow:established,from_client; content:"GET"; http_method; content:"/prog/669a08aa861a2_filemanager.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"79.137.192.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055629/; classtype:trojan-activity;sid:83918729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.228.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055628/; classtype:trojan-activity;sid:83918728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.173.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055627/; classtype:trojan-activity;sid:83918727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055626)"; flow:established,from_client; content:"GET"; http_method; content:"/selectex-file-host/567jn7x.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.196.10.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055626/; classtype:trojan-activity;sid:83918726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.56.251.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055625/; classtype:trojan-activity;sid:83918725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055624)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.133.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055624/; classtype:trojan-activity;sid:83918724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.124.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055623/; classtype:trojan-activity;sid:83918723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.119.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055621/; classtype:trojan-activity;sid:83918721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055622)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.34.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055622/; classtype:trojan-activity;sid:83918722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.81.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055619/; classtype:trojan-activity;sid:83918719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.167.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055620/; classtype:trojan-activity;sid:83918720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.61.93.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055618/; classtype:trojan-activity;sid:83918718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.200.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055617/; classtype:trojan-activity;sid:83918717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.212.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055616/; classtype:trojan-activity;sid:83918716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.29.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055615/; classtype:trojan-activity;sid:83918715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.126.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055614/; classtype:trojan-activity;sid:83918714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.22.216.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055613/; classtype:trojan-activity;sid:83918713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.205.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055612/; classtype:trojan-activity;sid:83918712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.141.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055611/; classtype:trojan-activity;sid:83918711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.119.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055610/; classtype:trojan-activity;sid:83918710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.144.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055609/; classtype:trojan-activity;sid:83918709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.228.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055607/; classtype:trojan-activity;sid:83918707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.123.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055608/; classtype:trojan-activity;sid:83918708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.137.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055606/; classtype:trojan-activity;sid:83918706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.122.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055604/; classtype:trojan-activity;sid:83918704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.145.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055605/; classtype:trojan-activity;sid:83918705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055603)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.225.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055603/; classtype:trojan-activity;sid:83918703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.4.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055601/; classtype:trojan-activity;sid:83918701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.4.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055602/; classtype:trojan-activity;sid:83918702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.9.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055600/; classtype:trojan-activity;sid:83918700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.247.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055599/; classtype:trojan-activity;sid:83918699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.199.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055598/; classtype:trojan-activity;sid:83918698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.13.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055597/; classtype:trojan-activity;sid:83918697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.173.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055596/; classtype:trojan-activity;sid:83918696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.114.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055595/; classtype:trojan-activity;sid:83918695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.97.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055594/; classtype:trojan-activity;sid:83918694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.181.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055592/; classtype:trojan-activity;sid:83918692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.40.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055593/; classtype:trojan-activity;sid:83918693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.226.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055591/; classtype:trojan-activity;sid:83918691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.112.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055590/; classtype:trojan-activity;sid:83918690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055589)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.126.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055589/; classtype:trojan-activity;sid:83918689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055588)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.233.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055588/; classtype:trojan-activity;sid:83918688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055587)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.191.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055587/; classtype:trojan-activity;sid:83918687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055586)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.173.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055586/; classtype:trojan-activity;sid:83918686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.163.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055585/; classtype:trojan-activity;sid:83918685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.179.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055583/; classtype:trojan-activity;sid:83918683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.169.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055584/; classtype:trojan-activity;sid:83918684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.10.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055582/; classtype:trojan-activity;sid:83918682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.175.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055581/; classtype:trojan-activity;sid:83918681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.141.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055580/; classtype:trojan-activity;sid:83918680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.232.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055579/; classtype:trojan-activity;sid:83918679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.64.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055578/; classtype:trojan-activity;sid:83918678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.217.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055577/; classtype:trojan-activity;sid:83918677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.173.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055575/; classtype:trojan-activity;sid:83918675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.205.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055576/; classtype:trojan-activity;sid:83918676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.223.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055574/; classtype:trojan-activity;sid:83918674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.108.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055573/; classtype:trojan-activity;sid:83918673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.51.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055571/; classtype:trojan-activity;sid:83918671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.98.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055572/; classtype:trojan-activity;sid:83918672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.230.27.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055570/; classtype:trojan-activity;sid:83918670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.122.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055569/; classtype:trojan-activity;sid:83918669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.172.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055568/; classtype:trojan-activity;sid:83918668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.145.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055566/; classtype:trojan-activity;sid:83918666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.4.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055567/; classtype:trojan-activity;sid:83918667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055565)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.4.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055565/; classtype:trojan-activity;sid:83918665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.228.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055564/; classtype:trojan-activity;sid:83918664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.4.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055563/; classtype:trojan-activity;sid:83918663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.13.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055562/; classtype:trojan-activity;sid:83918662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.114.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055560/; classtype:trojan-activity;sid:83918660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.191.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055561/; classtype:trojan-activity;sid:83918661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055559/; classtype:trojan-activity;sid:83918659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.171.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055558/; classtype:trojan-activity;sid:83918658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.162.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055557/; classtype:trojan-activity;sid:83918657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055556)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.98.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055556/; classtype:trojan-activity;sid:83918656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.227.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055555/; classtype:trojan-activity;sid:83918655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055554)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.176.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055554/; classtype:trojan-activity;sid:83918654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055553)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.91.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055553/; classtype:trojan-activity;sid:83918653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055552)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.170.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055552/; classtype:trojan-activity;sid:83918652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055550)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.61.93.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055550/; classtype:trojan-activity;sid:83918650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055551/; classtype:trojan-activity;sid:83918651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055549)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.178.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055549/; classtype:trojan-activity;sid:83918649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055546)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.185.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055546/; classtype:trojan-activity;sid:83918646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.232.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055547/; classtype:trojan-activity;sid:83918647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.43.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055548/; classtype:trojan-activity;sid:83918648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.192.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055545/; classtype:trojan-activity;sid:83918645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.163.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055544/; classtype:trojan-activity;sid:83918644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.217.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055543/; classtype:trojan-activity;sid:83918643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.114.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055541/; classtype:trojan-activity;sid:83918641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.178.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055542/; classtype:trojan-activity;sid:83918642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.169.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055540/; classtype:trojan-activity;sid:83918640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.64.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055539/; classtype:trojan-activity;sid:83918639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.201.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055538/; classtype:trojan-activity;sid:83918638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.11.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055537/; classtype:trojan-activity;sid:83918637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.113.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055536/; classtype:trojan-activity;sid:83918636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.20.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055535/; classtype:trojan-activity;sid:83918635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.97.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055534/; classtype:trojan-activity;sid:83918634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.14.57.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055533/; classtype:trojan-activity;sid:83918633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.230.27.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055532/; classtype:trojan-activity;sid:83918632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055530)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.242.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055530/; classtype:trojan-activity;sid:83918630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055531)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.91.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055531/; classtype:trojan-activity;sid:83918631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.125.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055527/; classtype:trojan-activity;sid:83918627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.114.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055528/; classtype:trojan-activity;sid:83918628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.43.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055529/; classtype:trojan-activity;sid:83918629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055526)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.14.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055526/; classtype:trojan-activity;sid:83918626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055525)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.47.89.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055525/; classtype:trojan-activity;sid:83918625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.199.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055524/; classtype:trojan-activity;sid:83918624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.171.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055523/; classtype:trojan-activity;sid:83918623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.166.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055521/; classtype:trojan-activity;sid:83918621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.254.204.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055522/; classtype:trojan-activity;sid:83918622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.216.152.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055520/; classtype:trojan-activity;sid:83918620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.175.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055519/; classtype:trojan-activity;sid:83918619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.150.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055518/; classtype:trojan-activity;sid:83918618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.252.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055516/; classtype:trojan-activity;sid:83918616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.23.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055517/; classtype:trojan-activity;sid:83918617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055514)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.103.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055514/; classtype:trojan-activity;sid:83918614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055515)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.29.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055515/; classtype:trojan-activity;sid:83918615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055513)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.62.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055513/; classtype:trojan-activity;sid:83918613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055512)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.177.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055512/; classtype:trojan-activity;sid:83918612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055510)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055510/; classtype:trojan-activity;sid:83918610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.101.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055511/; classtype:trojan-activity;sid:83918611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.178.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055509/; classtype:trojan-activity;sid:83918609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055508)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.173.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055508/; classtype:trojan-activity;sid:83918608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.126.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055507/; classtype:trojan-activity;sid:83918607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.139.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055506/; classtype:trojan-activity;sid:83918606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.164.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055505/; classtype:trojan-activity;sid:83918605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.113.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055504/; classtype:trojan-activity;sid:83918604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055503)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.14.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055503/; classtype:trojan-activity;sid:83918603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.153.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055502/; classtype:trojan-activity;sid:83918602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.14.57.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055501/; classtype:trojan-activity;sid:83918601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.214.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055500/; classtype:trojan-activity;sid:83918600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.117.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055499/; classtype:trojan-activity;sid:83918599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055498)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.254.204.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055498/; classtype:trojan-activity;sid:83918598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.107.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055497/; classtype:trojan-activity;sid:83918597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.117.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055496/; classtype:trojan-activity;sid:83918596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055494/; classtype:trojan-activity;sid:83918594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.185.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055495/; classtype:trojan-activity;sid:83918595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.206.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055492/; classtype:trojan-activity;sid:83918592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.208.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055493/; classtype:trojan-activity;sid:83918593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.1.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055491/; classtype:trojan-activity;sid:83918591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.252.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055490/; classtype:trojan-activity;sid:83918590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.196.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055489/; classtype:trojan-activity;sid:83918589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.107.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055488/; classtype:trojan-activity;sid:83918588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.211.214.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055487/; classtype:trojan-activity;sid:83918587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.136.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055486/; classtype:trojan-activity;sid:83918586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.13.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055485/; classtype:trojan-activity;sid:83918585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.23.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055484/; classtype:trojan-activity;sid:83918584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055483)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.247.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055483/; classtype:trojan-activity;sid:83918583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055482)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.87.112"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055482/; classtype:trojan-activity;sid:83918582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.126.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055481/; classtype:trojan-activity;sid:83918581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.252.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055480/; classtype:trojan-activity;sid:83918580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.229.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055479/; classtype:trojan-activity;sid:83918579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.107.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055478/; classtype:trojan-activity;sid:83918578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055477)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.153.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055477/; classtype:trojan-activity;sid:83918577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.117.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055476/; classtype:trojan-activity;sid:83918576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.108.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055475/; classtype:trojan-activity;sid:83918575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055474)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.90.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055474/; classtype:trojan-activity;sid:83918574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055473)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.95.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055473/; classtype:trojan-activity;sid:83918573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055472)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.228.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055472/; classtype:trojan-activity;sid:83918572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.252.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055471/; classtype:trojan-activity;sid:83918571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055470)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.151.192.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055470/; classtype:trojan-activity;sid:83918570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.125.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055468/; classtype:trojan-activity;sid:83918568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055469)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.128.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055469/; classtype:trojan-activity;sid:83918569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.24.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055467/; classtype:trojan-activity;sid:83918567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.54.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055466/; classtype:trojan-activity;sid:83918566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.107.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055465/; classtype:trojan-activity;sid:83918565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.255.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055464/; classtype:trojan-activity;sid:83918564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.35.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055463/; classtype:trojan-activity;sid:83918563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.163.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055462/; classtype:trojan-activity;sid:83918562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.196.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055461/; classtype:trojan-activity;sid:83918561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.88.224.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055460/; classtype:trojan-activity;sid:83918560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.167.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055458/; classtype:trojan-activity;sid:83918558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.65.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055459/; classtype:trojan-activity;sid:83918559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.219.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055457/; classtype:trojan-activity;sid:83918557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.136.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055456/; classtype:trojan-activity;sid:83918556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.29.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055455/; classtype:trojan-activity;sid:83918555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.208.180.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055454/; classtype:trojan-activity;sid:83918554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.214.8.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055453/; classtype:trojan-activity;sid:83918553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.10.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055452/; classtype:trojan-activity;sid:83918552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.238.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055450/; classtype:trojan-activity;sid:83918550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.5.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055451/; classtype:trojan-activity;sid:83918551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.1.52"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055449/; classtype:trojan-activity;sid:83918549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.211.214.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055448/; classtype:trojan-activity;sid:83918548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.181.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055447/; classtype:trojan-activity;sid:83918547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.159.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055446/; classtype:trojan-activity;sid:83918546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055445)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.163.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055445/; classtype:trojan-activity;sid:83918545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.249.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055444/; classtype:trojan-activity;sid:83918544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.135.183.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055443/; classtype:trojan-activity;sid:83918543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.71.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055441/; classtype:trojan-activity;sid:83918541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.122.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055442/; classtype:trojan-activity;sid:83918542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.54.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055440/; classtype:trojan-activity;sid:83918540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.228.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055439/; classtype:trojan-activity;sid:83918539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.212.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055438/; classtype:trojan-activity;sid:83918538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.15.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055437/; classtype:trojan-activity;sid:83918537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.108.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055436/; classtype:trojan-activity;sid:83918536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.249.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055435/; classtype:trojan-activity;sid:83918535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.125.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055434/; classtype:trojan-activity;sid:83918534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.56.233.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055433/; classtype:trojan-activity;sid:83918533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055432)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.119.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055432/; classtype:trojan-activity;sid:83918532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.255.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055431/; classtype:trojan-activity;sid:83918531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055430)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.182.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055430/; classtype:trojan-activity;sid:83918530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055429)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.12.22"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055429/; classtype:trojan-activity;sid:83918529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055427)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.231.60.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055427/; classtype:trojan-activity;sid:83918527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055428)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.160.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055428/; classtype:trojan-activity;sid:83918528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.10.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055426/; classtype:trojan-activity;sid:83918526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.219.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055425/; classtype:trojan-activity;sid:83918525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.65.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055424/; classtype:trojan-activity;sid:83918524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.143.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055422/; classtype:trojan-activity;sid:83918522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.181.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055423/; classtype:trojan-activity;sid:83918523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055421)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.187.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055421/; classtype:trojan-activity;sid:83918521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.14.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055420/; classtype:trojan-activity;sid:83918520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.113.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055419/; classtype:trojan-activity;sid:83918519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.8.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055418/; classtype:trojan-activity;sid:83918518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.198.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055417/; classtype:trojan-activity;sid:83918517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.1.52"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055416/; classtype:trojan-activity;sid:83918516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.229.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055415/; classtype:trojan-activity;sid:83918515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.167.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055414/; classtype:trojan-activity;sid:83918514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055412)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.228.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055412/; classtype:trojan-activity;sid:83918512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055413)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.218.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055413/; classtype:trojan-activity;sid:83918513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055411)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.179.181.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055411/; classtype:trojan-activity;sid:83918511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.172.188.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055408/; classtype:trojan-activity;sid:83918508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.84.253.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055409/; classtype:trojan-activity;sid:83918509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.148.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055410/; classtype:trojan-activity;sid:83918510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.222.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055407/; classtype:trojan-activity;sid:83918507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.29.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055406/; classtype:trojan-activity;sid:83918506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.122.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055405/; classtype:trojan-activity;sid:83918505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.141.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055403/; classtype:trojan-activity;sid:83918503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.64.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055404/; classtype:trojan-activity;sid:83918504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.217.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055402/; classtype:trojan-activity;sid:83918502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.181.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055401/; classtype:trojan-activity;sid:83918501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.15.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055400/; classtype:trojan-activity;sid:83918500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.154.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055399/; classtype:trojan-activity;sid:83918499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.95.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055397/; classtype:trojan-activity;sid:83918497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.236.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055398/; classtype:trojan-activity;sid:83918498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055396)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.149.255.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055396/; classtype:trojan-activity;sid:83918496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.71.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055395/; classtype:trojan-activity;sid:83918495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055394)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.85.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055394/; classtype:trojan-activity;sid:83918494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055393)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.232.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055393/; classtype:trojan-activity;sid:83918493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.112.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055392/; classtype:trojan-activity;sid:83918492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.62.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055391/; classtype:trojan-activity;sid:83918491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055390/; classtype:trojan-activity;sid:83918490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.128.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055389/; classtype:trojan-activity;sid:83918489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.162.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055388/; classtype:trojan-activity;sid:83918488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.234.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055387/; classtype:trojan-activity;sid:83918487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.17.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055386/; classtype:trojan-activity;sid:83918486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.81.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055384/; classtype:trojan-activity;sid:83918484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055385)"; flow:established,from_client; content:"GET"; http_method; content:"/doc869877400_678925691|3f|hash=70zzv7czl7rmplvca7vc3nbybecf6jeq6nck7vwhfhc|7c|26|7c|dl=vodawin7zzqfj8y5nrpwva3wbcuut4ufcya6s87iynk|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055385/; classtype:trojan-activity;sid:83918485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.198.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055383/; classtype:trojan-activity;sid:83918483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.143.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055382/; classtype:trojan-activity;sid:83918482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.180.140.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055381/; classtype:trojan-activity;sid:83918481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.1.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055380/; classtype:trojan-activity;sid:83918480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.140.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055378/; classtype:trojan-activity;sid:83918478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055379)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.248.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055379/; classtype:trojan-activity;sid:83918479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055376)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.225.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055376/; classtype:trojan-activity;sid:83918476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055377)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.116.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055377/; classtype:trojan-activity;sid:83918477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055375)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.199.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055375/; classtype:trojan-activity;sid:83918475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.222.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055374/; classtype:trojan-activity;sid:83918474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.24.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055373/; classtype:trojan-activity;sid:83918473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.237.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055372/; classtype:trojan-activity;sid:83918472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.214.44.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055371/; classtype:trojan-activity;sid:83918471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.107.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055370/; classtype:trojan-activity;sid:83918470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.236.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055369/; classtype:trojan-activity;sid:83918469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.217.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055368/; classtype:trojan-activity;sid:83918468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.141.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055367/; classtype:trojan-activity;sid:83918467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.229.207.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055366/; classtype:trojan-activity;sid:83918466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.112.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055365/; classtype:trojan-activity;sid:83918465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055364)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.161.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055364/; classtype:trojan-activity;sid:83918464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.198.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055363/; classtype:trojan-activity;sid:83918463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.172.188.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055362/; classtype:trojan-activity;sid:83918462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.135.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055361/; classtype:trojan-activity;sid:83918461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.81.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055360/; classtype:trojan-activity;sid:83918460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.132.162.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055359/; classtype:trojan-activity;sid:83918459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.30.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055358/; classtype:trojan-activity;sid:83918458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.161.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055357/; classtype:trojan-activity;sid:83918457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.80.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055356/; classtype:trojan-activity;sid:83918456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.38.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055355/; classtype:trojan-activity;sid:83918455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.125.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055354/; classtype:trojan-activity;sid:83918454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055353)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.213.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055353/; classtype:trojan-activity;sid:83918453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055352)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.125.113.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055352/; classtype:trojan-activity;sid:83918452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.81.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055351/; classtype:trojan-activity;sid:83918451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055350)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.166.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055350/; classtype:trojan-activity;sid:83918450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055349)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.44.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055349/; classtype:trojan-activity;sid:83918449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055348)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.36.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055348/; classtype:trojan-activity;sid:83918448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055347)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.221.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055347/; classtype:trojan-activity;sid:83918447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055346)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.244.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055346/; classtype:trojan-activity;sid:83918446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.74.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055345/; classtype:trojan-activity;sid:83918445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.24.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055344/; classtype:trojan-activity;sid:83918444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055343)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.3.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3055343/; classtype:trojan-activity;sid:83918443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.229.207.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055342/; classtype:trojan-activity;sid:83918442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.65.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055341/; classtype:trojan-activity;sid:83918441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.163.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055340/; classtype:trojan-activity;sid:83918440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.225.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055339/; classtype:trojan-activity;sid:83918439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.24.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055338/; classtype:trojan-activity;sid:83918438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.197.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055337/; classtype:trojan-activity;sid:83918437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055336)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.229.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055336/; classtype:trojan-activity;sid:83918436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055332)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.7.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055332/; classtype:trojan-activity;sid:83918432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055333)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.66.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055333/; classtype:trojan-activity;sid:83918433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055334)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.185.140.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055334/; classtype:trojan-activity;sid:83918434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055335)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.91.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055335/; classtype:trojan-activity;sid:83918435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.20.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055331/; classtype:trojan-activity;sid:83918431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.191.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055330/; classtype:trojan-activity;sid:83918430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.38.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055329/; classtype:trojan-activity;sid:83918429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.89.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055328/; classtype:trojan-activity;sid:83918428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.212.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055327/; classtype:trojan-activity;sid:83918427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.181.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055325/; classtype:trojan-activity;sid:83918425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.162.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055326/; classtype:trojan-activity;sid:83918426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.140.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055324/; classtype:trojan-activity;sid:83918424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055323)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.80.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055323/; classtype:trojan-activity;sid:83918423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.240.192.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055322/; classtype:trojan-activity;sid:83918422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.3.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055321/; classtype:trojan-activity;sid:83918421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.81.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055320/; classtype:trojan-activity;sid:83918420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.24.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055319/; classtype:trojan-activity;sid:83918419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.125.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055318/; classtype:trojan-activity;sid:83918418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.180.184.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055317/; classtype:trojan-activity;sid:83918417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055316)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.52.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055316/; classtype:trojan-activity;sid:83918416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.74.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055315/; classtype:trojan-activity;sid:83918415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.143.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055314/; classtype:trojan-activity;sid:83918414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.163.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055313/; classtype:trojan-activity;sid:83918413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.225.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055312/; classtype:trojan-activity;sid:83918412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055311)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.197.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055311/; classtype:trojan-activity;sid:83918411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.207.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055310/; classtype:trojan-activity;sid:83918410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.24.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055309/; classtype:trojan-activity;sid:83918409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.233.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055308/; classtype:trojan-activity;sid:83918408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055307)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.218.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055307/; classtype:trojan-activity;sid:83918407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.127.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055306/; classtype:trojan-activity;sid:83918406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055305)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.122.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055305/; classtype:trojan-activity;sid:83918405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.218.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055303/; classtype:trojan-activity;sid:83918403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.233.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055304/; classtype:trojan-activity;sid:83918404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055302)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.180.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055302/; classtype:trojan-activity;sid:83918402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.20.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055298/; classtype:trojan-activity;sid:83918398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055299)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.124.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055299/; classtype:trojan-activity;sid:83918399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055300)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.167.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055300/; classtype:trojan-activity;sid:83918400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.96.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055301/; classtype:trojan-activity;sid:83918401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055295)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.154.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055295/; classtype:trojan-activity;sid:83918395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055296)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.206.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055296/; classtype:trojan-activity;sid:83918396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055297)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.81.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055297/; classtype:trojan-activity;sid:83918397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.160.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055294/; classtype:trojan-activity;sid:83918394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.163.249.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055293/; classtype:trojan-activity;sid:83918393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.39.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055292/; classtype:trojan-activity;sid:83918392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.202.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055290/; classtype:trojan-activity;sid:83918390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.170.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055291/; classtype:trojan-activity;sid:83918391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.174.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055288/; classtype:trojan-activity;sid:83918388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.239.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055289/; classtype:trojan-activity;sid:83918389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.8.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055287/; classtype:trojan-activity;sid:83918387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.207.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055286/; classtype:trojan-activity;sid:83918386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055285)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.171.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055285/; classtype:trojan-activity;sid:83918385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055283)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.112.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055283/; classtype:trojan-activity;sid:83918383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.217.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055284/; classtype:trojan-activity;sid:83918384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.180.184.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055282/; classtype:trojan-activity;sid:83918382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.92.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055281/; classtype:trojan-activity;sid:83918381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.254.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055280/; classtype:trojan-activity;sid:83918380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.218.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055279/; classtype:trojan-activity;sid:83918379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.64.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055278/; classtype:trojan-activity;sid:83918378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.207.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055277/; classtype:trojan-activity;sid:83918377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.196.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055276/; classtype:trojan-activity;sid:83918376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.97.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055275/; classtype:trojan-activity;sid:83918375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.49.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055274/; classtype:trojan-activity;sid:83918374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.143.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055273/; classtype:trojan-activity;sid:83918373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.127.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055272/; classtype:trojan-activity;sid:83918372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.233.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055271/; classtype:trojan-activity;sid:83918371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.207.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055270/; classtype:trojan-activity;sid:83918370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.160.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055269/; classtype:trojan-activity;sid:83918369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.251.2.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055268/; classtype:trojan-activity;sid:83918368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055267)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.191.82.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055267/; classtype:trojan-activity;sid:83918367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.202.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055264/; classtype:trojan-activity;sid:83918364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055265)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.84.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055265/; classtype:trojan-activity;sid:83918365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.139.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055266/; classtype:trojan-activity;sid:83918366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.90.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055263/; classtype:trojan-activity;sid:83918363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.8.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055262/; classtype:trojan-activity;sid:83918362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.35.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055261/; classtype:trojan-activity;sid:83918361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.192.255.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055258/; classtype:trojan-activity;sid:83918358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.171.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055259/; classtype:trojan-activity;sid:83918359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.205.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055260/; classtype:trojan-activity;sid:83918360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.128.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055257/; classtype:trojan-activity;sid:83918357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.90.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055256/; classtype:trojan-activity;sid:83918356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.244.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055255/; classtype:trojan-activity;sid:83918355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.92.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055254/; classtype:trojan-activity;sid:83918354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.49.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055252/; classtype:trojan-activity;sid:83918352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.203.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055253/; classtype:trojan-activity;sid:83918353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055251)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.180.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055251/; classtype:trojan-activity;sid:83918351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055250)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.216.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055250/; classtype:trojan-activity;sid:83918350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055248)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.214.157.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055248/; classtype:trojan-activity;sid:83918348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055249)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.126.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055249/; classtype:trojan-activity;sid:83918349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.199.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055247/; classtype:trojan-activity;sid:83918347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.64.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055246/; classtype:trojan-activity;sid:83918346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.91.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055245/; classtype:trojan-activity;sid:83918345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.196.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055244/; classtype:trojan-activity;sid:83918344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.248.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055243/; classtype:trojan-activity;sid:83918343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.19.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055242/; classtype:trojan-activity;sid:83918342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.110.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055241/; classtype:trojan-activity;sid:83918341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.205.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055240/; classtype:trojan-activity;sid:83918340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.67.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055239/; classtype:trojan-activity;sid:83918339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.43.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055237/; classtype:trojan-activity;sid:83918337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055238)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.212.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055238/; classtype:trojan-activity;sid:83918338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055236)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.85.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055236/; classtype:trojan-activity;sid:83918336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055235)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.227.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055235/; classtype:trojan-activity;sid:83918335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055234)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.79.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055234/; classtype:trojan-activity;sid:83918334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055231)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.211.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055231/; classtype:trojan-activity;sid:83918331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.50.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055232/; classtype:trojan-activity;sid:83918332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055233)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.183.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055233/; classtype:trojan-activity;sid:83918333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.192.255.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055230/; classtype:trojan-activity;sid:83918330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.97.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055229/; classtype:trojan-activity;sid:83918329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.109.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055227/; classtype:trojan-activity;sid:83918327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.171.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055228/; classtype:trojan-activity;sid:83918328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.35.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055226/; classtype:trojan-activity;sid:83918326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.23.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055225/; classtype:trojan-activity;sid:83918325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.82.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055224/; classtype:trojan-activity;sid:83918324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.199.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055223/; classtype:trojan-activity;sid:83918323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055222)"; flow:established,from_client; content:"GET"; http_method; content:"/doc869877400_678925541|3f|hash=9ssc1fpezqfnc1un7lanx3uzyrherco09wstdp5w830|7c|26|7c|dl=mk6ojsizvvaobyi1g2qlz12mezdcihljabedeukqdiw|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055222/; classtype:trojan-activity;sid:83918322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.203.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055220/; classtype:trojan-activity;sid:83918320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055221)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.49.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055221/; classtype:trojan-activity;sid:83918321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.248.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055219/; classtype:trojan-activity;sid:83918319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055218)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.184.135.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055218/; classtype:trojan-activity;sid:83918318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.91.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055217/; classtype:trojan-activity;sid:83918317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.97.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055216/; classtype:trojan-activity;sid:83918316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.254.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055215/; classtype:trojan-activity;sid:83918315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.176.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055214/; classtype:trojan-activity;sid:83918314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.166.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055213/; classtype:trojan-activity;sid:83918313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.180.110.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055212/; classtype:trojan-activity;sid:83918312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055210)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.38.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055210/; classtype:trojan-activity;sid:83918310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.52.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055211/; classtype:trojan-activity;sid:83918311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.50.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055209/; classtype:trojan-activity;sid:83918309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.242.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055207/; classtype:trojan-activity;sid:83918307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055208)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.97.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055208/; classtype:trojan-activity;sid:83918308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055205)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.92.97.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055205/; classtype:trojan-activity;sid:83918305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055206)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.170.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055206/; classtype:trojan-activity;sid:83918306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.10.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055204/; classtype:trojan-activity;sid:83918304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.23.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055203/; classtype:trojan-activity;sid:83918303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.109.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055202/; classtype:trojan-activity;sid:83918302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.128.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055200/; classtype:trojan-activity;sid:83918300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.78.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055201/; classtype:trojan-activity;sid:83918301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.82.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055199/; classtype:trojan-activity;sid:83918299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.70.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055197/; classtype:trojan-activity;sid:83918297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.53.154.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055198/; classtype:trojan-activity;sid:83918298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.4.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055196/; classtype:trojan-activity;sid:83918296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.11.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055194/; classtype:trojan-activity;sid:83918294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.183.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055195/; classtype:trojan-activity;sid:83918295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"76.81.220.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055193/; classtype:trojan-activity;sid:83918293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055192)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.221.58.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055192/; classtype:trojan-activity;sid:83918292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055191)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.217.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055191/; classtype:trojan-activity;sid:83918291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055190)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.208.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055190/; classtype:trojan-activity;sid:83918290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.1.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055188/; classtype:trojan-activity;sid:83918288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.184.135.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055189/; classtype:trojan-activity;sid:83918289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.97.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055187/; classtype:trojan-activity;sid:83918287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.239.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055186/; classtype:trojan-activity;sid:83918286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.57.222.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055185/; classtype:trojan-activity;sid:83918285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.6.211.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055184/; classtype:trojan-activity;sid:83918284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055183)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.161.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055183/; classtype:trojan-activity;sid:83918283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055181)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.235.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055181/; classtype:trojan-activity;sid:83918281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.163.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055182/; classtype:trojan-activity;sid:83918282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.236.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055180/; classtype:trojan-activity;sid:83918280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.52.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055179/; classtype:trojan-activity;sid:83918279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.176.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055178/; classtype:trojan-activity;sid:83918278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.180.110.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055177/; classtype:trojan-activity;sid:83918277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.10.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055176/; classtype:trojan-activity;sid:83918276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055175)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.53.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055175/; classtype:trojan-activity;sid:83918275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.240.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055174/; classtype:trojan-activity;sid:83918274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.137.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055173/; classtype:trojan-activity;sid:83918273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.183.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055172/; classtype:trojan-activity;sid:83918272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.53.154.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055171/; classtype:trojan-activity;sid:83918271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.43.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055170/; classtype:trojan-activity;sid:83918270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.20.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055169/; classtype:trojan-activity;sid:83918269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.226.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055168/; classtype:trojan-activity;sid:83918268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.206.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055167/; classtype:trojan-activity;sid:83918267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.11.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055166/; classtype:trojan-activity;sid:83918266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.81.220.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055165/; classtype:trojan-activity;sid:83918265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.198.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055163/; classtype:trojan-activity;sid:83918263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.237.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055164/; classtype:trojan-activity;sid:83918264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.239.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055162/; classtype:trojan-activity;sid:83918262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055161)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.15.204.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055161/; classtype:trojan-activity;sid:83918261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055158)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.152.227.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055158/; classtype:trojan-activity;sid:83918258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055159)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.96.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055159/; classtype:trojan-activity;sid:83918259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055160)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.130.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055160/; classtype:trojan-activity;sid:83918260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055156)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.179.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055156/; classtype:trojan-activity;sid:83918256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055157)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.206.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055157/; classtype:trojan-activity;sid:83918257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055155)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.212.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055155/; classtype:trojan-activity;sid:83918255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055154)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.41.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055154/; classtype:trojan-activity;sid:83918254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055153)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.40.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055153/; classtype:trojan-activity;sid:83918253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055151)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.156.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055151/; classtype:trojan-activity;sid:83918251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055152)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.151.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055152/; classtype:trojan-activity;sid:83918252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055149)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.247.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055149/; classtype:trojan-activity;sid:83918249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055150)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.172.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055150/; classtype:trojan-activity;sid:83918250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055148)"; flow:established,from_client; content:"GET"; http_method; content:"/git.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"vps.onlinejudgments.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055148/; classtype:trojan-activity;sid:83918248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055147)"; flow:established,from_client; content:"GET"; http_method; content:"/git.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"vps.onlinejudgments.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055147/; classtype:trojan-activity;sid:83918247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.81.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055146/; classtype:trojan-activity;sid:83918246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055145)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.190.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055145/; classtype:trojan-activity;sid:83918245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.222.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055144/; classtype:trojan-activity;sid:83918244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055142)"; flow:established,from_client; content:"GET"; http_method; content:"/test"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.171.181.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055142/; classtype:trojan-activity;sid:83918242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055143)"; flow:established,from_client; content:"GET"; http_method; content:"/i386"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.171.181.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055143/; classtype:trojan-activity;sid:83918243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055140)"; flow:established,from_client; content:"GET"; http_method; content:"/config.json"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.171.181.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055140/; classtype:trojan-activity;sid:83918240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055141)"; flow:established,from_client; content:"GET"; http_method; content:"/git.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.171.181.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055141/; classtype:trojan-activity;sid:83918241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055136)"; flow:established,from_client; content:"GET"; http_method; content:"/test"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vps.onlinejudgments.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055136/; classtype:trojan-activity;sid:83918236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055137)"; flow:established,from_client; content:"GET"; http_method; content:"/i386"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vps.onlinejudgments.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055137/; classtype:trojan-activity;sid:83918237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055138)"; flow:established,from_client; content:"GET"; http_method; content:"/i386"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vps.onlinejudgments.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055138/; classtype:trojan-activity;sid:83918238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.137.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055132/; classtype:trojan-activity;sid:83918232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055133)"; flow:established,from_client; content:"GET"; http_method; content:"/config.json"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"vps.onlinejudgments.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055133/; classtype:trojan-activity;sid:83918233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055134)"; flow:established,from_client; content:"GET"; http_method; content:"/config.json"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"vps.onlinejudgments.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055134/; classtype:trojan-activity;sid:83918234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055135)"; flow:established,from_client; content:"GET"; http_method; content:"/test"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vps.onlinejudgments.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055135/; classtype:trojan-activity;sid:83918235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.56.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055130/; classtype:trojan-activity;sid:83918230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.166.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055129/; classtype:trojan-activity;sid:83918229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.243.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055128/; classtype:trojan-activity;sid:83918228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055127)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.228.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055127/; classtype:trojan-activity;sid:83918227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055126)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.137.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055126/; classtype:trojan-activity;sid:83918226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055124)"; flow:established,from_client; content:"GET"; http_method; content:"/config.json"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.171.181.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055124/; classtype:trojan-activity;sid:83918224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055125)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.211.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055125/; classtype:trojan-activity;sid:83918225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.209.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055123/; classtype:trojan-activity;sid:83918223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.164.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055122/; classtype:trojan-activity;sid:83918222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.43.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055121/; classtype:trojan-activity;sid:83918221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055120)"; flow:established,from_client; content:"GET"; http_method; content:"/jadu/rt.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"officialphoenix.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055120/; classtype:trojan-activity;sid:83918220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055119)"; flow:established,from_client; content:"GET"; http_method; content:"/jadu/si.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"officialphoenix.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055119/; classtype:trojan-activity;sid:83918219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.53.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055118/; classtype:trojan-activity;sid:83918218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.89.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055117/; classtype:trojan-activity;sid:83918217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.237.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055116/; classtype:trojan-activity;sid:83918216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.1.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055115/; classtype:trojan-activity;sid:83918215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055111)"; flow:established,from_client; content:"GET"; http_method; content:"/res/data/i.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mailservicess.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055111/; classtype:trojan-activity;sid:83918211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055112)"; flow:established,from_client; content:"GET"; http_method; content:"/res/data/in.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mailservicess.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055112/; classtype:trojan-activity;sid:83918212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055113)"; flow:established,from_client; content:"GET"; http_method; content:"/res/data/i.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mailservicess.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055113/; classtype:trojan-activity;sid:83918213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055114)"; flow:established,from_client; content:"GET"; http_method; content:"/res/data/in.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mailservicess.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055114/; classtype:trojan-activity;sid:83918214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055103)"; flow:established,from_client; content:"GET"; http_method; content:"/res/data/i.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.5.212.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055103/; classtype:trojan-activity;sid:83918203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055104)"; flow:established,from_client; content:"GET"; http_method; content:"/res/data/in.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"194.5.212.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055104/; classtype:trojan-activity;sid:83918204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055105)"; flow:established,from_client; content:"GET"; http_method; content:"/res/data/in.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"194.5.212.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055105/; classtype:trojan-activity;sid:83918205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055106)"; flow:established,from_client; content:"GET"; http_method; content:"/res/data/up.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"194.5.212.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055106/; classtype:trojan-activity;sid:83918206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055107)"; flow:established,from_client; content:"GET"; http_method; content:"/res/data/up.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"194.5.212.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055107/; classtype:trojan-activity;sid:83918207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055108)"; flow:established,from_client; content:"GET"; http_method; content:"/res/data/up.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mailservicess.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055108/; classtype:trojan-activity;sid:83918208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055109)"; flow:established,from_client; content:"GET"; http_method; content:"/res/data/i.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.5.212.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055109/; classtype:trojan-activity;sid:83918209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055110)"; flow:established,from_client; content:"GET"; http_method; content:"/res/data/up.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mailservicess.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055110/; classtype:trojan-activity;sid:83918210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.206.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055102/; classtype:trojan-activity;sid:83918202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.112.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055101/; classtype:trojan-activity;sid:83918201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055100)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.43.109.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055100/; classtype:trojan-activity;sid:83918200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055099)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.8.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055099/; classtype:trojan-activity;sid:83918199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055098)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.170.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055098/; classtype:trojan-activity;sid:83918198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.197.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055097/; classtype:trojan-activity;sid:83918197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.117.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055096/; classtype:trojan-activity;sid:83918196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.107.99.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055095/; classtype:trojan-activity;sid:83918195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055094)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.209.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055094/; classtype:trojan-activity;sid:83918194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.165.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055092/; classtype:trojan-activity;sid:83918192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.224.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055093/; classtype:trojan-activity;sid:83918193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.164.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055091/; classtype:trojan-activity;sid:83918191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.166.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055090/; classtype:trojan-activity;sid:83918190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055088)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.229.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055088/; classtype:trojan-activity;sid:83918188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055089)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.96.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055089/; classtype:trojan-activity;sid:83918189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055087)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.119.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055087/; classtype:trojan-activity;sid:83918187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055086)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.58.167.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055086/; classtype:trojan-activity;sid:83918186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055085)"; flow:established,from_client; content:"GET"; http_method; content:"/bolonetwork.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"15.235.203.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055085/; classtype:trojan-activity;sid:83918185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.27.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055084/; classtype:trojan-activity;sid:83918184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.53.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055083/; classtype:trojan-activity;sid:83918183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055077)"; flow:established,from_client; content:"GET"; http_method; content:"/bolonetwork.x86_64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"15.235.203.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055077/; classtype:trojan-activity;sid:83918177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055078)"; flow:established,from_client; content:"GET"; http_method; content:"/bolonetwork.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"15.235.203.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055078/; classtype:trojan-activity;sid:83918178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055079)"; flow:established,from_client; content:"GET"; http_method; content:"/bolonetwork.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"15.235.203.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055079/; classtype:trojan-activity;sid:83918179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055080)"; flow:established,from_client; content:"GET"; http_method; content:"/bolonetwork.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"15.235.203.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055080/; classtype:trojan-activity;sid:83918180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055081)"; flow:established,from_client; content:"GET"; http_method; content:"/bolonetwork.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"15.235.203.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055081/; classtype:trojan-activity;sid:83918181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055082)"; flow:established,from_client; content:"GET"; http_method; content:"/bolonetwork.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"15.235.203.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055082/; classtype:trojan-activity;sid:83918182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.103.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055073/; classtype:trojan-activity;sid:83918173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055074)"; flow:established,from_client; content:"GET"; http_method; content:"/bolonetwork.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"15.235.203.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055074/; classtype:trojan-activity;sid:83918174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055075)"; flow:established,from_client; content:"GET"; http_method; content:"/bolonetwork.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"15.235.203.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055075/; classtype:trojan-activity;sid:83918175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055076)"; flow:established,from_client; content:"GET"; http_method; content:"/bolonetwork.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"15.235.203.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055076/; classtype:trojan-activity;sid:83918176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055072)"; flow:established,from_client; content:"GET"; http_method; content:"/data-package/6zmmkrzl/download/"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"filetransfer.io"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055072/; classtype:trojan-activity;sid:83918172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.39.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055071/; classtype:trojan-activity;sid:83918171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.207.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055070/; classtype:trojan-activity;sid:83918170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.26.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055069/; classtype:trojan-activity;sid:83918169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.89.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055068/; classtype:trojan-activity;sid:83918168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.112.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055067/; classtype:trojan-activity;sid:83918167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055066)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.107.99.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055066/; classtype:trojan-activity;sid:83918166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055065)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.172.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055065/; classtype:trojan-activity;sid:83918165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055064)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055064/; classtype:trojan-activity;sid:83918164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055063)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.8.209"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055063/; classtype:trojan-activity;sid:83918163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.197.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055061/; classtype:trojan-activity;sid:83918161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.69.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055062/; classtype:trojan-activity;sid:83918162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055060)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.207.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055060/; classtype:trojan-activity;sid:83918160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.61.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055059/; classtype:trojan-activity;sid:83918159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.244.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055058/; classtype:trojan-activity;sid:83918158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.10.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055057/; classtype:trojan-activity;sid:83918157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.205.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055056/; classtype:trojan-activity;sid:83918156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055055/; classtype:trojan-activity;sid:83918155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.224.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055054/; classtype:trojan-activity;sid:83918154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.103.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055052/; classtype:trojan-activity;sid:83918152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055053/; classtype:trojan-activity;sid:83918153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055051)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.254.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055051/; classtype:trojan-activity;sid:83918151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055049)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.127.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055049/; classtype:trojan-activity;sid:83918149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055050)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.129.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055050/; classtype:trojan-activity;sid:83918150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055046)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.146.233.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055046/; classtype:trojan-activity;sid:83918146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055047)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.171.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055047/; classtype:trojan-activity;sid:83918147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055048)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.43.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055048/; classtype:trojan-activity;sid:83918148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.27.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055045/; classtype:trojan-activity;sid:83918145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.39.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055044/; classtype:trojan-activity;sid:83918144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.42.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055043/; classtype:trojan-activity;sid:83918143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.217.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055042/; classtype:trojan-activity;sid:83918142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.10.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055041/; classtype:trojan-activity;sid:83918141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.39.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055040/; classtype:trojan-activity;sid:83918140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055039)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.74.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055039/; classtype:trojan-activity;sid:83918139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055038)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055038/; classtype:trojan-activity;sid:83918138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.167.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055037/; classtype:trojan-activity;sid:83918137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.218.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055036/; classtype:trojan-activity;sid:83918136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.38.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055035/; classtype:trojan-activity;sid:83918135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.205.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055034/; classtype:trojan-activity;sid:83918134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.61.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055033/; classtype:trojan-activity;sid:83918133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.170.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055032/; classtype:trojan-activity;sid:83918132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.143.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055031/; classtype:trojan-activity;sid:83918131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.75.157.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055030/; classtype:trojan-activity;sid:83918130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055029)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.113.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055029/; classtype:trojan-activity;sid:83918129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.175.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055026/; classtype:trojan-activity;sid:83918126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055027)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.38.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055027/; classtype:trojan-activity;sid:83918127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055028)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.230.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055028/; classtype:trojan-activity;sid:83918128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.239.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055025/; classtype:trojan-activity;sid:83918125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.124.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055024/; classtype:trojan-activity;sid:83918124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.247.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055023/; classtype:trojan-activity;sid:83918123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.224.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055022/; classtype:trojan-activity;sid:83918122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.10.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055021/; classtype:trojan-activity;sid:83918121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.73.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055020/; classtype:trojan-activity;sid:83918120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.116.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055019/; classtype:trojan-activity;sid:83918119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.4.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055018/; classtype:trojan-activity;sid:83918118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055017)"; flow:established,from_client; content:"GET"; http_method; content:"/doc869877400_678925578|3f|hash=kfavzvdbprtr0s0ogwdhudifzjrzfd1jlaw8ggsxfb0|7c|26|7c|dl=iyjfsmudspmrorkb1yrqcefycepzq9iedxxtknppm9p|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055017/; classtype:trojan-activity;sid:83918117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.167.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055016/; classtype:trojan-activity;sid:83918116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.17.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055015/; classtype:trojan-activity;sid:83918115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.124.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055014/; classtype:trojan-activity;sid:83918114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.218.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055013/; classtype:trojan-activity;sid:83918113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.214.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055012/; classtype:trojan-activity;sid:83918112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.17.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055010/; classtype:trojan-activity;sid:83918110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055011)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.83.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055011/; classtype:trojan-activity;sid:83918111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.63.244.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055009/; classtype:trojan-activity;sid:83918109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055008)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.172.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055008/; classtype:trojan-activity;sid:83918108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.242.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055007/; classtype:trojan-activity;sid:83918107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.38.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055006/; classtype:trojan-activity;sid:83918106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.4.161.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055005/; classtype:trojan-activity;sid:83918105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.170.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055004/; classtype:trojan-activity;sid:83918104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.33.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055003/; classtype:trojan-activity;sid:83918103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.232.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055002/; classtype:trojan-activity;sid:83918102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.175.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055001/; classtype:trojan-activity;sid:83918101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3055000)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.87.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3055000/; classtype:trojan-activity;sid:83918100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054999)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.249.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054999/; classtype:trojan-activity;sid:83918099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054998)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.234.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054998/; classtype:trojan-activity;sid:83918098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054997)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054997/; classtype:trojan-activity;sid:83918097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054995)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.163.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054995/; classtype:trojan-activity;sid:83918095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.242.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054996/; classtype:trojan-activity;sid:83918096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.247.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054994/; classtype:trojan-activity;sid:83918094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.116.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054992/; classtype:trojan-activity;sid:83918092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.11.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054993/; classtype:trojan-activity;sid:83918093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.23.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054991/; classtype:trojan-activity;sid:83918091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.218.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054990/; classtype:trojan-activity;sid:83918090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.3.40"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054989/; classtype:trojan-activity;sid:83918089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.119.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054988/; classtype:trojan-activity;sid:83918088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.205.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054986/; classtype:trojan-activity;sid:83918086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.91.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054987/; classtype:trojan-activity;sid:83918087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.17.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054985/; classtype:trojan-activity;sid:83918085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.42.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054984/; classtype:trojan-activity;sid:83918084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.184.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054983/; classtype:trojan-activity;sid:83918083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.4.161.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054982/; classtype:trojan-activity;sid:83918082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054981)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.11.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054981/; classtype:trojan-activity;sid:83918081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.150.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054980/; classtype:trojan-activity;sid:83918080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.228.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054979/; classtype:trojan-activity;sid:83918079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.138.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054978/; classtype:trojan-activity;sid:83918078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.29.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054977/; classtype:trojan-activity;sid:83918077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054976)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.33.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054976/; classtype:trojan-activity;sid:83918076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.239.77.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054975/; classtype:trojan-activity;sid:83918075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.119.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054974/; classtype:trojan-activity;sid:83918074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.136.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054973/; classtype:trojan-activity;sid:83918073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.91.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054972/; classtype:trojan-activity;sid:83918072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.155.222.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054971/; classtype:trojan-activity;sid:83918071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.149.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054970/; classtype:trojan-activity;sid:83918070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054969)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.115.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054969/; classtype:trojan-activity;sid:83918069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.253.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054967/; classtype:trojan-activity;sid:83918067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054968)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.141.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054968/; classtype:trojan-activity;sid:83918068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054966)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.56.233.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054966/; classtype:trojan-activity;sid:83918066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.218.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054964/; classtype:trojan-activity;sid:83918064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.101.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054965/; classtype:trojan-activity;sid:83918065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054963)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.3.40"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054963/; classtype:trojan-activity;sid:83918063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054962)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.184.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054962/; classtype:trojan-activity;sid:83918062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.229.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054961/; classtype:trojan-activity;sid:83918061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.235.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054960/; classtype:trojan-activity;sid:83918060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054959)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.232.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054959/; classtype:trojan-activity;sid:83918059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.205.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054958/; classtype:trojan-activity;sid:83918058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.86.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054957/; classtype:trojan-activity;sid:83918057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.253.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054956/; classtype:trojan-activity;sid:83918056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054953)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.135.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054953/; classtype:trojan-activity;sid:83918053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054954)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.94.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054954/; classtype:trojan-activity;sid:83918054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054955)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.140.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054955/; classtype:trojan-activity;sid:83918055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054952)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.250.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054952/; classtype:trojan-activity;sid:83918052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054950)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.228.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054950/; classtype:trojan-activity;sid:83918050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054951)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.230.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054951/; classtype:trojan-activity;sid:83918051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054948)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.250.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054948/; classtype:trojan-activity;sid:83918048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054949)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.78.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054949/; classtype:trojan-activity;sid:83918049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054947)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.9.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054947/; classtype:trojan-activity;sid:83918047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054946)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.76.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054946/; classtype:trojan-activity;sid:83918046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.71.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054945/; classtype:trojan-activity;sid:83918045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054943)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.171.253.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054943/; classtype:trojan-activity;sid:83918043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054944)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054944/; classtype:trojan-activity;sid:83918044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054942)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.253.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054942/; classtype:trojan-activity;sid:83918042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.70.25.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054941/; classtype:trojan-activity;sid:83918041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.16.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054940/; classtype:trojan-activity;sid:83918040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.253.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054939/; classtype:trojan-activity;sid:83918039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.155.222.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054936/; classtype:trojan-activity;sid:83918036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.222.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054937/; classtype:trojan-activity;sid:83918037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054938)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.29.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054938/; classtype:trojan-activity;sid:83918038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.136.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054935/; classtype:trojan-activity;sid:83918035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.149.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054934/; classtype:trojan-activity;sid:83918034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.122.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054933/; classtype:trojan-activity;sid:83918033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054932)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.119.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054932/; classtype:trojan-activity;sid:83918032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054931)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.151.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054931/; classtype:trojan-activity;sid:83918031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054930)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.202.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054930/; classtype:trojan-activity;sid:83918030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054929)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.35.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054929/; classtype:trojan-activity;sid:83918029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054928)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.8.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054928/; classtype:trojan-activity;sid:83918028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054926)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054926/; classtype:trojan-activity;sid:83918026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054927)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.142.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054927/; classtype:trojan-activity;sid:83918027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.223.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054925/; classtype:trojan-activity;sid:83918025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.229.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054924/; classtype:trojan-activity;sid:83918024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.164.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054923/; classtype:trojan-activity;sid:83918023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.10.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054922/; classtype:trojan-activity;sid:83918022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.254.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054921/; classtype:trojan-activity;sid:83918021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.86.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054920/; classtype:trojan-activity;sid:83918020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.228.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054919/; classtype:trojan-activity;sid:83918019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.21.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054918/; classtype:trojan-activity;sid:83918018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.70.25.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054917/; classtype:trojan-activity;sid:83918017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.47.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054916/; classtype:trojan-activity;sid:83918016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.30.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054915/; classtype:trojan-activity;sid:83918015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.140.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054914/; classtype:trojan-activity;sid:83918014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.128.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054913/; classtype:trojan-activity;sid:83918013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.16.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054912/; classtype:trojan-activity;sid:83918012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.146.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054910/; classtype:trojan-activity;sid:83918010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.25.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054911/; classtype:trojan-activity;sid:83918011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.222.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054909/; classtype:trojan-activity;sid:83918009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.164.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054908/; classtype:trojan-activity;sid:83918008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054907)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.13.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054907/; classtype:trojan-activity;sid:83918007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054906)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.58.37.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054906/; classtype:trojan-activity;sid:83918006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054905)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.240.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054905/; classtype:trojan-activity;sid:83918005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054904)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.240.38.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054904/; classtype:trojan-activity;sid:83918004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054903)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.168.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054903/; classtype:trojan-activity;sid:83918003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.219.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054902/; classtype:trojan-activity;sid:83918002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.10.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054901/; classtype:trojan-activity;sid:83918001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.254.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054900/; classtype:trojan-activity;sid:83918000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.244.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054899/; classtype:trojan-activity;sid:83917999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.92.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054898/; classtype:trojan-activity;sid:83917998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.175.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054897/; classtype:trojan-activity;sid:83917997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.196.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054896/; classtype:trojan-activity;sid:83917996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054895)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.173.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054895/; classtype:trojan-activity;sid:83917995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054894)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.151.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054894/; classtype:trojan-activity;sid:83917994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.147.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054893/; classtype:trojan-activity;sid:83917993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054892)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.59.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054892/; classtype:trojan-activity;sid:83917992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.128.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054890/; classtype:trojan-activity;sid:83917990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.203.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054891/; classtype:trojan-activity;sid:83917991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.2.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054889/; classtype:trojan-activity;sid:83917989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054888)"; flow:established,from_client; content:"GET"; http_method; content:"/bolonetwork.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"15.235.203.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054888/; classtype:trojan-activity;sid:83917988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.15.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054887/; classtype:trojan-activity;sid:83917987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.186.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054886/; classtype:trojan-activity;sid:83917986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.98.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054885/; classtype:trojan-activity;sid:83917985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.245.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054883/; classtype:trojan-activity;sid:83917983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.25.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054884/; classtype:trojan-activity;sid:83917984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.104.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054882/; classtype:trojan-activity;sid:83917982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.224.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054879/; classtype:trojan-activity;sid:83917979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.83.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054880/; classtype:trojan-activity;sid:83917980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.134.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054881/; classtype:trojan-activity;sid:83917981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.254.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054878/; classtype:trojan-activity;sid:83917978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054877)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.209.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054877/; classtype:trojan-activity;sid:83917977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054876)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.33.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054876/; classtype:trojan-activity;sid:83917976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.75.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054875/; classtype:trojan-activity;sid:83917975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.33.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054872/; classtype:trojan-activity;sid:83917972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.175.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054873/; classtype:trojan-activity;sid:83917973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.196.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054874/; classtype:trojan-activity;sid:83917974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.245.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054867/; classtype:trojan-activity;sid:83917967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.21.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054868/; classtype:trojan-activity;sid:83917968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054869)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.171.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054869/; classtype:trojan-activity;sid:83917969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.140.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054870/; classtype:trojan-activity;sid:83917970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.147.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054871/; classtype:trojan-activity;sid:83917971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.165.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054866/; classtype:trojan-activity;sid:83917966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.2.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054865/; classtype:trojan-activity;sid:83917965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.186.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054863/; classtype:trojan-activity;sid:83917963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.75.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054864/; classtype:trojan-activity;sid:83917964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.203.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054862/; classtype:trojan-activity;sid:83917962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.98.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054861/; classtype:trojan-activity;sid:83917961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.104.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054860/; classtype:trojan-activity;sid:83917960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.230.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054859/; classtype:trojan-activity;sid:83917959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.254.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054858/; classtype:trojan-activity;sid:83917958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.224.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054857/; classtype:trojan-activity;sid:83917957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054856)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.26.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054856/; classtype:trojan-activity;sid:83917956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.189.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054855/; classtype:trojan-activity;sid:83917955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054853)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.92.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054853/; classtype:trojan-activity;sid:83917953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.33.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054854/; classtype:trojan-activity;sid:83917954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.209.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054852/; classtype:trojan-activity;sid:83917952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.131.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054850/; classtype:trojan-activity;sid:83917950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054851)"; flow:established,from_client; content:"GET"; http_method; content:"/prog/669bd79ba7b76_crypted.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"79.137.192.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054851/; classtype:trojan-activity;sid:83917951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.219.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054849/; classtype:trojan-activity;sid:83917949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.21.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054848/; classtype:trojan-activity;sid:83917948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054847)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.112.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054847/; classtype:trojan-activity;sid:83917947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054846)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.103.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054846/; classtype:trojan-activity;sid:83917946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054844)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.239.38.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054844/; classtype:trojan-activity;sid:83917944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054845)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.4.198.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054845/; classtype:trojan-activity;sid:83917945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.131.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054843/; classtype:trojan-activity;sid:83917943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.189.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054842/; classtype:trojan-activity;sid:83917942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054841)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.15.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054841/; classtype:trojan-activity;sid:83917941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054838)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054838/; classtype:trojan-activity;sid:83917938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.203.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054839/; classtype:trojan-activity;sid:83917939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054840)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.38.123.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054840/; classtype:trojan-activity;sid:83917940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054837)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.234.128.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054837/; classtype:trojan-activity;sid:83917937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.249.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054836/; classtype:trojan-activity;sid:83917936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.205.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054835/; classtype:trojan-activity;sid:83917935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.165.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054834/; classtype:trojan-activity;sid:83917934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054833)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.218.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054833/; classtype:trojan-activity;sid:83917933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054832)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.139.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054832/; classtype:trojan-activity;sid:83917932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054831)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.229.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054831/; classtype:trojan-activity;sid:83917931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054830)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.216.26.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054830/; classtype:trojan-activity;sid:83917930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.197.28.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054829/; classtype:trojan-activity;sid:83917929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.138.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054828/; classtype:trojan-activity;sid:83917928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.219.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054827/; classtype:trojan-activity;sid:83917927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.43.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054826/; classtype:trojan-activity;sid:83917926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.50.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054825/; classtype:trojan-activity;sid:83917925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.81.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054824/; classtype:trojan-activity;sid:83917924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054823)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.44.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054823/; classtype:trojan-activity;sid:83917923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054822)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.117.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054822/; classtype:trojan-activity;sid:83917922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.236.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054821/; classtype:trojan-activity;sid:83917921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.249.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054819/; classtype:trojan-activity;sid:83917919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.205.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054820/; classtype:trojan-activity;sid:83917920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.197.28.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054818/; classtype:trojan-activity;sid:83917918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.54.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054817/; classtype:trojan-activity;sid:83917917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.81.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054816/; classtype:trojan-activity;sid:83917916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054815)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.132.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054815/; classtype:trojan-activity;sid:83917915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.150.140.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054814/; classtype:trojan-activity;sid:83917914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054813)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.113.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054813/; classtype:trojan-activity;sid:83917913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.138.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054812/; classtype:trojan-activity;sid:83917912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.129.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054811/; classtype:trojan-activity;sid:83917911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.56.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054810/; classtype:trojan-activity;sid:83917910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054809)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.39.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054809/; classtype:trojan-activity;sid:83917909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.160.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054808/; classtype:trojan-activity;sid:83917908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.140.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054807/; classtype:trojan-activity;sid:83917907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.128.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054806/; classtype:trojan-activity;sid:83917906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.211.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054805/; classtype:trojan-activity;sid:83917905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.199.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054804/; classtype:trojan-activity;sid:83917904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.14.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054803/; classtype:trojan-activity;sid:83917903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.197.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054802/; classtype:trojan-activity;sid:83917902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.139.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054801/; classtype:trojan-activity;sid:83917901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.243.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054800/; classtype:trojan-activity;sid:83917900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.165.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054799/; classtype:trojan-activity;sid:83917899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.43.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054797/; classtype:trojan-activity;sid:83917897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054798)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.210.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054798/; classtype:trojan-activity;sid:83917898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054796)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.62.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054796/; classtype:trojan-activity;sid:83917896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054795)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.104.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054795/; classtype:trojan-activity;sid:83917895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.112.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054794/; classtype:trojan-activity;sid:83917894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.111.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054793/; classtype:trojan-activity;sid:83917893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.236.138.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054792/; classtype:trojan-activity;sid:83917892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.195.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054791/; classtype:trojan-activity;sid:83917891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.54.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054790/; classtype:trojan-activity;sid:83917890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.66.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054789/; classtype:trojan-activity;sid:83917889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.241.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054788/; classtype:trojan-activity;sid:83917888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.183.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054787/; classtype:trojan-activity;sid:83917887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.83.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054786/; classtype:trojan-activity;sid:83917886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.211.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054785/; classtype:trojan-activity;sid:83917885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.29.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054784/; classtype:trojan-activity;sid:83917884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.150.140.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054782/; classtype:trojan-activity;sid:83917882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.143.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054783/; classtype:trojan-activity;sid:83917883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.251.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054781/; classtype:trojan-activity;sid:83917881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054779)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.90.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054779/; classtype:trojan-activity;sid:83917879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054780)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.227.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054780/; classtype:trojan-activity;sid:83917880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.44.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054778/; classtype:trojan-activity;sid:83917878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054776)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.179.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054776/; classtype:trojan-activity;sid:83917876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054777)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.14.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054777/; classtype:trojan-activity;sid:83917877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.114.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054773/; classtype:trojan-activity;sid:83917873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054774)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.205.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054774/; classtype:trojan-activity;sid:83917874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054775)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.252.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054775/; classtype:trojan-activity;sid:83917875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.3.105"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054772/; classtype:trojan-activity;sid:83917872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.251.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054771/; classtype:trojan-activity;sid:83917871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.139.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054770/; classtype:trojan-activity;sid:83917870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.152.9.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054769/; classtype:trojan-activity;sid:83917869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054767)"; flow:established,from_client; content:"GET"; http_method; content:"/distribute/.4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.194.32.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054767/; classtype:trojan-activity;sid:83917867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.133.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054768/; classtype:trojan-activity;sid:83917868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.103.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054766/; classtype:trojan-activity;sid:83917866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.25.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054765/; classtype:trojan-activity;sid:83917865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.113.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054763/; classtype:trojan-activity;sid:83917863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.172.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054764/; classtype:trojan-activity;sid:83917864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.138.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054762/; classtype:trojan-activity;sid:83917862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.65.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054761/; classtype:trojan-activity;sid:83917861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.143.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054760/; classtype:trojan-activity;sid:83917860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.210.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054759/; classtype:trojan-activity;sid:83917859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.166.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054758/; classtype:trojan-activity;sid:83917858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.41.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054756/; classtype:trojan-activity;sid:83917856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.83.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054757/; classtype:trojan-activity;sid:83917857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.41.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054755/; classtype:trojan-activity;sid:83917855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.66.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054754/; classtype:trojan-activity;sid:83917854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054753)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.122.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054753/; classtype:trojan-activity;sid:83917853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.210.93.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054752/; classtype:trojan-activity;sid:83917852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.197.172.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054751/; classtype:trojan-activity;sid:83917851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.91.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054750/; classtype:trojan-activity;sid:83917850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.62.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054748/; classtype:trojan-activity;sid:83917848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.41.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054749/; classtype:trojan-activity;sid:83917849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.25.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054747/; classtype:trojan-activity;sid:83917847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.178.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054746/; classtype:trojan-activity;sid:83917846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.172.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054745/; classtype:trojan-activity;sid:83917845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.251.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054744/; classtype:trojan-activity;sid:83917844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.172.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054742/; classtype:trojan-activity;sid:83917842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.113.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054743/; classtype:trojan-activity;sid:83917843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054741)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.220.162.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054741/; classtype:trojan-activity;sid:83917841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054738)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.9.126.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054738/; classtype:trojan-activity;sid:83917838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.210.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054739/; classtype:trojan-activity;sid:83917839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054740)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.180.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054740/; classtype:trojan-activity;sid:83917840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054737)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.200.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054737/; classtype:trojan-activity;sid:83917837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054735)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.107.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054735/; classtype:trojan-activity;sid:83917835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054736)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054736/; classtype:trojan-activity;sid:83917836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.116.244.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054734/; classtype:trojan-activity;sid:83917834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.122.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054733/; classtype:trojan-activity;sid:83917833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.87.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054731/; classtype:trojan-activity;sid:83917831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.83.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054732/; classtype:trojan-activity;sid:83917832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.152.9.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054730/; classtype:trojan-activity;sid:83917830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.210.93.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054729/; classtype:trojan-activity;sid:83917829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054728)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.148.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054728/; classtype:trojan-activity;sid:83917828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054727)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.215.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054727/; classtype:trojan-activity;sid:83917827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.207.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054726/; classtype:trojan-activity;sid:83917826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.179.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054725/; classtype:trojan-activity;sid:83917825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.197.172.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054724/; classtype:trojan-activity;sid:83917824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.237.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054723/; classtype:trojan-activity;sid:83917823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.163.249.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054722/; classtype:trojan-activity;sid:83917822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.4.102"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054721/; classtype:trojan-activity;sid:83917821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.87.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054720/; classtype:trojan-activity;sid:83917820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.88.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054719/; classtype:trojan-activity;sid:83917819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.172.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054718/; classtype:trojan-activity;sid:83917818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.171.168.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054717/; classtype:trojan-activity;sid:83917817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054716)"; flow:established,from_client; content:"GET"; http_method; content:"/win10pe%cd%abiso%a5%c1%a4%b1%a6%a6%ce%a6%c1%a2%cb%a6+%a6%a6%f1%a5%af.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"vps-zap471309-6.zap-srv.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054716/; classtype:trojan-activity;sid:83917816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054715)"; flow:established,from_client; content:"GET"; http_method; content:"/win10pe%cd%abiso%a5%c1%a4%b1%cd%e3%ce%b8%c1%a2u+%a6%a6%f1%a5%af.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"vps-zap471309-6.zap-srv.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054715/; classtype:trojan-activity;sid:83917815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054713)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.1.148"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054713/; classtype:trojan-activity;sid:83917813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054714)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.180.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054714/; classtype:trojan-activity;sid:83917814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054712)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.61.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054712/; classtype:trojan-activity;sid:83917812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054710/; classtype:trojan-activity;sid:83917810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.206.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054711/; classtype:trojan-activity;sid:83917811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054708)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.191.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054708/; classtype:trojan-activity;sid:83917808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.205.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054709/; classtype:trojan-activity;sid:83917809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.150.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054707/; classtype:trojan-activity;sid:83917807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054706)"; flow:established,from_client; content:"GET"; http_method; content:"/win10pe%cd%abiso%a5%c1%a4%b1%cd%e3%ce%b8%c1%a2u+%a6%a6%f1%a5%af.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"92.42.45.142"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054706/; classtype:trojan-activity;sid:83917806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054705)"; flow:established,from_client; content:"GET"; http_method; content:"/win10pe%cd%abiso%a5%c1%a4%b1%a6%a6%ce%a6%c1%a2%cb%a6+%a6%a6%f1%a5%af.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"92.42.45.142"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054705/; classtype:trojan-activity;sid:83917805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.244.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054704/; classtype:trojan-activity;sid:83917804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054703)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.42.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054703/; classtype:trojan-activity;sid:83917803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.79.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054702/; classtype:trojan-activity;sid:83917802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.130.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054701/; classtype:trojan-activity;sid:83917801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.253.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054700/; classtype:trojan-activity;sid:83917800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.94.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054699/; classtype:trojan-activity;sid:83917799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.91.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054698/; classtype:trojan-activity;sid:83917798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054697)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.144.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054697/; classtype:trojan-activity;sid:83917797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054696)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.13.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054696/; classtype:trojan-activity;sid:83917796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054695)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.48.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054695/; classtype:trojan-activity;sid:83917795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054694)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.45.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054694/; classtype:trojan-activity;sid:83917794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054692)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054692/; classtype:trojan-activity;sid:83917792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054693)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.95.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054693/; classtype:trojan-activity;sid:83917793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.194.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054690/; classtype:trojan-activity;sid:83917790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.168.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054691/; classtype:trojan-activity;sid:83917791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.21.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054689/; classtype:trojan-activity;sid:83917789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.127.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054688/; classtype:trojan-activity;sid:83917788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054687)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.194.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054687/; classtype:trojan-activity;sid:83917787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.87.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054686/; classtype:trojan-activity;sid:83917786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.138.12.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054685/; classtype:trojan-activity;sid:83917785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.212.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054684/; classtype:trojan-activity;sid:83917784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.171.168.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054683/; classtype:trojan-activity;sid:83917783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.131.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054682/; classtype:trojan-activity;sid:83917782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.206.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054681/; classtype:trojan-activity;sid:83917781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.148.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054680/; classtype:trojan-activity;sid:83917780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054679)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.2.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054679/; classtype:trojan-activity;sid:83917779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.4.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054678/; classtype:trojan-activity;sid:83917778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.88.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054676/; classtype:trojan-activity;sid:83917776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.89.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054677/; classtype:trojan-activity;sid:83917777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.127.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054674/; classtype:trojan-activity;sid:83917774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.194.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054675/; classtype:trojan-activity;sid:83917775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.253.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054673/; classtype:trojan-activity;sid:83917773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054672)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.240.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054672/; classtype:trojan-activity;sid:83917772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.24.54.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054671/; classtype:trojan-activity;sid:83917771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.245.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054670/; classtype:trojan-activity;sid:83917770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.194.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054666/; classtype:trojan-activity;sid:83917766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.194.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054667/; classtype:trojan-activity;sid:83917767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054668)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.238.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054668/; classtype:trojan-activity;sid:83917768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054669)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.133.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054669/; classtype:trojan-activity;sid:83917769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.168.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054665/; classtype:trojan-activity;sid:83917765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054657)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"92.249.48.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054657/; classtype:trojan-activity;sid:83917757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054658)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.249.48.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054658/; classtype:trojan-activity;sid:83917758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054659)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.249.48.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054659/; classtype:trojan-activity;sid:83917759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054660)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.249.48.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054660/; classtype:trojan-activity;sid:83917760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054661)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.249.48.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054661/; classtype:trojan-activity;sid:83917761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054662)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.249.48.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054662/; classtype:trojan-activity;sid:83917762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054663)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.249.48.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054663/; classtype:trojan-activity;sid:83917763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.93.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054664/; classtype:trojan-activity;sid:83917764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.184.36.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054655/; classtype:trojan-activity;sid:83917755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.81.60"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054656/; classtype:trojan-activity;sid:83917756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.172.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054653/; classtype:trojan-activity;sid:83917753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.148.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054654/; classtype:trojan-activity;sid:83917754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.169.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054652/; classtype:trojan-activity;sid:83917752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054651)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.131.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054651/; classtype:trojan-activity;sid:83917751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.237.163.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054650/; classtype:trojan-activity;sid:83917750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.173.58.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054649/; classtype:trojan-activity;sid:83917749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.60.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054648/; classtype:trojan-activity;sid:83917748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054647)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.116.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054647/; classtype:trojan-activity;sid:83917747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.194.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054646/; classtype:trojan-activity;sid:83917746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.25.183.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054645/; classtype:trojan-activity;sid:83917745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.172.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054644/; classtype:trojan-activity;sid:83917744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.54.213.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054643/; classtype:trojan-activity;sid:83917743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.119.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054642/; classtype:trojan-activity;sid:83917742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.118.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054641/; classtype:trojan-activity;sid:83917741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.233.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054640/; classtype:trojan-activity;sid:83917740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054639)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.167.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054639/; classtype:trojan-activity;sid:83917739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.3.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054638/; classtype:trojan-activity;sid:83917738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.101.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054636/; classtype:trojan-activity;sid:83917736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.25.183.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054637/; classtype:trojan-activity;sid:83917737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.88.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054635/; classtype:trojan-activity;sid:83917735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.50.245.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054633/; classtype:trojan-activity;sid:83917733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.151.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054634/; classtype:trojan-activity;sid:83917734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.88.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054632/; classtype:trojan-activity;sid:83917732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.158.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054629/; classtype:trojan-activity;sid:83917729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.59.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054630/; classtype:trojan-activity;sid:83917730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.60.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054631/; classtype:trojan-activity;sid:83917731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.169.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054628/; classtype:trojan-activity;sid:83917728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.35.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054627/; classtype:trojan-activity;sid:83917727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054626)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.171.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054626/; classtype:trojan-activity;sid:83917726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.137.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054625/; classtype:trojan-activity;sid:83917725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.177.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054624/; classtype:trojan-activity;sid:83917724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.110.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054623/; classtype:trojan-activity;sid:83917723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.50.245.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054621/; classtype:trojan-activity;sid:83917721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054622)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.92.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054622/; classtype:trojan-activity;sid:83917722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.86.112.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054620/; classtype:trojan-activity;sid:83917720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.59.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054619/; classtype:trojan-activity;sid:83917719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.151.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054618/; classtype:trojan-activity;sid:83917718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.81.167"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054616/; classtype:trojan-activity;sid:83917716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.2.110.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054617/; classtype:trojan-activity;sid:83917717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.223.24.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054615/; classtype:trojan-activity;sid:83917715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.118.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054612/; classtype:trojan-activity;sid:83917712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.1.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054613/; classtype:trojan-activity;sid:83917713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.16.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054614/; classtype:trojan-activity;sid:83917714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.202.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054611/; classtype:trojan-activity;sid:83917711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.3.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054610/; classtype:trojan-activity;sid:83917710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.26.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054609/; classtype:trojan-activity;sid:83917709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.88.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054607/; classtype:trojan-activity;sid:83917707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054608/; classtype:trojan-activity;sid:83917708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054606)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.111.102.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054606/; classtype:trojan-activity;sid:83917706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054605)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.205.22.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054605/; classtype:trojan-activity;sid:83917705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054604)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.35.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054604/; classtype:trojan-activity;sid:83917704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.119.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054603/; classtype:trojan-activity;sid:83917703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.161.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054602/; classtype:trojan-activity;sid:83917702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.102.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054601/; classtype:trojan-activity;sid:83917701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.101.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054600/; classtype:trojan-activity;sid:83917700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.186.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054599/; classtype:trojan-activity;sid:83917699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054597)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.177.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054597/; classtype:trojan-activity;sid:83917697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.137.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054598/; classtype:trojan-activity;sid:83917698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.54.213.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054595/; classtype:trojan-activity;sid:83917695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.39.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054596/; classtype:trojan-activity;sid:83917696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054594)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.111.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054594/; classtype:trojan-activity;sid:83917694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054593)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.246.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054593/; classtype:trojan-activity;sid:83917693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054592)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.210.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054592/; classtype:trojan-activity;sid:83917692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.8.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054591/; classtype:trojan-activity;sid:83917691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054590)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.212.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054590/; classtype:trojan-activity;sid:83917690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.81.167"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054589/; classtype:trojan-activity;sid:83917689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.83.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054586/; classtype:trojan-activity;sid:83917686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.55.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054587/; classtype:trojan-activity;sid:83917687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.86.112.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054588/; classtype:trojan-activity;sid:83917688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.1.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054585/; classtype:trojan-activity;sid:83917685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.59.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054584/; classtype:trojan-activity;sid:83917684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.202.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054583/; classtype:trojan-activity;sid:83917683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.16.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054582/; classtype:trojan-activity;sid:83917682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.215.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054580/; classtype:trojan-activity;sid:83917680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.165.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054581/; classtype:trojan-activity;sid:83917681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.189.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054578/; classtype:trojan-activity;sid:83917678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.81.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054579/; classtype:trojan-activity;sid:83917679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.93.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054577/; classtype:trojan-activity;sid:83917677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.186.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054576/; classtype:trojan-activity;sid:83917676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.36.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054574/; classtype:trojan-activity;sid:83917674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054575)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.215.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054575/; classtype:trojan-activity;sid:83917675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.81.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054573/; classtype:trojan-activity;sid:83917673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.18.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054572/; classtype:trojan-activity;sid:83917672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054571)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.126.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054571/; classtype:trojan-activity;sid:83917671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054570)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.176.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054570/; classtype:trojan-activity;sid:83917670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.15.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054569/; classtype:trojan-activity;sid:83917669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.123.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054568/; classtype:trojan-activity;sid:83917668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.48.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054567/; classtype:trojan-activity;sid:83917667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.84.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054566/; classtype:trojan-activity;sid:83917666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.71.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054565/; classtype:trojan-activity;sid:83917665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.110.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054564/; classtype:trojan-activity;sid:83917664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.39.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054563/; classtype:trojan-activity;sid:83917663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.113.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054562/; classtype:trojan-activity;sid:83917662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.239.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054561/; classtype:trojan-activity;sid:83917661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054560/; classtype:trojan-activity;sid:83917660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.90.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054559/; classtype:trojan-activity;sid:83917659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.212.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054558/; classtype:trojan-activity;sid:83917658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054557)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.73.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054557/; classtype:trojan-activity;sid:83917657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054556)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.49.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054556/; classtype:trojan-activity;sid:83917656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.40.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054555/; classtype:trojan-activity;sid:83917655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.206.47.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054553/; classtype:trojan-activity;sid:83917653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.20.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054554/; classtype:trojan-activity;sid:83917654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.169.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054551/; classtype:trojan-activity;sid:83917651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.41.138.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054552/; classtype:trojan-activity;sid:83917652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.0.245.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054550/; classtype:trojan-activity;sid:83917650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.179.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054548/; classtype:trojan-activity;sid:83917648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.81.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054549/; classtype:trojan-activity;sid:83917649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.251.184.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054547/; classtype:trojan-activity;sid:83917647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.120.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054546/; classtype:trojan-activity;sid:83917646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.220.162.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054545/; classtype:trojan-activity;sid:83917645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.95.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054544/; classtype:trojan-activity;sid:83917644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.18.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054543/; classtype:trojan-activity;sid:83917643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.48.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054542/; classtype:trojan-activity;sid:83917642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.25.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054541/; classtype:trojan-activity;sid:83917641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.57.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054537/; classtype:trojan-activity;sid:83917637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054538)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.182.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054538/; classtype:trojan-activity;sid:83917638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054539/; classtype:trojan-activity;sid:83917639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054540)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.85.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054540/; classtype:trojan-activity;sid:83917640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054536)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.77.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054536/; classtype:trojan-activity;sid:83917636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.84.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054535/; classtype:trojan-activity;sid:83917635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.71.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054534/; classtype:trojan-activity;sid:83917634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.121.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054533/; classtype:trojan-activity;sid:83917633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.179.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054532/; classtype:trojan-activity;sid:83917632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.162.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054531/; classtype:trojan-activity;sid:83917631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.113.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054530/; classtype:trojan-activity;sid:83917630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.248.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054529/; classtype:trojan-activity;sid:83917629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.84.253.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054528/; classtype:trojan-activity;sid:83917628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.254.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054527/; classtype:trojan-activity;sid:83917627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.40.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054526/; classtype:trojan-activity;sid:83917626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.74.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054525/; classtype:trojan-activity;sid:83917625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.80.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054524/; classtype:trojan-activity;sid:83917624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.158.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054523/; classtype:trojan-activity;sid:83917623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.81.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054522/; classtype:trojan-activity;sid:83917622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054521)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.100.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054521/; classtype:trojan-activity;sid:83917621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054518)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.224.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054518/; classtype:trojan-activity;sid:83917618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054519)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.132.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054519/; classtype:trojan-activity;sid:83917619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054520)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.202.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054520/; classtype:trojan-activity;sid:83917620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.239.77.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054517/; classtype:trojan-activity;sid:83917617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054516)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.183.80.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054516/; classtype:trojan-activity;sid:83917616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.0.114"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054515/; classtype:trojan-activity;sid:83917615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.81.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054514/; classtype:trojan-activity;sid:83917614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.95.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054513/; classtype:trojan-activity;sid:83917613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054512)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.3.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054512/; classtype:trojan-activity;sid:83917612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054511)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.101.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054511/; classtype:trojan-activity;sid:83917611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.125.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054510/; classtype:trojan-activity;sid:83917610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054509)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.33.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054509/; classtype:trojan-activity;sid:83917609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054508)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.81.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054508/; classtype:trojan-activity;sid:83917608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.25.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054507/; classtype:trojan-activity;sid:83917607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054506)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.96.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054506/; classtype:trojan-activity;sid:83917606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054505)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.43.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054505/; classtype:trojan-activity;sid:83917605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054504)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.160.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054504/; classtype:trojan-activity;sid:83917604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.188.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054503/; classtype:trojan-activity;sid:83917603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.43.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054502/; classtype:trojan-activity;sid:83917602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.123.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054501/; classtype:trojan-activity;sid:83917601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.197.22.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054500/; classtype:trojan-activity;sid:83917600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.248.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054499/; classtype:trojan-activity;sid:83917599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054498)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.35.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054498/; classtype:trojan-activity;sid:83917598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.189.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054497/; classtype:trojan-activity;sid:83917597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.228.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054496/; classtype:trojan-activity;sid:83917596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.11.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054495/; classtype:trojan-activity;sid:83917595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.47.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054494/; classtype:trojan-activity;sid:83917594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.88.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054493/; classtype:trojan-activity;sid:83917593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.87.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054492/; classtype:trojan-activity;sid:83917592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.75.157.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054491/; classtype:trojan-activity;sid:83917591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.158.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054490/; classtype:trojan-activity;sid:83917590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.28.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054489/; classtype:trojan-activity;sid:83917589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.209.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054488/; classtype:trojan-activity;sid:83917588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054487)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.247.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054487/; classtype:trojan-activity;sid:83917587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.30.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054486/; classtype:trojan-activity;sid:83917586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.170.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054485/; classtype:trojan-activity;sid:83917585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.252.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054483/; classtype:trojan-activity;sid:83917583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.240.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054484/; classtype:trojan-activity;sid:83917584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.17.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054482/; classtype:trojan-activity;sid:83917582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054477)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/run/libcontainerd/containerd/video.scr"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054477/; classtype:trojan-activity;sid:83917577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054478)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/content/sha256/photo.scr"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054478/; classtype:trojan-activity;sid:83917578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054479)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054479/; classtype:trojan-activity;sid:83917579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054480)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/network/files/photo.scr"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054480/; classtype:trojan-activity;sid:83917580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054481)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/run/swarm/photo.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054481/; classtype:trojan-activity;sid:83917581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054476)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/content/video.scr"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054476/; classtype:trojan-activity;sid:83917576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054475)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/storage/blobs/photo.scr"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054475/; classtype:trojan-activity;sid:83917575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054474)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/network/files/video.scr"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054474/; classtype:trojan-activity;sid:83917574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054472)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054472/; classtype:trojan-activity;sid:83917572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054473)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/tmp/video.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054473/; classtype:trojan-activity;sid:83917573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054470)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/storage/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054470/; classtype:trojan-activity;sid:83917570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054471)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/video.scr"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054471/; classtype:trojan-activity;sid:83917571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054469)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054469/; classtype:trojan-activity;sid:83917569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054467)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/trust/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054467/; classtype:trojan-activity;sid:83917567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054468)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/run/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054468/; classtype:trojan-activity;sid:83917568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054464)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/network/files/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054464/; classtype:trojan-activity;sid:83917564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054465)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/run/libcontainerd/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054465/; classtype:trojan-activity;sid:83917565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054466)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054466/; classtype:trojan-activity;sid:83917566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054463)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/tmp/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054463/; classtype:trojan-activity;sid:83917563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054462)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/tmp/av.scr"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054462/; classtype:trojan-activity;sid:83917562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054461)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/run/libcontainerd/containerd/av.scr"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054461/; classtype:trojan-activity;sid:83917561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054459)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054459/; classtype:trojan-activity;sid:83917559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054460)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/trust/photo.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054460/; classtype:trojan-activity;sid:83917560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054458)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/run/libcontainerd/av.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054458/; classtype:trojan-activity;sid:83917558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054457)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/photo.scr"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054457/; classtype:trojan-activity;sid:83917557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054456)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/run/swarm/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054456/; classtype:trojan-activity;sid:83917556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054455)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/photo.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054455/; classtype:trojan-activity;sid:83917555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054451)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/tmp/video.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054451/; classtype:trojan-activity;sid:83917551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054452)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/av.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054452/; classtype:trojan-activity;sid:83917552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054453)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/tmp/video.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054453/; classtype:trojan-activity;sid:83917553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054454)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/run/swarm/video.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054454/; classtype:trojan-activity;sid:83917554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054442)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/storage/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054442/; classtype:trojan-activity;sid:83917542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054443)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/content/sha256/av.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054443/; classtype:trojan-activity;sid:83917543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054444)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/distribution/video.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054444/; classtype:trojan-activity;sid:83917544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054445)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/storage/blobs/photo.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054445/; classtype:trojan-activity;sid:83917545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054446)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/volumes/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054446/; classtype:trojan-activity;sid:83917546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054447)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/av.scr"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054447/; classtype:trojan-activity;sid:83917547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054448)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/overlay2/photo.scr"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054448/; classtype:trojan-activity;sid:83917548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054449)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/trust/av.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054449/; classtype:trojan-activity;sid:83917549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054450)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/layerdb/video.scr"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054450/; classtype:trojan-activity;sid:83917550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054433)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/network/files/photo.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054433/; classtype:trojan-activity;sid:83917533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054434)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/swarm/video.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054434/; classtype:trojan-activity;sid:83917534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054435)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/storage/blobs/av.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054435/; classtype:trojan-activity;sid:83917535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054436)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/run/photo.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054436/; classtype:trojan-activity;sid:83917536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054437)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/volumes/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054437/; classtype:trojan-activity;sid:83917537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054438)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/storage/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054438/; classtype:trojan-activity;sid:83917538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054439)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/network/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054439/; classtype:trojan-activity;sid:83917539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054440)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/photo.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054440/; classtype:trojan-activity;sid:83917540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054441)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/metadata/photo.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054441/; classtype:trojan-activity;sid:83917541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054432)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/photo.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054432/; classtype:trojan-activity;sid:83917532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054430)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/tmp/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054430/; classtype:trojan-activity;sid:83917530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054431)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/network/files/av.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054431/; classtype:trojan-activity;sid:83917531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054409)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/storage/blobs/tmp/video.scr"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054409/; classtype:trojan-activity;sid:83917509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054410)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/run/photo.scr"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054410/; classtype:trojan-activity;sid:83917510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054411)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/network/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054411/; classtype:trojan-activity;sid:83917511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054412)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/storage/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054412/; classtype:trojan-activity;sid:83917512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054413)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/av.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054413/; classtype:trojan-activity;sid:83917513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054414)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/video.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054414/; classtype:trojan-activity;sid:83917514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054415)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/tmp/av.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054415/; classtype:trojan-activity;sid:83917515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054416)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/overlay2/l/photo.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054416/; classtype:trojan-activity;sid:83917516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054417)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054417/; classtype:trojan-activity;sid:83917517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054418)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/overlay2/l/video.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054418/; classtype:trojan-activity;sid:83917518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054419)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/swarm/photo.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054419/; classtype:trojan-activity;sid:83917519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054420)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/containers/av.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054420/; classtype:trojan-activity;sid:83917520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054421)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/av.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054421/; classtype:trojan-activity;sid:83917521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054422)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/content/sha256/video.scr"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054422/; classtype:trojan-activity;sid:83917522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054423)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/metadata/av.scr"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054423/; classtype:trojan-activity;sid:83917523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054424)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/run/av.scr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054424/; classtype:trojan-activity;sid:83917524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054425)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/metadata/sha256/av.scr"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054425/; classtype:trojan-activity;sid:83917525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054426)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/layerdb/av.scr"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054426/; classtype:trojan-activity;sid:83917526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054427)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/overlay2/l/av.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054427/; classtype:trojan-activity;sid:83917527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054428)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/network/files/av.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054428/; classtype:trojan-activity;sid:83917528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054429)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/overlay2/video.scr"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054429/; classtype:trojan-activity;sid:83917529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054404)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/containers/photo.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054404/; classtype:trojan-activity;sid:83917504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054405)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/metadata/sha256/video.scr"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054405/; classtype:trojan-activity;sid:83917505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054406)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/storage/blobs/tmp/av.scr"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054406/; classtype:trojan-activity;sid:83917506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054407)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/run/libcontainerd/video.scr"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054407/; classtype:trojan-activity;sid:83917507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054408)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/distribution/av.scr"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054408/; classtype:trojan-activity;sid:83917508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054403)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/storage/blobs/av.scr"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054403/; classtype:trojan-activity;sid:83917503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054402)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/tmp/photo.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054402/; classtype:trojan-activity;sid:83917502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054401)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054401/; classtype:trojan-activity;sid:83917501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054400)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054400/; classtype:trojan-activity;sid:83917500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054398)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/swarm/photo.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054398/; classtype:trojan-activity;sid:83917498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054399)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/av.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054399/; classtype:trojan-activity;sid:83917499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054395)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/run/libcontainerd/containerd/av.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054395/; classtype:trojan-activity;sid:83917495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054396)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054396/; classtype:trojan-activity;sid:83917496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054397)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/layerdb/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054397/; classtype:trojan-activity;sid:83917497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054392)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/metadata/sha256/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054392/; classtype:trojan-activity;sid:83917492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054393)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054393/; classtype:trojan-activity;sid:83917493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054394)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/content/video.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054394/; classtype:trojan-activity;sid:83917494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054391)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054391/; classtype:trojan-activity;sid:83917491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054389)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/run/libcontainerd/containerd/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054389/; classtype:trojan-activity;sid:83917489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054390)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/storage/blobs/tmp/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054390/; classtype:trojan-activity;sid:83917490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054388)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/av.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054388/; classtype:trojan-activity;sid:83917488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054387)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/containers/video.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054387/; classtype:trojan-activity;sid:83917487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054383)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/run/libcontainerd/photo.scr"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054383/; classtype:trojan-activity;sid:83917483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054384)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/trust/video.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054384/; classtype:trojan-activity;sid:83917484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054385)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/run/swarm/video.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054385/; classtype:trojan-activity;sid:83917485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054386)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/network/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054386/; classtype:trojan-activity;sid:83917486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054382)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/storage/blobs/tmp/photo.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054382/; classtype:trojan-activity;sid:83917482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054380)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/photo.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054380/; classtype:trojan-activity;sid:83917480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054381)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/network/files/video.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054381/; classtype:trojan-activity;sid:83917481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054371)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/run/libcontainerd/video.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054371/; classtype:trojan-activity;sid:83917471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054372)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/overlay2/l/av.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054372/; classtype:trojan-activity;sid:83917472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054373)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/containers/photo.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054373/; classtype:trojan-activity;sid:83917473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054374)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/network/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054374/; classtype:trojan-activity;sid:83917474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054375)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/storage/blobs/video.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054375/; classtype:trojan-activity;sid:83917475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054376)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/layerdb/photo.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054376/; classtype:trojan-activity;sid:83917476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054377)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/tmp/video.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054377/; classtype:trojan-activity;sid:83917477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054378)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/layerdb/video.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054378/; classtype:trojan-activity;sid:83917478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054379)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/run/av.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054379/; classtype:trojan-activity;sid:83917479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054366)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/volumes/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054366/; classtype:trojan-activity;sid:83917466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054367)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/content/av.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054367/; classtype:trojan-activity;sid:83917467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054368)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/trust/video.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054368/; classtype:trojan-activity;sid:83917468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054369)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054369/; classtype:trojan-activity;sid:83917469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054370)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/run/video.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054370/; classtype:trojan-activity;sid:83917470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054355)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/metadata/av.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054355/; classtype:trojan-activity;sid:83917455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054356)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/av.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054356/; classtype:trojan-activity;sid:83917456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054357)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/metadata/sha256/photo.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054357/; classtype:trojan-activity;sid:83917457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054358)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/video.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054358/; classtype:trojan-activity;sid:83917458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054359)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/trust/photo.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054359/; classtype:trojan-activity;sid:83917459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054360)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/layerdb/av.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054360/; classtype:trojan-activity;sid:83917460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054361)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/containers/av.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054361/; classtype:trojan-activity;sid:83917461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054362)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/overlay2/photo.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054362/; classtype:trojan-activity;sid:83917462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054363)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/overlay2/l/video.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054363/; classtype:trojan-activity;sid:83917463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054364)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/video.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054364/; classtype:trojan-activity;sid:83917464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054365)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/tmp/av.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054365/; classtype:trojan-activity;sid:83917465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054352)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/content/info.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054352/; classtype:trojan-activity;sid:83917452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054353)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/containers/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054353/; classtype:trojan-activity;sid:83917453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054354)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/distribution/av.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054354/; classtype:trojan-activity;sid:83917454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054345)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/distribution/video.scr"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054345/; classtype:trojan-activity;sid:83917445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054346)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/swarm/av.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054346/; classtype:trojan-activity;sid:83917446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054347)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/video.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054347/; classtype:trojan-activity;sid:83917447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054348)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/run/video.scr"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054348/; classtype:trojan-activity;sid:83917448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054349)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/volumes/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054349/; classtype:trojan-activity;sid:83917449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054350)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/overlay2/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054350/; classtype:trojan-activity;sid:83917450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054351)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/storage/blobs/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054351/; classtype:trojan-activity;sid:83917451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054330)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/volumes/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054330/; classtype:trojan-activity;sid:83917430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054331)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/metadata/photo.scr"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054331/; classtype:trojan-activity;sid:83917431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054332)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/run/swarm/av.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054332/; classtype:trojan-activity;sid:83917432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054333)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/photo.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054333/; classtype:trojan-activity;sid:83917433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054334)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/distribution/photo.scr"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054334/; classtype:trojan-activity;sid:83917434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054335)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/storage/blobs/video.scr"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054335/; classtype:trojan-activity;sid:83917435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054336)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/photo.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054336/; classtype:trojan-activity;sid:83917436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054337)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/content/av.scr"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054337/; classtype:trojan-activity;sid:83917437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054338)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/storage/blobs/tmp/photo.scr"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054338/; classtype:trojan-activity;sid:83917438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054339)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/run/libcontainerd/containerd/photo.scr"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054339/; classtype:trojan-activity;sid:83917439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054340)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/metadata/sha256/photo.scr"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054340/; classtype:trojan-activity;sid:83917440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054341)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/tmp/photo.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054341/; classtype:trojan-activity;sid:83917441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054342)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/tmp/photo.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054342/; classtype:trojan-activity;sid:83917442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054343)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/video.scr"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054343/; classtype:trojan-activity;sid:83917443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054344)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/swarm/video.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054344/; classtype:trojan-activity;sid:83917444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054322)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/metadata/video.scr"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054322/; classtype:trojan-activity;sid:83917422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054323)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/network/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054323/; classtype:trojan-activity;sid:83917423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054324)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054324/; classtype:trojan-activity;sid:83917424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054325)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/av.scr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054325/; classtype:trojan-activity;sid:83917425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054326)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/volumes/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054326/; classtype:trojan-activity;sid:83917426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054327)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/layerdb/photo.scr"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054327/; classtype:trojan-activity;sid:83917427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054328)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/content/photo.scr"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054328/; classtype:trojan-activity;sid:83917428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054329)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/content/sha256/av.scr"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054329/; classtype:trojan-activity;sid:83917429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054320)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/storage/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054320/; classtype:trojan-activity;sid:83917420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054321)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/photo.scr"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054321/; classtype:trojan-activity;sid:83917421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054319)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/overlay2/av.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054319/; classtype:trojan-activity;sid:83917419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054317)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/metadata/video.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054317/; classtype:trojan-activity;sid:83917417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054318)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/overlay2/video.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054318/; classtype:trojan-activity;sid:83917418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054313)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/run/swarm/photo.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054313/; classtype:trojan-activity;sid:83917413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054314)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/overlay2/av.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054314/; classtype:trojan-activity;sid:83917414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054315)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054315/; classtype:trojan-activity;sid:83917415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054316)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/swarm/av.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054316/; classtype:trojan-activity;sid:83917416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054310)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/distribution/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054310/; classtype:trojan-activity;sid:83917410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054311)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/metadata/sha256/video.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054311/; classtype:trojan-activity;sid:83917411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054312)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/trust/av.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054312/; classtype:trojan-activity;sid:83917412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054304)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/overlay2/l/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054304/; classtype:trojan-activity;sid:83917404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054305)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/swarm/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054305/; classtype:trojan-activity;sid:83917405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054306)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/network/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054306/; classtype:trojan-activity;sid:83917406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054307)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/metadata/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054307/; classtype:trojan-activity;sid:83917407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054308)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/storage/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054308/; classtype:trojan-activity;sid:83917408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054309)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/content/sha256/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054309/; classtype:trojan-activity;sid:83917409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054302)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/volumes/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054302/; classtype:trojan-activity;sid:83917402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054303)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054303/; classtype:trojan-activity;sid:83917403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054298)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/overlay2/l/photo.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054298/; classtype:trojan-activity;sid:83917398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054299)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/run/libcontainerd/av.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054299/; classtype:trojan-activity;sid:83917399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054300)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/distribution/photo.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054300/; classtype:trojan-activity;sid:83917400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054301)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/containers/video.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054301/; classtype:trojan-activity;sid:83917401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054292)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/storage/blobs/tmp/video.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054292/; classtype:trojan-activity;sid:83917392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054293)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054293/; classtype:trojan-activity;sid:83917393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054294)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/video.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054294/; classtype:trojan-activity;sid:83917394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054295)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/storage/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054295/; classtype:trojan-activity;sid:83917395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054296)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/tmp/photo.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054296/; classtype:trojan-activity;sid:83917396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054297)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/tmp/av.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054297/; classtype:trojan-activity;sid:83917397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054288)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/plugins/storage/blobs/tmp/av.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054288/; classtype:trojan-activity;sid:83917388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.87.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054289/; classtype:trojan-activity;sid:83917389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054290)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/metadata/sha256/av.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054290/; classtype:trojan-activity;sid:83917390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054291)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054291/; classtype:trojan-activity;sid:83917391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054278)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/run/libcontainerd/photo.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054278/; classtype:trojan-activity;sid:83917378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054279)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/run/libcontainerd/containerd/video.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054279/; classtype:trojan-activity;sid:83917379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054280)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/run/swarm/av.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054280/; classtype:trojan-activity;sid:83917380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054281)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/network/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054281/; classtype:trojan-activity;sid:83917381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054282)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/run/libcontainerd/containerd/photo.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054282/; classtype:trojan-activity;sid:83917382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054283)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/content/photo.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054283/; classtype:trojan-activity;sid:83917383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054284)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054284/; classtype:trojan-activity;sid:83917384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054285)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/content/sha256/video.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054285/; classtype:trojan-activity;sid:83917385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054286)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/video.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054286/; classtype:trojan-activity;sid:83917386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054287)"; flow:established,from_client; content:"GET"; http_method; content:"/docker/lib/image/overlay2/imagedb/content/sha256/photo.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"183.30.202.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054287/; classtype:trojan-activity;sid:83917387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.0.114"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054277/; classtype:trojan-activity;sid:83917377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054276)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.35.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054276/; classtype:trojan-activity;sid:83917376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.61.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054275/; classtype:trojan-activity;sid:83917375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.93.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054273/; classtype:trojan-activity;sid:83917373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.83.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054274/; classtype:trojan-activity;sid:83917374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.89.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054271/; classtype:trojan-activity;sid:83917371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.188.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054272/; classtype:trojan-activity;sid:83917372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.70.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054268/; classtype:trojan-activity;sid:83917368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.37.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054269/; classtype:trojan-activity;sid:83917369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.34.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054270/; classtype:trojan-activity;sid:83917370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054267)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.255.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054267/; classtype:trojan-activity;sid:83917367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054262)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.178.222.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054262/; classtype:trojan-activity;sid:83917362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054263)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.56.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054263/; classtype:trojan-activity;sid:83917363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.68.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054264/; classtype:trojan-activity;sid:83917364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054265)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.216.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054265/; classtype:trojan-activity;sid:83917365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054266/; classtype:trojan-activity;sid:83917366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.217.63.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054261/; classtype:trojan-activity;sid:83917361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.11.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054260/; classtype:trojan-activity;sid:83917360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.41.44"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054259/; classtype:trojan-activity;sid:83917359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.240.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054255/; classtype:trojan-activity;sid:83917355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.173.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054253/; classtype:trojan-activity;sid:83917353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.47.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054254/; classtype:trojan-activity;sid:83917354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.88.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054252/; classtype:trojan-activity;sid:83917352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.11.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054250/; classtype:trojan-activity;sid:83917350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.210.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054251/; classtype:trojan-activity;sid:83917351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.142.224.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054249/; classtype:trojan-activity;sid:83917349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.116.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054246/; classtype:trojan-activity;sid:83917346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.208.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054247/; classtype:trojan-activity;sid:83917347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.245.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054248/; classtype:trojan-activity;sid:83917348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.170.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054245/; classtype:trojan-activity;sid:83917345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.223.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054244/; classtype:trojan-activity;sid:83917344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.51.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054243/; classtype:trojan-activity;sid:83917343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.221.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054242/; classtype:trojan-activity;sid:83917342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.252.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054241/; classtype:trojan-activity;sid:83917341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054238)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.91.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054238/; classtype:trojan-activity;sid:83917338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054239)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.164.115.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054239/; classtype:trojan-activity;sid:83917339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054240)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.93.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054240/; classtype:trojan-activity;sid:83917340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.17.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054237/; classtype:trojan-activity;sid:83917337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.30.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054236/; classtype:trojan-activity;sid:83917336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.130.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054235/; classtype:trojan-activity;sid:83917335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054234)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.15.236.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054234/; classtype:trojan-activity;sid:83917334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.208.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054233/; classtype:trojan-activity;sid:83917333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.61.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054232/; classtype:trojan-activity;sid:83917332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.33.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054231/; classtype:trojan-activity;sid:83917331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.37.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054229/; classtype:trojan-activity;sid:83917329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.82.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054230/; classtype:trojan-activity;sid:83917330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.45.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054228/; classtype:trojan-activity;sid:83917328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.83.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054227/; classtype:trojan-activity;sid:83917327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.234.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054226/; classtype:trojan-activity;sid:83917326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054225)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.124.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054225/; classtype:trojan-activity;sid:83917325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.165.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054224/; classtype:trojan-activity;sid:83917324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054223)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.162.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054223/; classtype:trojan-activity;sid:83917323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.251.50.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054222/; classtype:trojan-activity;sid:83917322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054221)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054221/; classtype:trojan-activity;sid:83917321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054219)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.239.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054219/; classtype:trojan-activity;sid:83917319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.188.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054220/; classtype:trojan-activity;sid:83917320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054218)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.88.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054218/; classtype:trojan-activity;sid:83917318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.225.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054217/; classtype:trojan-activity;sid:83917317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.68.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054216/; classtype:trojan-activity;sid:83917316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.11.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054215/; classtype:trojan-activity;sid:83917315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.201.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054214/; classtype:trojan-activity;sid:83917314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.41.44"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054213/; classtype:trojan-activity;sid:83917313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.126.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054212/; classtype:trojan-activity;sid:83917312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.116.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054210/; classtype:trojan-activity;sid:83917310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.210.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054211/; classtype:trojan-activity;sid:83917311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054209)"; flow:established,from_client; content:"GET"; http_method; content:"/c10a74a0c2f42c12/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"85.28.47.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054209/; classtype:trojan-activity;sid:83917309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054206)"; flow:established,from_client; content:"GET"; http_method; content:"/selectex-file-host/mnenepohudet_20240719231018.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"185.196.10.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054206/; classtype:trojan-activity;sid:83917306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054207)"; flow:established,from_client; content:"GET"; http_method; content:"/c10a74a0c2f42c12/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"85.28.47.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054207/; classtype:trojan-activity;sid:83917307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054208)"; flow:established,from_client; content:"GET"; http_method; content:"/c10a74a0c2f42c12/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"85.28.47.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054208/; classtype:trojan-activity;sid:83917308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054202)"; flow:established,from_client; content:"GET"; http_method; content:"/c10a74a0c2f42c12/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"85.28.47.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054202/; classtype:trojan-activity;sid:83917302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054203)"; flow:established,from_client; content:"GET"; http_method; content:"/134598672.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.196.10.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054203/; classtype:trojan-activity;sid:83917303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054204)"; flow:established,from_client; content:"GET"; http_method; content:"/c10a74a0c2f42c12/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"85.28.47.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054204/; classtype:trojan-activity;sid:83917304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.208.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054205/; classtype:trojan-activity;sid:83917305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054199)"; flow:established,from_client; content:"GET"; http_method; content:"/c10a74a0c2f42c12/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"85.28.47.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054199/; classtype:trojan-activity;sid:83917299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054200)"; flow:established,from_client; content:"GET"; http_method; content:"/c10a74a0c2f42c12/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"85.28.47.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054200/; classtype:trojan-activity;sid:83917300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.223.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054198/; classtype:trojan-activity;sid:83917298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.215.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054197/; classtype:trojan-activity;sid:83917297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.87.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054196/; classtype:trojan-activity;sid:83917296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054195)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.12.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054195/; classtype:trojan-activity;sid:83917295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054193)"; flow:established,from_client; content:"GET"; http_method; content:"/selectex-file-host/12x2.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.196.10.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054193/; classtype:trojan-activity;sid:83917293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054194)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.6.88.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054194/; classtype:trojan-activity;sid:83917294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054192)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.181.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054192/; classtype:trojan-activity;sid:83917292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054191)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.162.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054191/; classtype:trojan-activity;sid:83917291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054189)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.12.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054189/; classtype:trojan-activity;sid:83917289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054190)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.39.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054190/; classtype:trojan-activity;sid:83917290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.239.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054187/; classtype:trojan-activity;sid:83917287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.130.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054188/; classtype:trojan-activity;sid:83917288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054185)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.119.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054185/; classtype:trojan-activity;sid:83917285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054186)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.81.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054186/; classtype:trojan-activity;sid:83917286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.4.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054184/; classtype:trojan-activity;sid:83917284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054182)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.4.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054182/; classtype:trojan-activity;sid:83917282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054183)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.40.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054183/; classtype:trojan-activity;sid:83917283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054181)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.12.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054181/; classtype:trojan-activity;sid:83917281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.43.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054178/; classtype:trojan-activity;sid:83917278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054179)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.86.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054179/; classtype:trojan-activity;sid:83917279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.45.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054180/; classtype:trojan-activity;sid:83917280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.11.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054177/; classtype:trojan-activity;sid:83917277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.50.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054176/; classtype:trojan-activity;sid:83917276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.43.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054175/; classtype:trojan-activity;sid:83917275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.78.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054174/; classtype:trojan-activity;sid:83917274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.188.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054173/; classtype:trojan-activity;sid:83917273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.168.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054172/; classtype:trojan-activity;sid:83917272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054171)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.155.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054171/; classtype:trojan-activity;sid:83917271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054170)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.57.173.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054170/; classtype:trojan-activity;sid:83917270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.216.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054169/; classtype:trojan-activity;sid:83917269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.218.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054168/; classtype:trojan-activity;sid:83917268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.238.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054166/; classtype:trojan-activity;sid:83917266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.209.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054167/; classtype:trojan-activity;sid:83917267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.32.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054165/; classtype:trojan-activity;sid:83917265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.21.243"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054164/; classtype:trojan-activity;sid:83917264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.138.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054163/; classtype:trojan-activity;sid:83917263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.181.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054162/; classtype:trojan-activity;sid:83917262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.9.1"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054160/; classtype:trojan-activity;sid:83917260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.168.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054161/; classtype:trojan-activity;sid:83917261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.239.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054159/; classtype:trojan-activity;sid:83917259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.38.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054158/; classtype:trojan-activity;sid:83917258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.56.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054157/; classtype:trojan-activity;sid:83917257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.69.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054156/; classtype:trojan-activity;sid:83917256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054154)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.199.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054154/; classtype:trojan-activity;sid:83917254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054155)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054155/; classtype:trojan-activity;sid:83917255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.12.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054153/; classtype:trojan-activity;sid:83917253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.52.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054151/; classtype:trojan-activity;sid:83917251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.10.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054152/; classtype:trojan-activity;sid:83917252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.209.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054149/; classtype:trojan-activity;sid:83917249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.43.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054150/; classtype:trojan-activity;sid:83917250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.86.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054148/; classtype:trojan-activity;sid:83917248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.47.175.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054147/; classtype:trojan-activity;sid:83917247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.56.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054146/; classtype:trojan-activity;sid:83917246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.11.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054145/; classtype:trojan-activity;sid:83917245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.224.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054144/; classtype:trojan-activity;sid:83917244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.148.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054143/; classtype:trojan-activity;sid:83917243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.161.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054142/; classtype:trojan-activity;sid:83917242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.218.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054140/; classtype:trojan-activity;sid:83917240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.95.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054141/; classtype:trojan-activity;sid:83917241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.177.98.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054139/; classtype:trojan-activity;sid:83917239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.90.131"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054137/; classtype:trojan-activity;sid:83917237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054138)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.213.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054138/; classtype:trojan-activity;sid:83917238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.74.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054136/; classtype:trojan-activity;sid:83917236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.49.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054135/; classtype:trojan-activity;sid:83917235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054134)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.178.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054134/; classtype:trojan-activity;sid:83917234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054133)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.167.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054133/; classtype:trojan-activity;sid:83917233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.207.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054132/; classtype:trojan-activity;sid:83917232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.135.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054130/; classtype:trojan-activity;sid:83917230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.168.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054131/; classtype:trojan-activity;sid:83917231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.74.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054128/; classtype:trojan-activity;sid:83917228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.181.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054129/; classtype:trojan-activity;sid:83917229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054127/; classtype:trojan-activity;sid:83917227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.138.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054126/; classtype:trojan-activity;sid:83917226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.199.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054125/; classtype:trojan-activity;sid:83917225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.56.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054124/; classtype:trojan-activity;sid:83917224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.215.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054123/; classtype:trojan-activity;sid:83917223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.61.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054122/; classtype:trojan-activity;sid:83917222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.164.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054121/; classtype:trojan-activity;sid:83917221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.19.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054120/; classtype:trojan-activity;sid:83917220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.36.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054119/; classtype:trojan-activity;sid:83917219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.161.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054118/; classtype:trojan-activity;sid:83917218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.209.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054117/; classtype:trojan-activity;sid:83917217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054116)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.94.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054116/; classtype:trojan-activity;sid:83917216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.191.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054114/; classtype:trojan-activity;sid:83917214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054115)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.13.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054115/; classtype:trojan-activity;sid:83917215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.52.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054113/; classtype:trojan-activity;sid:83917213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054112)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.100.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054112/; classtype:trojan-activity;sid:83917212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054110)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.18.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054110/; classtype:trojan-activity;sid:83917210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054111)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.38.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054111/; classtype:trojan-activity;sid:83917211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.245.243.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054109/; classtype:trojan-activity;sid:83917209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.7.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054108/; classtype:trojan-activity;sid:83917208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.210.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054107/; classtype:trojan-activity;sid:83917207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054106)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.212.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054106/; classtype:trojan-activity;sid:83917206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.158.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054105/; classtype:trojan-activity;sid:83917205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.11.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054104/; classtype:trojan-activity;sid:83917204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.122.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054103/; classtype:trojan-activity;sid:83917203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.161.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054102/; classtype:trojan-activity;sid:83917202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.177.98.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054101/; classtype:trojan-activity;sid:83917201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.207.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054100/; classtype:trojan-activity;sid:83917200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.137.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054098/; classtype:trojan-activity;sid:83917198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.74.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054099/; classtype:trojan-activity;sid:83917199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054097)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.68.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054097/; classtype:trojan-activity;sid:83917197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.90.131"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054096/; classtype:trojan-activity;sid:83917196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.138.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054095/; classtype:trojan-activity;sid:83917195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054094)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.48.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054094/; classtype:trojan-activity;sid:83917194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.225.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054093/; classtype:trojan-activity;sid:83917193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054092/; classtype:trojan-activity;sid:83917192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.84.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054091/; classtype:trojan-activity;sid:83917191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.61.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054090/; classtype:trojan-activity;sid:83917190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054089)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.249.48.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054089/; classtype:trojan-activity;sid:83917189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.56.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054088/; classtype:trojan-activity;sid:83917188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.19.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054087/; classtype:trojan-activity;sid:83917187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054086)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.249.48.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054086/; classtype:trojan-activity;sid:83917186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.213.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054085/; classtype:trojan-activity;sid:83917185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.199.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054084/; classtype:trojan-activity;sid:83917184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.242.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054083/; classtype:trojan-activity;sid:83917183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.74.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054082/; classtype:trojan-activity;sid:83917182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.32.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054081/; classtype:trojan-activity;sid:83917181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054080)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054080/; classtype:trojan-activity;sid:83917180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.220.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054078/; classtype:trojan-activity;sid:83917178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.210.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054079/; classtype:trojan-activity;sid:83917179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.126.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054077/; classtype:trojan-activity;sid:83917177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054076)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.157.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054076/; classtype:trojan-activity;sid:83917176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.127.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054074/; classtype:trojan-activity;sid:83917174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.170.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054075/; classtype:trojan-activity;sid:83917175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054072)"; flow:established,from_client; content:"GET"; http_method; content:"/3.0.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.196.10.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054072/; classtype:trojan-activity;sid:83917172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.93.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054073/; classtype:trojan-activity;sid:83917173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.186.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054071/; classtype:trojan-activity;sid:83917171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.154.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054070/; classtype:trojan-activity;sid:83917170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.130.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054069/; classtype:trojan-activity;sid:83917169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.163.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054068/; classtype:trojan-activity;sid:83917168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.235.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054067/; classtype:trojan-activity;sid:83917167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.154.92.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054066/; classtype:trojan-activity;sid:83917166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054064)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.171.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054064/; classtype:trojan-activity;sid:83917164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054065)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.239.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054065/; classtype:trojan-activity;sid:83917165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.21.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054062/; classtype:trojan-activity;sid:83917162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.95.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054063/; classtype:trojan-activity;sid:83917163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054061)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.169.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054061/; classtype:trojan-activity;sid:83917161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054060)"; flow:established,from_client; content:"GET"; http_method; content:"/prog/669b5b78252ea_googlesoft.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"79.137.192.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054060/; classtype:trojan-activity;sid:83917160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054059)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.170.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054059/; classtype:trojan-activity;sid:83917159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.84.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054058/; classtype:trojan-activity;sid:83917158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.60.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054057/; classtype:trojan-activity;sid:83917157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.154.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054056/; classtype:trojan-activity;sid:83917156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.180.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054054/; classtype:trojan-activity;sid:83917154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.180.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054055/; classtype:trojan-activity;sid:83917155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.98.20"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054053/; classtype:trojan-activity;sid:83917153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.88.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054052/; classtype:trojan-activity;sid:83917152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.116.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054051/; classtype:trojan-activity;sid:83917151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054049)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.249.48.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054049/; classtype:trojan-activity;sid:83917149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054050)"; flow:established,from_client; content:"GET"; http_method; content:"/bare.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.90.12.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054050/; classtype:trojan-activity;sid:83917150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054048)"; flow:established,from_client; content:"GET"; http_method; content:"/htdocs.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"fssists.site"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054048/; classtype:trojan-activity;sid:83917148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054047)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.249.48.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054047/; classtype:trojan-activity;sid:83917147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.121.3.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054046/; classtype:trojan-activity;sid:83917146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.184.36.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054044/; classtype:trojan-activity;sid:83917144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.161.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054045/; classtype:trojan-activity;sid:83917145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054041)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.92.247.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054041/; classtype:trojan-activity;sid:83917141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054042)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.92.247.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054042/; classtype:trojan-activity;sid:83917142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054043)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.92.247.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054043/; classtype:trojan-activity;sid:83917143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.116.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054040/; classtype:trojan-activity;sid:83917140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.19.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054039/; classtype:trojan-activity;sid:83917139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.141.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054038/; classtype:trojan-activity;sid:83917138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.88.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054037/; classtype:trojan-activity;sid:83917137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.126.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054035/; classtype:trojan-activity;sid:83917135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.169.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054036/; classtype:trojan-activity;sid:83917136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.245.243.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054034/; classtype:trojan-activity;sid:83917134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.199.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054033/; classtype:trojan-activity;sid:83917133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.227.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054032/; classtype:trojan-activity;sid:83917132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.93.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054031/; classtype:trojan-activity;sid:83917131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.161.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054030/; classtype:trojan-activity;sid:83917130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.138.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054029/; classtype:trojan-activity;sid:83917129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.38.123.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054028/; classtype:trojan-activity;sid:83917128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.186.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054027/; classtype:trojan-activity;sid:83917127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.116.45.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054026/; classtype:trojan-activity;sid:83917126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.130.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054024/; classtype:trojan-activity;sid:83917124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.154.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054025/; classtype:trojan-activity;sid:83917125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.163.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054023/; classtype:trojan-activity;sid:83917123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.52.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054022/; classtype:trojan-activity;sid:83917122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.227.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054021/; classtype:trojan-activity;sid:83917121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.154.92.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054020/; classtype:trojan-activity;sid:83917120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.21.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054019/; classtype:trojan-activity;sid:83917119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.169.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054018/; classtype:trojan-activity;sid:83917118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054017)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.221.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054017/; classtype:trojan-activity;sid:83917117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054016)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054016/; classtype:trojan-activity;sid:83917116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054014)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.27.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054014/; classtype:trojan-activity;sid:83917114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054015)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.71.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054015/; classtype:trojan-activity;sid:83917115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.221.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054013/; classtype:trojan-activity;sid:83917113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.204.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054012/; classtype:trojan-activity;sid:83917112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.7.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054011/; classtype:trojan-activity;sid:83917111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.211.201.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054010/; classtype:trojan-activity;sid:83917110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.116.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054009/; classtype:trojan-activity;sid:83917109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054006)"; flow:established,from_client; content:"GET"; http_method; content:"/selectex-file-host/anony.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.196.10.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054006/; classtype:trojan-activity;sid:83917106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054007)"; flow:established,from_client; content:"GET"; http_method; content:"/selectex-file-host/lummac2.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.196.10.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054007/; classtype:trojan-activity;sid:83917107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054008)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/hnc/hn.gn.gn.gngn.gn.gn.gn.doc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"107.172.4.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054008/; classtype:trojan-activity;sid:83917108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.169.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054005/; classtype:trojan-activity;sid:83917105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.199.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054004/; classtype:trojan-activity;sid:83917104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.21.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054003/; classtype:trojan-activity;sid:83917103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.211.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054002/; classtype:trojan-activity;sid:83917102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.169.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054001/; classtype:trojan-activity;sid:83917101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3054000)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.133.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3054000/; classtype:trojan-activity;sid:83917100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053998)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.67.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053998/; classtype:trojan-activity;sid:83917098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053999)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.41.138.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053999/; classtype:trojan-activity;sid:83917099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053997)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/widgets/appgate018ver1.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"easy2buy.ae"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053997/; classtype:trojan-activity;sid:83917097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.38.123.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053996/; classtype:trojan-activity;sid:83917096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.161.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053995/; classtype:trojan-activity;sid:83917095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.227.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053994/; classtype:trojan-activity;sid:83917094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.59.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053993/; classtype:trojan-activity;sid:83917093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.147.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053992/; classtype:trojan-activity;sid:83917092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.16.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053991/; classtype:trojan-activity;sid:83917091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.52.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053990/; classtype:trojan-activity;sid:83917090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.214.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053989/; classtype:trojan-activity;sid:83917089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.82.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053988/; classtype:trojan-activity;sid:83917088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.59.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053987/; classtype:trojan-activity;sid:83917087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.250.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053986/; classtype:trojan-activity;sid:83917086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053985)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.126.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053985/; classtype:trojan-activity;sid:83917085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053984)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.180.36.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053984/; classtype:trojan-activity;sid:83917084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.164.230.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053983/; classtype:trojan-activity;sid:83917083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.39.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053980/; classtype:trojan-activity;sid:83917080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053981)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.79.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053981/; classtype:trojan-activity;sid:83917081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053982)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053982/; classtype:trojan-activity;sid:83917082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.144.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053979/; classtype:trojan-activity;sid:83917079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.146.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053978/; classtype:trojan-activity;sid:83917078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.112.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053977/; classtype:trojan-activity;sid:83917077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053976)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.37.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053976/; classtype:trojan-activity;sid:83917076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.200.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053975/; classtype:trojan-activity;sid:83917075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.118.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053974/; classtype:trojan-activity;sid:83917074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053972/; classtype:trojan-activity;sid:83917072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.175.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053973/; classtype:trojan-activity;sid:83917073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.56.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053971/; classtype:trojan-activity;sid:83917071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053970)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.2.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053970/; classtype:trojan-activity;sid:83917070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053969)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.217.187.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053969/; classtype:trojan-activity;sid:83917069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.64.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053968/; classtype:trojan-activity;sid:83917068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.111.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053967/; classtype:trojan-activity;sid:83917067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053966)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.138.12.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053966/; classtype:trojan-activity;sid:83917066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053964)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053964/; classtype:trojan-activity;sid:83917064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.25.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053965/; classtype:trojan-activity;sid:83917065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.227.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053960/; classtype:trojan-activity;sid:83917060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.214.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053961/; classtype:trojan-activity;sid:83917061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053962)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.185.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053962/; classtype:trojan-activity;sid:83917062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053963)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.210.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053963/; classtype:trojan-activity;sid:83917063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053958)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.82.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053958/; classtype:trojan-activity;sid:83917058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053959)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.219.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053959/; classtype:trojan-activity;sid:83917059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.94.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053957/; classtype:trojan-activity;sid:83917057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.91.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053956/; classtype:trojan-activity;sid:83917056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.48.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053955/; classtype:trojan-activity;sid:83917055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.147.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053954/; classtype:trojan-activity;sid:83917054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.24.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053953/; classtype:trojan-activity;sid:83917053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.175.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053952/; classtype:trojan-activity;sid:83917052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.13.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053951/; classtype:trojan-activity;sid:83917051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.59.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053949/; classtype:trojan-activity;sid:83917049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.82.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053950/; classtype:trojan-activity;sid:83917050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053948)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.2.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053948/; classtype:trojan-activity;sid:83917048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.34.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053947/; classtype:trojan-activity;sid:83917047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.144.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053945/; classtype:trojan-activity;sid:83917045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.187.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053946/; classtype:trojan-activity;sid:83917046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.137.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053944/; classtype:trojan-activity;sid:83917044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.182.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053942/; classtype:trojan-activity;sid:83917042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.174.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053943/; classtype:trojan-activity;sid:83917043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053941)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.111.102.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053941/; classtype:trojan-activity;sid:83917041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.166.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053939/; classtype:trojan-activity;sid:83917039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.160.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053940/; classtype:trojan-activity;sid:83917040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.168.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053938/; classtype:trojan-activity;sid:83917038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.112.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053937/; classtype:trojan-activity;sid:83917037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.111.102.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053936/; classtype:trojan-activity;sid:83917036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.45.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053935/; classtype:trojan-activity;sid:83917035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.100.62.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053934/; classtype:trojan-activity;sid:83917034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.112.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053933/; classtype:trojan-activity;sid:83917033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.200.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053932/; classtype:trojan-activity;sid:83917032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.74.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053931/; classtype:trojan-activity;sid:83917031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.12.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053930/; classtype:trojan-activity;sid:83917030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.118.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053929/; classtype:trojan-activity;sid:83917029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.47.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053927/; classtype:trojan-activity;sid:83917027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.193.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053928/; classtype:trojan-activity;sid:83917028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053925)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.92.247.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053925/; classtype:trojan-activity;sid:83917025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053926)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.92.247.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053926/; classtype:trojan-activity;sid:83917026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053923)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.92.247.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053923/; classtype:trojan-activity;sid:83917023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053924)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.92.247.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053924/; classtype:trojan-activity;sid:83917024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.116.57.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053921/; classtype:trojan-activity;sid:83917021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.160.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053922/; classtype:trojan-activity;sid:83917022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.95.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053920/; classtype:trojan-activity;sid:83917020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053919)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.46.7"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053919/; classtype:trojan-activity;sid:83917019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.94.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053918/; classtype:trojan-activity;sid:83917018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053917)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.35.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053917/; classtype:trojan-activity;sid:83917017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053915/; classtype:trojan-activity;sid:83917015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.13.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053916/; classtype:trojan-activity;sid:83917016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053912)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.60.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053912/; classtype:trojan-activity;sid:83917012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053913)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.161.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053913/; classtype:trojan-activity;sid:83917013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053914)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.91.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053914/; classtype:trojan-activity;sid:83917014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.83.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053911/; classtype:trojan-activity;sid:83917011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.64.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053910/; classtype:trojan-activity;sid:83917010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.137.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053909/; classtype:trojan-activity;sid:83917009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053908)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.72.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053908/; classtype:trojan-activity;sid:83917008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.87.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053907/; classtype:trojan-activity;sid:83917007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.184.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053905/; classtype:trojan-activity;sid:83917005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053906/; classtype:trojan-activity;sid:83917006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.42.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053904/; classtype:trojan-activity;sid:83917004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.100.62.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053903/; classtype:trojan-activity;sid:83917003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.91.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053902/; classtype:trojan-activity;sid:83917002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.111.102.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053901/; classtype:trojan-activity;sid:83917001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.160.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053900/; classtype:trojan-activity;sid:83917000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.214.11.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053898/; classtype:trojan-activity;sid:83916998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053899)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.172.51.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053899/; classtype:trojan-activity;sid:83916999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.232.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053897/; classtype:trojan-activity;sid:83916997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.202.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053896/; classtype:trojan-activity;sid:83916996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.169.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053895/; classtype:trojan-activity;sid:83916995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.41.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053894/; classtype:trojan-activity;sid:83916994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.213.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053893/; classtype:trojan-activity;sid:83916993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.4.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053892/; classtype:trojan-activity;sid:83916992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053891)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/live.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"77.91.77.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053891/; classtype:trojan-activity;sid:83916991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.81.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053889/; classtype:trojan-activity;sid:83916989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053890)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/comedraft.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"77.91.77.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053890/; classtype:trojan-activity;sid:83916990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.166.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053888/; classtype:trojan-activity;sid:83916988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.160.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053887/; classtype:trojan-activity;sid:83916987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.104.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053886/; classtype:trojan-activity;sid:83916986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.94.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053885/; classtype:trojan-activity;sid:83916985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.168.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053884/; classtype:trojan-activity;sid:83916984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.57.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053883/; classtype:trojan-activity;sid:83916983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053882)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.55.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053882/; classtype:trojan-activity;sid:83916982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.168.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053881/; classtype:trojan-activity;sid:83916981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.72.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053880/; classtype:trojan-activity;sid:83916980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.40.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053879/; classtype:trojan-activity;sid:83916979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.49.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053878/; classtype:trojan-activity;sid:83916978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.96.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053877/; classtype:trojan-activity;sid:83916977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.184.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053874/; classtype:trojan-activity;sid:83916974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.70.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053875/; classtype:trojan-activity;sid:83916975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.127.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053876/; classtype:trojan-activity;sid:83916976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053873)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.244.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053873/; classtype:trojan-activity;sid:83916973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.59.107.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053872/; classtype:trojan-activity;sid:83916972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.254.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053871/; classtype:trojan-activity;sid:83916971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.118.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053870/; classtype:trojan-activity;sid:83916970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.108.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053869/; classtype:trojan-activity;sid:83916969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.219.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053868/; classtype:trojan-activity;sid:83916968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.47.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053867/; classtype:trojan-activity;sid:83916967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053866)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.160.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053866/; classtype:trojan-activity;sid:83916966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.119.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053865/; classtype:trojan-activity;sid:83916965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.41.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053863/; classtype:trojan-activity;sid:83916963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053864)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.21.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053864/; classtype:trojan-activity;sid:83916964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053862/; classtype:trojan-activity;sid:83916962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.81.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053861/; classtype:trojan-activity;sid:83916961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.42.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053860/; classtype:trojan-activity;sid:83916960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.2.100"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053859/; classtype:trojan-activity;sid:83916959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.239.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053858/; classtype:trojan-activity;sid:83916958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.247.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053857/; classtype:trojan-activity;sid:83916957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.11.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053856/; classtype:trojan-activity;sid:83916956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.163.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053853/; classtype:trojan-activity;sid:83916953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.88.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053854/; classtype:trojan-activity;sid:83916954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.109.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053855/; classtype:trojan-activity;sid:83916955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.86.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053852/; classtype:trojan-activity;sid:83916952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.222.225.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053851/; classtype:trojan-activity;sid:83916951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.216.34.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053849/; classtype:trojan-activity;sid:83916949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.124.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053850/; classtype:trojan-activity;sid:83916950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.40.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053848/; classtype:trojan-activity;sid:83916948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.85.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053846/; classtype:trojan-activity;sid:83916946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.171.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053847/; classtype:trojan-activity;sid:83916947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053845)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.67.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053845/; classtype:trojan-activity;sid:83916945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053844)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.46.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053844/; classtype:trojan-activity;sid:83916944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.39.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053843/; classtype:trojan-activity;sid:83916943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.70.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053842/; classtype:trojan-activity;sid:83916942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.209.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053841/; classtype:trojan-activity;sid:83916941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053840)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.4.184"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053840/; classtype:trojan-activity;sid:83916940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.75.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053839/; classtype:trojan-activity;sid:83916939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.174.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053838/; classtype:trojan-activity;sid:83916938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.59.107.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053837/; classtype:trojan-activity;sid:83916937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053836)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/morphine.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"morphine.lol"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053836/; classtype:trojan-activity;sid:83916936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053835)"; flow:established,from_client; content:"GET"; http_method; content:"/selectex-file-host/92584v.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.196.10.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053835/; classtype:trojan-activity;sid:83916935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053834)"; flow:established,from_client; content:"GET"; http_method; content:"/selectex-file-host/1x212.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.196.10.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053834/; classtype:trojan-activity;sid:83916934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053833)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.88.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053833/; classtype:trojan-activity;sid:83916933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.8.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053832/; classtype:trojan-activity;sid:83916932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.219.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053831/; classtype:trojan-activity;sid:83916931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.244.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053828/; classtype:trojan-activity;sid:83916928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.35.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053829/; classtype:trojan-activity;sid:83916929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.73.143.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053830/; classtype:trojan-activity;sid:83916930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053827)"; flow:established,from_client; content:"GET"; http_method; content:"/selectex-file-host/main.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.196.10.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053827/; classtype:trojan-activity;sid:83916927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.172.51.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053825/; classtype:trojan-activity;sid:83916925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053826)"; flow:established,from_client; content:"GET"; http_method; content:"/selectex-file-host/appdrivesound.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"185.196.10.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053826/; classtype:trojan-activity;sid:83916926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053824)"; flow:established,from_client; content:"GET"; http_method; content:"/lummnew.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.196.10.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053824/; classtype:trojan-activity;sid:83916924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053823)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.70.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053823/; classtype:trojan-activity;sid:83916923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.118.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053822/; classtype:trojan-activity;sid:83916922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.102.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053821/; classtype:trojan-activity;sid:83916921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053820)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.139.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053820/; classtype:trojan-activity;sid:83916920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.173.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053819/; classtype:trojan-activity;sid:83916919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.239.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053818/; classtype:trojan-activity;sid:83916918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.112.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053817/; classtype:trojan-activity;sid:83916917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.81.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053815/; classtype:trojan-activity;sid:83916915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.88.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053816/; classtype:trojan-activity;sid:83916916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.109.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053814/; classtype:trojan-activity;sid:83916914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053813)"; flow:established,from_client; content:"GET"; http_method; content:"/firstz.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"79.137.192.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053813/; classtype:trojan-activity;sid:83916913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.85.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053812/; classtype:trojan-activity;sid:83916912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.247.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053811/; classtype:trojan-activity;sid:83916911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.216.34.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053810/; classtype:trojan-activity;sid:83916910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.163.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053809/; classtype:trojan-activity;sid:83916909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053808)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.137.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053808/; classtype:trojan-activity;sid:83916908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.174.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053807/; classtype:trojan-activity;sid:83916907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053806)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.73.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053806/; classtype:trojan-activity;sid:83916906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.117.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053804/; classtype:trojan-activity;sid:83916904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053805)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.238.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053805/; classtype:trojan-activity;sid:83916905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.75.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053803/; classtype:trojan-activity;sid:83916903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.225.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053802/; classtype:trojan-activity;sid:83916902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.217.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053801/; classtype:trojan-activity;sid:83916901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.167.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053800/; classtype:trojan-activity;sid:83916900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.241.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053799/; classtype:trojan-activity;sid:83916899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.73.143.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053798/; classtype:trojan-activity;sid:83916898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.164.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053797/; classtype:trojan-activity;sid:83916897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.255.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053795/; classtype:trojan-activity;sid:83916895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.146.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053796/; classtype:trojan-activity;sid:83916896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.149.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053794/; classtype:trojan-activity;sid:83916894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.102.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053793/; classtype:trojan-activity;sid:83916893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.81.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053791/; classtype:trojan-activity;sid:83916891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.173.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053792/; classtype:trojan-activity;sid:83916892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.166.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053790/; classtype:trojan-activity;sid:83916890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053789)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.70.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053789/; classtype:trojan-activity;sid:83916889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053788)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.143.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053788/; classtype:trojan-activity;sid:83916888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.251.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053785/; classtype:trojan-activity;sid:83916885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.85.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053786/; classtype:trojan-activity;sid:83916886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.13.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053787/; classtype:trojan-activity;sid:83916887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.165.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053783/; classtype:trojan-activity;sid:83916883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.107.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053784/; classtype:trojan-activity;sid:83916884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053782/; classtype:trojan-activity;sid:83916882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.214.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053781/; classtype:trojan-activity;sid:83916881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.246.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053780/; classtype:trojan-activity;sid:83916880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.118.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053779/; classtype:trojan-activity;sid:83916879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.238.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053778/; classtype:trojan-activity;sid:83916878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.174.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053777/; classtype:trojan-activity;sid:83916877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.178.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053776/; classtype:trojan-activity;sid:83916876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.1.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053774/; classtype:trojan-activity;sid:83916874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.131.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053775/; classtype:trojan-activity;sid:83916875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.132.76.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053773/; classtype:trojan-activity;sid:83916873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053772)"; flow:established,from_client; content:"GET"; http_method; content:"/selectex-file-host/live3.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.196.10.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053772/; classtype:trojan-activity;sid:83916872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053770)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.184.36.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053770/; classtype:trojan-activity;sid:83916870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053771)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.238.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053771/; classtype:trojan-activity;sid:83916871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.16.211.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053769/; classtype:trojan-activity;sid:83916869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053768/; classtype:trojan-activity;sid:83916868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.112.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053767/; classtype:trojan-activity;sid:83916867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.217.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053766/; classtype:trojan-activity;sid:83916866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.10.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053765/; classtype:trojan-activity;sid:83916865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.46.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053764/; classtype:trojan-activity;sid:83916864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053763/; classtype:trojan-activity;sid:83916863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.20.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053761/; classtype:trojan-activity;sid:83916861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.134.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053762/; classtype:trojan-activity;sid:83916862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.58.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053760/; classtype:trojan-activity;sid:83916860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.251.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053759/; classtype:trojan-activity;sid:83916859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053758)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.226.242.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053758/; classtype:trojan-activity;sid:83916858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053757)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.253.126.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053757/; classtype:trojan-activity;sid:83916857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.0.245.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053756/; classtype:trojan-activity;sid:83916856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.165.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053755/; classtype:trojan-activity;sid:83916855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.162.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053754/; classtype:trojan-activity;sid:83916854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.95.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053753/; classtype:trojan-activity;sid:83916853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.14.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053752/; classtype:trojan-activity;sid:83916852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.237.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053751/; classtype:trojan-activity;sid:83916851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.29.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053750/; classtype:trojan-activity;sid:83916850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.178.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053749/; classtype:trojan-activity;sid:83916849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.32.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053748/; classtype:trojan-activity;sid:83916848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.232.217.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053747/; classtype:trojan-activity;sid:83916847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.222.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053746/; classtype:trojan-activity;sid:83916846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.246.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053745/; classtype:trojan-activity;sid:83916845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053744)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.131.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053744/; classtype:trojan-activity;sid:83916844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.229.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053743/; classtype:trojan-activity;sid:83916843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053742)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.45.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053742/; classtype:trojan-activity;sid:83916842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053740)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.14.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053740/; classtype:trojan-activity;sid:83916840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053741)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.246.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053741/; classtype:trojan-activity;sid:83916841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053738)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.212.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053738/; classtype:trojan-activity;sid:83916838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053739)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.190.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053739/; classtype:trojan-activity;sid:83916839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.182.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053737/; classtype:trojan-activity;sid:83916837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053736)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.68.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053736/; classtype:trojan-activity;sid:83916836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053735)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.128.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053735/; classtype:trojan-activity;sid:83916835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053734)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.134.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053734/; classtype:trojan-activity;sid:83916834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053733)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.224.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053733/; classtype:trojan-activity;sid:83916833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.15.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053732/; classtype:trojan-activity;sid:83916832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.38.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053731/; classtype:trojan-activity;sid:83916831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.168.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053730/; classtype:trojan-activity;sid:83916830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.16.211.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053729/; classtype:trojan-activity;sid:83916829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.162.215.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053727/; classtype:trojan-activity;sid:83916827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.58.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053728/; classtype:trojan-activity;sid:83916828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.16.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053725/; classtype:trojan-activity;sid:83916825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.169.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053726/; classtype:trojan-activity;sid:83916826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.20.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053724/; classtype:trojan-activity;sid:83916824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.112.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053723/; classtype:trojan-activity;sid:83916823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053721/; classtype:trojan-activity;sid:83916821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.171.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053722/; classtype:trojan-activity;sid:83916822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.46.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053719/; classtype:trojan-activity;sid:83916819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.6.193.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053720/; classtype:trojan-activity;sid:83916820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.66.76.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053717/; classtype:trojan-activity;sid:83916817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.134.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053718/; classtype:trojan-activity;sid:83916818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.29.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053715/; classtype:trojan-activity;sid:83916815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.32.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053716/; classtype:trojan-activity;sid:83916816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.43.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053714/; classtype:trojan-activity;sid:83916814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.230.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053713/; classtype:trojan-activity;sid:83916813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053712)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.180.179.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053712/; classtype:trojan-activity;sid:83916812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.173.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053711/; classtype:trojan-activity;sid:83916811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.6.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053710/; classtype:trojan-activity;sid:83916810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.3.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053709/; classtype:trojan-activity;sid:83916809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.45.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053708/; classtype:trojan-activity;sid:83916808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.4.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053706/; classtype:trojan-activity;sid:83916806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.92.97.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053707/; classtype:trojan-activity;sid:83916807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.232.217.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053705/; classtype:trojan-activity;sid:83916805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.237.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053704/; classtype:trojan-activity;sid:83916804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.219.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053702/; classtype:trojan-activity;sid:83916802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.133.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053703/; classtype:trojan-activity;sid:83916803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.129.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053701/; classtype:trojan-activity;sid:83916801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.222.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053700/; classtype:trojan-activity;sid:83916800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.161.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053698/; classtype:trojan-activity;sid:83916798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053699)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.171.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053699/; classtype:trojan-activity;sid:83916799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.15.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053697/; classtype:trojan-activity;sid:83916797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.168.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053696/; classtype:trojan-activity;sid:83916796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.111.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053695/; classtype:trojan-activity;sid:83916795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053694)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.194.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053694/; classtype:trojan-activity;sid:83916794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.155.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053693/; classtype:trojan-activity;sid:83916793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.75.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053690/; classtype:trojan-activity;sid:83916790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053691)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.225.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053691/; classtype:trojan-activity;sid:83916791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.182.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053692/; classtype:trojan-activity;sid:83916792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053689)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.228.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053689/; classtype:trojan-activity;sid:83916789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053688/; classtype:trojan-activity;sid:83916788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.169.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053687/; classtype:trojan-activity;sid:83916787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.3.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053686/; classtype:trojan-activity;sid:83916786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.242.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053685/; classtype:trojan-activity;sid:83916785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.120.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053684/; classtype:trojan-activity;sid:83916784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.25.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053683/; classtype:trojan-activity;sid:83916783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.193.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053682/; classtype:trojan-activity;sid:83916782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.28.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053681/; classtype:trojan-activity;sid:83916781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.120.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053680/; classtype:trojan-activity;sid:83916780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.149.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053679/; classtype:trojan-activity;sid:83916779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053678)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.126.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053678/; classtype:trojan-activity;sid:83916778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.230.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053677/; classtype:trojan-activity;sid:83916777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.173.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053676/; classtype:trojan-activity;sid:83916776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.122.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053675/; classtype:trojan-activity;sid:83916775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053673)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053673/; classtype:trojan-activity;sid:83916773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053674)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.90.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053674/; classtype:trojan-activity;sid:83916774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.81.35.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053670/; classtype:trojan-activity;sid:83916770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.154.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053671/; classtype:trojan-activity;sid:83916771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053672)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.201.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053672/; classtype:trojan-activity;sid:83916772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.217.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053667/; classtype:trojan-activity;sid:83916767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.89.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053668/; classtype:trojan-activity;sid:83916768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.35.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053669/; classtype:trojan-activity;sid:83916769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.92.97.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053666/; classtype:trojan-activity;sid:83916766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.40.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053665/; classtype:trojan-activity;sid:83916765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.121.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053664/; classtype:trojan-activity;sid:83916764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.173.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053663/; classtype:trojan-activity;sid:83916763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.219.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053662/; classtype:trojan-activity;sid:83916762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.56.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053660/; classtype:trojan-activity;sid:83916760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.133.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053661/; classtype:trojan-activity;sid:83916761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.140.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053659/; classtype:trojan-activity;sid:83916759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.26.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053658/; classtype:trojan-activity;sid:83916758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.111.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053657/; classtype:trojan-activity;sid:83916757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.105.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053656/; classtype:trojan-activity;sid:83916756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053655)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.222.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053655/; classtype:trojan-activity;sid:83916755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.75.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053654/; classtype:trojan-activity;sid:83916754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053652)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.208.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053652/; classtype:trojan-activity;sid:83916752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053653)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.6.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053653/; classtype:trojan-activity;sid:83916753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053651)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.63.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053651/; classtype:trojan-activity;sid:83916751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.242.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053650/; classtype:trojan-activity;sid:83916750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053649)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.37.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053649/; classtype:trojan-activity;sid:83916749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.161.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053648/; classtype:trojan-activity;sid:83916748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.184.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053647/; classtype:trojan-activity;sid:83916747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053646)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"gcu.pages.microcloud360.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053646/; classtype:trojan-activity;sid:83916746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053645)"; flow:established,from_client; content:"GET"; http_method; content:"/selectex-file-host/gold.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.196.10.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053645/; classtype:trojan-activity;sid:83916745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.220.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053644/; classtype:trojan-activity;sid:83916744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.25.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053643/; classtype:trojan-activity;sid:83916743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.67.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053642/; classtype:trojan-activity;sid:83916742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.191.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053641/; classtype:trojan-activity;sid:83916741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.5.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053640/; classtype:trojan-activity;sid:83916740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.35.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053639/; classtype:trojan-activity;sid:83916739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.126.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053638/; classtype:trojan-activity;sid:83916738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.121.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053637/; classtype:trojan-activity;sid:83916737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.174.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053636/; classtype:trojan-activity;sid:83916736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.110.23.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053634/; classtype:trojan-activity;sid:83916734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053635)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.171.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053635/; classtype:trojan-activity;sid:83916735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.166.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053632/; classtype:trojan-activity;sid:83916732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.91.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053633/; classtype:trojan-activity;sid:83916733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.219.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053631/; classtype:trojan-activity;sid:83916731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.89.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053630/; classtype:trojan-activity;sid:83916730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.229.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053629/; classtype:trojan-activity;sid:83916729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.9.225"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053628/; classtype:trojan-activity;sid:83916728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.178.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053627/; classtype:trojan-activity;sid:83916727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053626)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.130.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053626/; classtype:trojan-activity;sid:83916726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.228.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053625/; classtype:trojan-activity;sid:83916725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.247.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053623/; classtype:trojan-activity;sid:83916723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053624/; classtype:trojan-activity;sid:83916724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.182.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053622/; classtype:trojan-activity;sid:83916722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.140.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053621/; classtype:trojan-activity;sid:83916721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.228.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053620/; classtype:trojan-activity;sid:83916720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.255.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053618/; classtype:trojan-activity;sid:83916718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.146.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053619/; classtype:trojan-activity;sid:83916719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.99.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053617/; classtype:trojan-activity;sid:83916717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.174.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053616/; classtype:trojan-activity;sid:83916716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.68.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053615/; classtype:trojan-activity;sid:83916715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.171.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053614/; classtype:trojan-activity;sid:83916714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.154.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053613/; classtype:trojan-activity;sid:83916713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.40.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053612/; classtype:trojan-activity;sid:83916712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.105.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053611/; classtype:trojan-activity;sid:83916711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.41.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053610/; classtype:trojan-activity;sid:83916710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.65.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053607/; classtype:trojan-activity;sid:83916707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.191.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053608/; classtype:trojan-activity;sid:83916708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.117.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053609/; classtype:trojan-activity;sid:83916709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053606/; classtype:trojan-activity;sid:83916706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.37.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053605/; classtype:trojan-activity;sid:83916705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.197.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053603/; classtype:trojan-activity;sid:83916703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053604)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.78.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053604/; classtype:trojan-activity;sid:83916704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.200.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053602/; classtype:trojan-activity;sid:83916702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.228.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053601/; classtype:trojan-activity;sid:83916701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.244.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053600/; classtype:trojan-activity;sid:83916700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.224.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053599/; classtype:trojan-activity;sid:83916699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.5.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053598/; classtype:trojan-activity;sid:83916698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053597)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.192.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053597/; classtype:trojan-activity;sid:83916697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.0.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053596/; classtype:trojan-activity;sid:83916696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.219.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053595/; classtype:trojan-activity;sid:83916695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.178.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053594/; classtype:trojan-activity;sid:83916694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053593)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.196.118.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053593/; classtype:trojan-activity;sid:83916693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.167.86.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053592/; classtype:trojan-activity;sid:83916692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053591/; classtype:trojan-activity;sid:83916691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.197.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053590/; classtype:trojan-activity;sid:83916690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.130.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053589/; classtype:trojan-activity;sid:83916689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.45.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053588/; classtype:trojan-activity;sid:83916688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.89.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053587/; classtype:trojan-activity;sid:83916687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.182.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053585/; classtype:trojan-activity;sid:83916685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.117.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053586/; classtype:trojan-activity;sid:83916686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.56.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053584/; classtype:trojan-activity;sid:83916684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.39.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053583/; classtype:trojan-activity;sid:83916683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053582)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.95.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053582/; classtype:trojan-activity;sid:83916682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053581)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.89.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053581/; classtype:trojan-activity;sid:83916681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.217.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053580/; classtype:trojan-activity;sid:83916680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.76.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053579/; classtype:trojan-activity;sid:83916679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.102.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053578/; classtype:trojan-activity;sid:83916678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.13.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053577/; classtype:trojan-activity;sid:83916677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.200.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053576/; classtype:trojan-activity;sid:83916676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.98.206"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053575/; classtype:trojan-activity;sid:83916675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.95.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053574/; classtype:trojan-activity;sid:83916674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.20.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053571/; classtype:trojan-activity;sid:83916671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.136.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053572/; classtype:trojan-activity;sid:83916672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.218.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053573/; classtype:trojan-activity;sid:83916673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.24.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053570/; classtype:trojan-activity;sid:83916670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.45.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053569/; classtype:trojan-activity;sid:83916669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.138.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053568/; classtype:trojan-activity;sid:83916668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.160.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053567/; classtype:trojan-activity;sid:83916667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.1.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053566/; classtype:trojan-activity;sid:83916666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053565)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.94.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053565/; classtype:trojan-activity;sid:83916665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.98.206"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053564/; classtype:trojan-activity;sid:83916664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.130.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053563/; classtype:trojan-activity;sid:83916663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.152.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053561/; classtype:trojan-activity;sid:83916661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.39.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053562/; classtype:trojan-activity;sid:83916662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.71.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053560/; classtype:trojan-activity;sid:83916660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.76.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053559/; classtype:trojan-activity;sid:83916659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.143.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053558/; classtype:trojan-activity;sid:83916658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.84.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053556/; classtype:trojan-activity;sid:83916656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.121.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053557/; classtype:trojan-activity;sid:83916657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.164.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053555/; classtype:trojan-activity;sid:83916655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.217.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053554/; classtype:trojan-activity;sid:83916654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.13.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053553/; classtype:trojan-activity;sid:83916653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053552)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.139.196.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053552/; classtype:trojan-activity;sid:83916652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.158.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053550/; classtype:trojan-activity;sid:83916650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.18.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053551/; classtype:trojan-activity;sid:83916651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.25.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053549/; classtype:trojan-activity;sid:83916649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053548)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.39.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053548/; classtype:trojan-activity;sid:83916648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.214.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053545/; classtype:trojan-activity;sid:83916645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053546)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.146.233.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053546/; classtype:trojan-activity;sid:83916646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.51.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053547/; classtype:trojan-activity;sid:83916647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053543)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.88.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053543/; classtype:trojan-activity;sid:83916643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.95.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053544/; classtype:trojan-activity;sid:83916644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.145.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053542/; classtype:trojan-activity;sid:83916642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.206.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053541/; classtype:trojan-activity;sid:83916641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.102.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053540/; classtype:trojan-activity;sid:83916640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.224.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053539/; classtype:trojan-activity;sid:83916639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.24.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053538/; classtype:trojan-activity;sid:83916638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.20.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053536/; classtype:trojan-activity;sid:83916636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.156.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053537/; classtype:trojan-activity;sid:83916637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.178.222.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053535/; classtype:trojan-activity;sid:83916635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.162.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053534/; classtype:trojan-activity;sid:83916634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053533)"; flow:established,from_client; content:"GET"; http_method; content:"/selectex-file-host/svchost.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.196.10.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053533/; classtype:trojan-activity;sid:83916633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053532)"; flow:established,from_client; content:"GET"; http_method; content:"/population.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.216.214.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053532/; classtype:trojan-activity;sid:83916632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053530)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/crypted777777.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"77.91.77.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053530/; classtype:trojan-activity;sid:83916630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.184.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053531/; classtype:trojan-activity;sid:83916631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.60.247.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053529/; classtype:trojan-activity;sid:83916629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.6.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053528/; classtype:trojan-activity;sid:83916628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053527)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.190.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053527/; classtype:trojan-activity;sid:83916627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053526)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.197.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053526/; classtype:trojan-activity;sid:83916626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053525)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.134.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053525/; classtype:trojan-activity;sid:83916625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053524)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.229.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053524/; classtype:trojan-activity;sid:83916624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.221.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053523/; classtype:trojan-activity;sid:83916623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.122.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053522/; classtype:trojan-activity;sid:83916622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.143.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053521/; classtype:trojan-activity;sid:83916621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053520/; classtype:trojan-activity;sid:83916620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.107.8.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053519/; classtype:trojan-activity;sid:83916619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.244.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053518/; classtype:trojan-activity;sid:83916618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.84.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053517/; classtype:trojan-activity;sid:83916617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.3.80"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053516/; classtype:trojan-activity;sid:83916616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053515)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.142.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053515/; classtype:trojan-activity;sid:83916615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053514)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.24.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053514/; classtype:trojan-activity;sid:83916614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"172.38.0.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053511/; classtype:trojan-activity;sid:83916611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053512)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.67.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053512/; classtype:trojan-activity;sid:83916612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053513)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.127.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053513/; classtype:trojan-activity;sid:83916613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053510)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.132.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053510/; classtype:trojan-activity;sid:83916610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053508)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.75.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053508/; classtype:trojan-activity;sid:83916608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.248.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053509/; classtype:trojan-activity;sid:83916609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053507)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.245.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053507/; classtype:trojan-activity;sid:83916607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053506)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.109.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053506/; classtype:trojan-activity;sid:83916606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053505)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.114.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053505/; classtype:trojan-activity;sid:83916605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053503)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.187.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053503/; classtype:trojan-activity;sid:83916603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053504)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.36.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053504/; classtype:trojan-activity;sid:83916604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.145.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053501/; classtype:trojan-activity;sid:83916601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053502)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.172.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053502/; classtype:trojan-activity;sid:83916602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053499)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.224.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053499/; classtype:trojan-activity;sid:83916599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.88.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053500/; classtype:trojan-activity;sid:83916600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.103.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053498/; classtype:trojan-activity;sid:83916598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.51.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053497/; classtype:trojan-activity;sid:83916597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.251.189.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053496/; classtype:trojan-activity;sid:83916596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.88.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053495/; classtype:trojan-activity;sid:83916595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.214.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_20; reference:url, urlhaus.abuse.ch/url/3053494/; classtype:trojan-activity;sid:83916594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.244.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053493/; classtype:trojan-activity;sid:83916593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.178.222.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053492/; classtype:trojan-activity;sid:83916592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.156.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053491/; classtype:trojan-activity;sid:83916591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.184.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053490/; classtype:trojan-activity;sid:83916590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.210.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053489/; classtype:trojan-activity;sid:83916589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.152.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053488/; classtype:trojan-activity;sid:83916588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.247.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053487/; classtype:trojan-activity;sid:83916587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.254.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053486/; classtype:trojan-activity;sid:83916586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.6.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053485/; classtype:trojan-activity;sid:83916585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.122.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053484/; classtype:trojan-activity;sid:83916584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053483)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.243.251.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053483/; classtype:trojan-activity;sid:83916583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.108.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053482/; classtype:trojan-activity;sid:83916582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.189.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053481/; classtype:trojan-activity;sid:83916581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.71.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053480/; classtype:trojan-activity;sid:83916580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.104.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053479/; classtype:trojan-activity;sid:83916579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.109.146.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053478/; classtype:trojan-activity;sid:83916578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.75.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053477/; classtype:trojan-activity;sid:83916577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.253.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053476/; classtype:trojan-activity;sid:83916576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053475)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.200.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053475/; classtype:trojan-activity;sid:83916575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053472)"; flow:established,from_client; content:"GET"; http_method; content:"/selectex-file-host/g245x.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.196.10.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053472/; classtype:trojan-activity;sid:83916572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053473)"; flow:established,from_client; content:"GET"; http_method; content:"/selectex-file-host/files.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.196.10.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053473/; classtype:trojan-activity;sid:83916573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053474)"; flow:established,from_client; content:"GET"; http_method; content:"/selectex-file-host/34v3vz.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.196.10.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053474/; classtype:trojan-activity;sid:83916574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053471)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.205.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053471/; classtype:trojan-activity;sid:83916571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.163.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053470/; classtype:trojan-activity;sid:83916570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.60.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053469/; classtype:trojan-activity;sid:83916569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.85.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053466/; classtype:trojan-activity;sid:83916566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.123.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053467/; classtype:trojan-activity;sid:83916567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.225.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053468/; classtype:trojan-activity;sid:83916568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.189.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053465/; classtype:trojan-activity;sid:83916565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.245.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053464/; classtype:trojan-activity;sid:83916564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.249.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053463/; classtype:trojan-activity;sid:83916563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.152.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053462/; classtype:trojan-activity;sid:83916562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.89.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053461/; classtype:trojan-activity;sid:83916561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.10.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053460/; classtype:trojan-activity;sid:83916560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.118.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053459/; classtype:trojan-activity;sid:83916559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.174.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053458/; classtype:trojan-activity;sid:83916558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053456)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.152.9.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053456/; classtype:trojan-activity;sid:83916556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.108.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053457/; classtype:trojan-activity;sid:83916557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053455)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.75.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053455/; classtype:trojan-activity;sid:83916555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053454)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.161.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053454/; classtype:trojan-activity;sid:83916554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.49.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053452/; classtype:trojan-activity;sid:83916552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053453)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.253.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053453/; classtype:trojan-activity;sid:83916553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.122.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053451/; classtype:trojan-activity;sid:83916551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.10.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053450/; classtype:trojan-activity;sid:83916550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.104.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053449/; classtype:trojan-activity;sid:83916549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053448)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.196.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053448/; classtype:trojan-activity;sid:83916548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.246.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053447/; classtype:trojan-activity;sid:83916547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.108.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053446/; classtype:trojan-activity;sid:83916546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.211.70.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053445/; classtype:trojan-activity;sid:83916545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.75.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053444/; classtype:trojan-activity;sid:83916544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.43.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053443/; classtype:trojan-activity;sid:83916543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.60.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053442/; classtype:trojan-activity;sid:83916542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.225.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053441/; classtype:trojan-activity;sid:83916541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.208.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053440/; classtype:trojan-activity;sid:83916540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.116.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053439/; classtype:trojan-activity;sid:83916539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053438)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.243.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053438/; classtype:trojan-activity;sid:83916538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053434)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.94.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053434/; classtype:trojan-activity;sid:83916534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.163.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053435/; classtype:trojan-activity;sid:83916535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053436)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.92.234"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053436/; classtype:trojan-activity;sid:83916536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053437)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.87.19"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053437/; classtype:trojan-activity;sid:83916537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.209.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053433/; classtype:trojan-activity;sid:83916533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.231.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053432/; classtype:trojan-activity;sid:83916532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.123.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053431/; classtype:trojan-activity;sid:83916531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053430)"; flow:established,from_client; content:"GET"; http_method; content:"/a/mellat.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"go9niapp.buzz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053430/; classtype:trojan-activity;sid:83916530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.120.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053429/; classtype:trojan-activity;sid:83916529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.85.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053428/; classtype:trojan-activity;sid:83916528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.203.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053427/; classtype:trojan-activity;sid:83916527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.118.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053425/; classtype:trojan-activity;sid:83916525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.215.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053426/; classtype:trojan-activity;sid:83916526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.159.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053424/; classtype:trojan-activity;sid:83916524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053422)"; flow:established,from_client; content:"GET"; http_method; content:"/mellat.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"melappop9.buzz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053422/; classtype:trojan-activity;sid:83916522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053423)"; flow:established,from_client; content:"GET"; http_method; content:"/mellat.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"melapphi4.buzz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053423/; classtype:trojan-activity;sid:83916523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053421)"; flow:established,from_client; content:"GET"; http_method; content:"/mellat.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"melappil8.buzz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053421/; classtype:trojan-activity;sid:83916521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053420)"; flow:established,from_client; content:"GET"; http_method; content:"/mellat.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"melappna7.buzz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053420/; classtype:trojan-activity;sid:83916520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.108.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053419/; classtype:trojan-activity;sid:83916519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053418/; classtype:trojan-activity;sid:83916518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.6.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053417/; classtype:trojan-activity;sid:83916517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.49.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053416/; classtype:trojan-activity;sid:83916516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053415)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.183.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053415/; classtype:trojan-activity;sid:83916515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053414)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.184.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053414/; classtype:trojan-activity;sid:83916514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053413)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053413/; classtype:trojan-activity;sid:83916513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.43.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053412/; classtype:trojan-activity;sid:83916512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.111.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053411/; classtype:trojan-activity;sid:83916511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.48.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053405/; classtype:trojan-activity;sid:83916505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053404)"; flow:established,from_client; content:"GET"; http_method; content:"/mellat.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"melappki3.buzz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053404/; classtype:trojan-activity;sid:83916504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053403)"; flow:established,from_client; content:"GET"; http_method; content:"/mellat.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"melapp10.buzz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053403/; classtype:trojan-activity;sid:83916503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053400)"; flow:established,from_client; content:"GET"; http_method; content:"/mellat.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"melappli5.buzz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053400/; classtype:trojan-activity;sid:83916500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.170.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053401/; classtype:trojan-activity;sid:83916501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.181.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053402/; classtype:trojan-activity;sid:83916502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053399)"; flow:established,from_client; content:"GET"; http_method; content:"/mellat.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"melappie2.buzz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053399/; classtype:trojan-activity;sid:83916499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053398)"; flow:established,from_client; content:"GET"; http_method; content:"/mellat.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"melappsi1.buzz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053398/; classtype:trojan-activity;sid:83916498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.62.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053397/; classtype:trojan-activity;sid:83916497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.216.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053396/; classtype:trojan-activity;sid:83916496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.148.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053395/; classtype:trojan-activity;sid:83916495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053394)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.164.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053394/; classtype:trojan-activity;sid:83916494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053393)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.89.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053393/; classtype:trojan-activity;sid:83916493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053392)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.225.55.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053392/; classtype:trojan-activity;sid:83916492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.231.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053391/; classtype:trojan-activity;sid:83916491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053390)"; flow:established,from_client; content:"GET"; http_method; content:"/mellat.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"melapple6.buzz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053390/; classtype:trojan-activity;sid:83916490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053389/; classtype:trojan-activity;sid:83916489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.159.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053387/; classtype:trojan-activity;sid:83916487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.15.64"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053388/; classtype:trojan-activity;sid:83916488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.229.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053386/; classtype:trojan-activity;sid:83916486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.129.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053385/; classtype:trojan-activity;sid:83916485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.174.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053384/; classtype:trojan-activity;sid:83916484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.6.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053383/; classtype:trojan-activity;sid:83916483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.111.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053382/; classtype:trojan-activity;sid:83916482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.29.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053381/; classtype:trojan-activity;sid:83916481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.65.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053380/; classtype:trojan-activity;sid:83916480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053379)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.115.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053379/; classtype:trojan-activity;sid:83916479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.161.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053378/; classtype:trojan-activity;sid:83916478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053376)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.235.118.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053376/; classtype:trojan-activity;sid:83916476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053377)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.102.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053377/; classtype:trojan-activity;sid:83916477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.222.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053375/; classtype:trojan-activity;sid:83916475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.81.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053374/; classtype:trojan-activity;sid:83916474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.82.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053373/; classtype:trojan-activity;sid:83916473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.161.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053372/; classtype:trojan-activity;sid:83916472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.246.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053371/; classtype:trojan-activity;sid:83916471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.138.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053370/; classtype:trojan-activity;sid:83916470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.14.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053369/; classtype:trojan-activity;sid:83916469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.56.13.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053368/; classtype:trojan-activity;sid:83916468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.148.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053367/; classtype:trojan-activity;sid:83916467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.1.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053366/; classtype:trojan-activity;sid:83916466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053365)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.143.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053365/; classtype:trojan-activity;sid:83916465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053364)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.16.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053364/; classtype:trojan-activity;sid:83916464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.244.203.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053363/; classtype:trojan-activity;sid:83916463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.243.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053362/; classtype:trojan-activity;sid:83916462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.129.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053361/; classtype:trojan-activity;sid:83916461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.124.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053360/; classtype:trojan-activity;sid:83916460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.13.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053359/; classtype:trojan-activity;sid:83916459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.239.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053358/; classtype:trojan-activity;sid:83916458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.227.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053356/; classtype:trojan-activity;sid:83916456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.192.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053357/; classtype:trojan-activity;sid:83916457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.164.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053355/; classtype:trojan-activity;sid:83916455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.52.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053354/; classtype:trojan-activity;sid:83916454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.174.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053353/; classtype:trojan-activity;sid:83916453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.95.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053352/; classtype:trojan-activity;sid:83916452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.29.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053351/; classtype:trojan-activity;sid:83916451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.34.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053350/; classtype:trojan-activity;sid:83916450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053349)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.84.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053349/; classtype:trojan-activity;sid:83916449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.209.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053348/; classtype:trojan-activity;sid:83916448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.58.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053347/; classtype:trojan-activity;sid:83916447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053345)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.153.109.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053345/; classtype:trojan-activity;sid:83916445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053346)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.197.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053346/; classtype:trojan-activity;sid:83916446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.178.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053344/; classtype:trojan-activity;sid:83916444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.65.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053343/; classtype:trojan-activity;sid:83916443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.174.155"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053342/; classtype:trojan-activity;sid:83916442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.239.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053341/; classtype:trojan-activity;sid:83916441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.48.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053340/; classtype:trojan-activity;sid:83916440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.201.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053339/; classtype:trojan-activity;sid:83916439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.138.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053338/; classtype:trojan-activity;sid:83916438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.1.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053336/; classtype:trojan-activity;sid:83916436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.149.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053337/; classtype:trojan-activity;sid:83916437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053335/; classtype:trojan-activity;sid:83916435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.227.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053334/; classtype:trojan-activity;sid:83916434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.62.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053333/; classtype:trojan-activity;sid:83916433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.26.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053332/; classtype:trojan-activity;sid:83916432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.220.162.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053331/; classtype:trojan-activity;sid:83916431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053330)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.45.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053330/; classtype:trojan-activity;sid:83916430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053327)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053327/; classtype:trojan-activity;sid:83916427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053328)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.22.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053328/; classtype:trojan-activity;sid:83916428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.221.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053329/; classtype:trojan-activity;sid:83916429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.170.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053325/; classtype:trojan-activity;sid:83916425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.244.203.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053326/; classtype:trojan-activity;sid:83916426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.124.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053324/; classtype:trojan-activity;sid:83916424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053323)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.243.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053323/; classtype:trojan-activity;sid:83916423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.19.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053322/; classtype:trojan-activity;sid:83916422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.174.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053320/; classtype:trojan-activity;sid:83916420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.217.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053321/; classtype:trojan-activity;sid:83916421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053319)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.170.201.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053319/; classtype:trojan-activity;sid:83916419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.127.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053318/; classtype:trojan-activity;sid:83916418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.194.55.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053317/; classtype:trojan-activity;sid:83916417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.66.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053316/; classtype:trojan-activity;sid:83916416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.34.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053315/; classtype:trojan-activity;sid:83916415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.0.15"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053314/; classtype:trojan-activity;sid:83916414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.127.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053313/; classtype:trojan-activity;sid:83916413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.58.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053312/; classtype:trojan-activity;sid:83916412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.79.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053311/; classtype:trojan-activity;sid:83916411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053310)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.251.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053310/; classtype:trojan-activity;sid:83916410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053309)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.161.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053309/; classtype:trojan-activity;sid:83916409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.211.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053308/; classtype:trojan-activity;sid:83916408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053307)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.103.213.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053307/; classtype:trojan-activity;sid:83916407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.95.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053306/; classtype:trojan-activity;sid:83916406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.9.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053305/; classtype:trojan-activity;sid:83916405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.44.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053304/; classtype:trojan-activity;sid:83916404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.254.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053303/; classtype:trojan-activity;sid:83916403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.243.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053302/; classtype:trojan-activity;sid:83916402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.176.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053301/; classtype:trojan-activity;sid:83916401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.217.139.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053300/; classtype:trojan-activity;sid:83916400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.180.133.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053299/; classtype:trojan-activity;sid:83916399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.221.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053298/; classtype:trojan-activity;sid:83916398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.127.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053297/; classtype:trojan-activity;sid:83916397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053296)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.86.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053296/; classtype:trojan-activity;sid:83916396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053295)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.4.184"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053295/; classtype:trojan-activity;sid:83916395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053293)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.23.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053293/; classtype:trojan-activity;sid:83916393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053294)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.34.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053294/; classtype:trojan-activity;sid:83916394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053292)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.127.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053292/; classtype:trojan-activity;sid:83916392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053291)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.29.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053291/; classtype:trojan-activity;sid:83916391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.192.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053290/; classtype:trojan-activity;sid:83916390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053289)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.116.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053289/; classtype:trojan-activity;sid:83916389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.173.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053288/; classtype:trojan-activity;sid:83916388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.161.8.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053286/; classtype:trojan-activity;sid:83916386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053287/; classtype:trojan-activity;sid:83916387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053285)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.99.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053285/; classtype:trojan-activity;sid:83916385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.199.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053284/; classtype:trojan-activity;sid:83916384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053283)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.254.205.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053283/; classtype:trojan-activity;sid:83916383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.206.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053282/; classtype:trojan-activity;sid:83916382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053281)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.39.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053281/; classtype:trojan-activity;sid:83916381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.0.15"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053280/; classtype:trojan-activity;sid:83916380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.176.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053279/; classtype:trojan-activity;sid:83916379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.66.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053278/; classtype:trojan-activity;sid:83916378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.128.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053277/; classtype:trojan-activity;sid:83916377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.79.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053276/; classtype:trojan-activity;sid:83916376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.211.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053275/; classtype:trojan-activity;sid:83916375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053274)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.130.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053274/; classtype:trojan-activity;sid:83916374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053272)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.250.167.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053272/; classtype:trojan-activity;sid:83916372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.149.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053273/; classtype:trojan-activity;sid:83916373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053270)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.161.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053270/; classtype:trojan-activity;sid:83916370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053271)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.60.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053271/; classtype:trojan-activity;sid:83916371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053269)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.83.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053269/; classtype:trojan-activity;sid:83916369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.4.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053268/; classtype:trojan-activity;sid:83916368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.9.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053267/; classtype:trojan-activity;sid:83916367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.96.122"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053266/; classtype:trojan-activity;sid:83916366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.103.213.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053265/; classtype:trojan-activity;sid:83916365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.242.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053264/; classtype:trojan-activity;sid:83916364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.161.8.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053263/; classtype:trojan-activity;sid:83916363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.26.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053262/; classtype:trojan-activity;sid:83916362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.206.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053261/; classtype:trojan-activity;sid:83916361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.20.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053260/; classtype:trojan-activity;sid:83916360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.99.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053259/; classtype:trojan-activity;sid:83916359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053257)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.24.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053257/; classtype:trojan-activity;sid:83916357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.21.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053258/; classtype:trojan-activity;sid:83916358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053256)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.177.180.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053256/; classtype:trojan-activity;sid:83916356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.117.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053255/; classtype:trojan-activity;sid:83916355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053253)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.177.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053253/; classtype:trojan-activity;sid:83916353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.98.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053254/; classtype:trojan-activity;sid:83916354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.244.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053252/; classtype:trojan-activity;sid:83916352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.243.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053251/; classtype:trojan-activity;sid:83916351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.202.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053250/; classtype:trojan-activity;sid:83916350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.175.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053249/; classtype:trojan-activity;sid:83916349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.21.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053248/; classtype:trojan-activity;sid:83916348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053247)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.255.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053247/; classtype:trojan-activity;sid:83916347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053244)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.141.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053244/; classtype:trojan-activity;sid:83916344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053245)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.22.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053245/; classtype:trojan-activity;sid:83916345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.37.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053246/; classtype:trojan-activity;sid:83916346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053243)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.79.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053243/; classtype:trojan-activity;sid:83916343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.17.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053242/; classtype:trojan-activity;sid:83916342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.149.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053241/; classtype:trojan-activity;sid:83916341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.209.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053240/; classtype:trojan-activity;sid:83916340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053239)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.186.242.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053239/; classtype:trojan-activity;sid:83916339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.2.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053238/; classtype:trojan-activity;sid:83916338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.204.126.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053237/; classtype:trojan-activity;sid:83916337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053236)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.87.76.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053236/; classtype:trojan-activity;sid:83916336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.123.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053235/; classtype:trojan-activity;sid:83916335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.159.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053234/; classtype:trojan-activity;sid:83916334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.37.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053233/; classtype:trojan-activity;sid:83916333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.228.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053232/; classtype:trojan-activity;sid:83916332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.26.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053231/; classtype:trojan-activity;sid:83916331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.104.221.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053229/; classtype:trojan-activity;sid:83916329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.87.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053230/; classtype:trojan-activity;sid:83916330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053228)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.179.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053228/; classtype:trojan-activity;sid:83916328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053226)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.181.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053226/; classtype:trojan-activity;sid:83916326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053227)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.11.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053227/; classtype:trojan-activity;sid:83916327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.93.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053225/; classtype:trojan-activity;sid:83916325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053224)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.155.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053224/; classtype:trojan-activity;sid:83916324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053223)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.59.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053223/; classtype:trojan-activity;sid:83916323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.149.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053222/; classtype:trojan-activity;sid:83916322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.159.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053221/; classtype:trojan-activity;sid:83916321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.33.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053220/; classtype:trojan-activity;sid:83916320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.2.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053219/; classtype:trojan-activity;sid:83916319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.44.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053218/; classtype:trojan-activity;sid:83916318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.78.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053217/; classtype:trojan-activity;sid:83916317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.255.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053215/; classtype:trojan-activity;sid:83916315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053216)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.124.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053216/; classtype:trojan-activity;sid:83916316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053214)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.123.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053214/; classtype:trojan-activity;sid:83916314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.244.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053213/; classtype:trojan-activity;sid:83916313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053212)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.10.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053212/; classtype:trojan-activity;sid:83916312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.123.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053211/; classtype:trojan-activity;sid:83916311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053210)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.199.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053210/; classtype:trojan-activity;sid:83916310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.27.234"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053209/; classtype:trojan-activity;sid:83916309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.243.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053208/; classtype:trojan-activity;sid:83916308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.104.221.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053207/; classtype:trojan-activity;sid:83916307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.245.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053206/; classtype:trojan-activity;sid:83916306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.248.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053204/; classtype:trojan-activity;sid:83916304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.26.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053205/; classtype:trojan-activity;sid:83916305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.181.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053203/; classtype:trojan-activity;sid:83916303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053202/; classtype:trojan-activity;sid:83916302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.99.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053201/; classtype:trojan-activity;sid:83916301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.114.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053200/; classtype:trojan-activity;sid:83916300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053199)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.249.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053199/; classtype:trojan-activity;sid:83916299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.81.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053197/; classtype:trojan-activity;sid:83916297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.42.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053198/; classtype:trojan-activity;sid:83916298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053196)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.44.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053196/; classtype:trojan-activity;sid:83916296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053195)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.149.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053195/; classtype:trojan-activity;sid:83916295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053194)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.184.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053194/; classtype:trojan-activity;sid:83916294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.207.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053193/; classtype:trojan-activity;sid:83916293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.207.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053192/; classtype:trojan-activity;sid:83916292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053191)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.1.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053191/; classtype:trojan-activity;sid:83916291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.33.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053190/; classtype:trojan-activity;sid:83916290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.112.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053189/; classtype:trojan-activity;sid:83916289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.81.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053188/; classtype:trojan-activity;sid:83916288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053187)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.3.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053187/; classtype:trojan-activity;sid:83916287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.114.84.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053186/; classtype:trojan-activity;sid:83916286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053185)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.242.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053185/; classtype:trojan-activity;sid:83916285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.244.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053184/; classtype:trojan-activity;sid:83916284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.100.85"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053183/; classtype:trojan-activity;sid:83916283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053182)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.124.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053182/; classtype:trojan-activity;sid:83916282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053181)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.231.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053181/; classtype:trojan-activity;sid:83916281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053180)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.10.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053180/; classtype:trojan-activity;sid:83916280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053177)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053177/; classtype:trojan-activity;sid:83916277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053178)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.1.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053178/; classtype:trojan-activity;sid:83916278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053179)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.87.108.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053179/; classtype:trojan-activity;sid:83916279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.228.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053176/; classtype:trojan-activity;sid:83916276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.71.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053175/; classtype:trojan-activity;sid:83916275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.1.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053174/; classtype:trojan-activity;sid:83916274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.73.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053173/; classtype:trojan-activity;sid:83916273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.118.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053172/; classtype:trojan-activity;sid:83916272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.248.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053171/; classtype:trojan-activity;sid:83916271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.76.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053170/; classtype:trojan-activity;sid:83916270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.207.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053169/; classtype:trojan-activity;sid:83916269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053168)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.122.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053168/; classtype:trojan-activity;sid:83916268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.92.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053167/; classtype:trojan-activity;sid:83916267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.45.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053165/; classtype:trojan-activity;sid:83916265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.165.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053166/; classtype:trojan-activity;sid:83916266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.114.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053164/; classtype:trojan-activity;sid:83916264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.192.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053163/; classtype:trojan-activity;sid:83916263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.112.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053162/; classtype:trojan-activity;sid:83916262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.78.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053161/; classtype:trojan-activity;sid:83916261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.202.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053160/; classtype:trojan-activity;sid:83916260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.118.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053159/; classtype:trojan-activity;sid:83916259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053158)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.96.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053158/; classtype:trojan-activity;sid:83916258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053157)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.99.128.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053157/; classtype:trojan-activity;sid:83916257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.117.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053155/; classtype:trojan-activity;sid:83916255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053156)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.148.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053156/; classtype:trojan-activity;sid:83916256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.120.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053154/; classtype:trojan-activity;sid:83916254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.194.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053153/; classtype:trojan-activity;sid:83916253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.233.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053152/; classtype:trojan-activity;sid:83916252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.73.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053151/; classtype:trojan-activity;sid:83916251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.76.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053150/; classtype:trojan-activity;sid:83916250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.163.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053149/; classtype:trojan-activity;sid:83916249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053148)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.136.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053148/; classtype:trojan-activity;sid:83916248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.209.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053147/; classtype:trojan-activity;sid:83916247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053146)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.164.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053146/; classtype:trojan-activity;sid:83916246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053145)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.183.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053145/; classtype:trojan-activity;sid:83916245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053144)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.161.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053144/; classtype:trojan-activity;sid:83916244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053143)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.177.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053143/; classtype:trojan-activity;sid:83916243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.81.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053142/; classtype:trojan-activity;sid:83916242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.29.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053141/; classtype:trojan-activity;sid:83916241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.155.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053140/; classtype:trojan-activity;sid:83916240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.89.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053139/; classtype:trojan-activity;sid:83916239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.155.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053137/; classtype:trojan-activity;sid:83916237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.118.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053138/; classtype:trojan-activity;sid:83916238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.199.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053136/; classtype:trojan-activity;sid:83916236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.70.25.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053135/; classtype:trojan-activity;sid:83916235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.29.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053134/; classtype:trojan-activity;sid:83916234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.241.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053133/; classtype:trojan-activity;sid:83916233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.120.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053132/; classtype:trojan-activity;sid:83916232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.73.172"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053131/; classtype:trojan-activity;sid:83916231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053130)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.227.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053130/; classtype:trojan-activity;sid:83916230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053126)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.93.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053126/; classtype:trojan-activity;sid:83916226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053127)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.97.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053127/; classtype:trojan-activity;sid:83916227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053128)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.32.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053128/; classtype:trojan-activity;sid:83916228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053129)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.155.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053129/; classtype:trojan-activity;sid:83916229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053125)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.65.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053125/; classtype:trojan-activity;sid:83916225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053124)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.139.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053124/; classtype:trojan-activity;sid:83916224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053123)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.170.201.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053123/; classtype:trojan-activity;sid:83916223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053122)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053122/; classtype:trojan-activity;sid:83916222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053121)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.32.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053121/; classtype:trojan-activity;sid:83916221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053120)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.208.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053120/; classtype:trojan-activity;sid:83916220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053119)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.166.114.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053119/; classtype:trojan-activity;sid:83916219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.121.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053118/; classtype:trojan-activity;sid:83916218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.27.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053117/; classtype:trojan-activity;sid:83916217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.251.170.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053116/; classtype:trojan-activity;sid:83916216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.163.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053115/; classtype:trojan-activity;sid:83916215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053114)"; flow:established,from_client; content:"GET"; http_method; content:"/api/kysc/psscript"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"20.251.161.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053114/; classtype:trojan-activity;sid:83916214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053113)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.130.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053113/; classtype:trojan-activity;sid:83916213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053112)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.200.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053112/; classtype:trojan-activity;sid:83916212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053111)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.241.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053111/; classtype:trojan-activity;sid:83916211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053110)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053110/; classtype:trojan-activity;sid:83916210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.58.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053109/; classtype:trojan-activity;sid:83916209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.213.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053108/; classtype:trojan-activity;sid:83916208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.70.25.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053107/; classtype:trojan-activity;sid:83916207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053106)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.114.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053106/; classtype:trojan-activity;sid:83916206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053105)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.64.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053105/; classtype:trojan-activity;sid:83916205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.79.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053104/; classtype:trojan-activity;sid:83916204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.37.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053103/; classtype:trojan-activity;sid:83916203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.236.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053102/; classtype:trojan-activity;sid:83916202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053098)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.13.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053098/; classtype:trojan-activity;sid:83916198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053099)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.5.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053099/; classtype:trojan-activity;sid:83916199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.105.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053100/; classtype:trojan-activity;sid:83916200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053101)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.185.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053101/; classtype:trojan-activity;sid:83916201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.214.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053097/; classtype:trojan-activity;sid:83916197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.27.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053096/; classtype:trojan-activity;sid:83916196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.121.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053095/; classtype:trojan-activity;sid:83916195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.125.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053094/; classtype:trojan-activity;sid:83916194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.161.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053093/; classtype:trojan-activity;sid:83916193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.147.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053092/; classtype:trojan-activity;sid:83916192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.81.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053091/; classtype:trojan-activity;sid:83916191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.62.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053090/; classtype:trojan-activity;sid:83916190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.115.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053088/; classtype:trojan-activity;sid:83916188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.213.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053089/; classtype:trojan-activity;sid:83916189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.142.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053087/; classtype:trojan-activity;sid:83916187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.20.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053086/; classtype:trojan-activity;sid:83916186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.114.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053085/; classtype:trojan-activity;sid:83916185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053084)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053084/; classtype:trojan-activity;sid:83916184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053083)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.6.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053083/; classtype:trojan-activity;sid:83916183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053082)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.39.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053082/; classtype:trojan-activity;sid:83916182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053081)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.172.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053081/; classtype:trojan-activity;sid:83916181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053080)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.23.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053080/; classtype:trojan-activity;sid:83916180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.178.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053079/; classtype:trojan-activity;sid:83916179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.37.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053076/; classtype:trojan-activity;sid:83916176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.237.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053077/; classtype:trojan-activity;sid:83916177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.142.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053078/; classtype:trojan-activity;sid:83916178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053075)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.79.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053075/; classtype:trojan-activity;sid:83916175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.20.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053074/; classtype:trojan-activity;sid:83916174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.92.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053073/; classtype:trojan-activity;sid:83916173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053072)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.24.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053072/; classtype:trojan-activity;sid:83916172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053071)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.139.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053071/; classtype:trojan-activity;sid:83916171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.111.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053070/; classtype:trojan-activity;sid:83916170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.33.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053069/; classtype:trojan-activity;sid:83916169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053068)"; flow:established,from_client; content:"GET"; http_method; content:"/orderreview"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"abp.fans.smalladventureguide.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053068/; classtype:trojan-activity;sid:83916168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.115.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053067/; classtype:trojan-activity;sid:83916167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053066)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.2.46.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053066/; classtype:trojan-activity;sid:83916166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.227.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053065/; classtype:trojan-activity;sid:83916165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053064)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.81.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053064/; classtype:trojan-activity;sid:83916164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053063)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.46.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053063/; classtype:trojan-activity;sid:83916163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053062)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.122.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053062/; classtype:trojan-activity;sid:83916162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053061)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.249.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053061/; classtype:trojan-activity;sid:83916161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.24.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053060/; classtype:trojan-activity;sid:83916160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053059)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.205.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053059/; classtype:trojan-activity;sid:83916159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.54.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053058/; classtype:trojan-activity;sid:83916158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.244.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053057/; classtype:trojan-activity;sid:83916157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.215.4.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053056/; classtype:trojan-activity;sid:83916156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.87.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053055/; classtype:trojan-activity;sid:83916155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.142.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053054/; classtype:trojan-activity;sid:83916154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053053)"; flow:established,from_client; content:"GET"; http_method; content:"/employee.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.31.116.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053053/; classtype:trojan-activity;sid:83916153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053052)"; flow:established,from_client; content:"GET"; http_method; content:"/employee.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.onlinesupportforroad.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053052/; classtype:trojan-activity;sid:83916152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053048)"; flow:established,from_client; content:"GET"; http_method; content:"/psi.ps1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.31.116.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053048/; classtype:trojan-activity;sid:83916148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053049)"; flow:established,from_client; content:"GET"; http_method; content:"/psi.ps1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.31.116.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053049/; classtype:trojan-activity;sid:83916149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053050)"; flow:established,from_client; content:"GET"; http_method; content:"/psi.ps1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.onlinesupportforroad.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053050/; classtype:trojan-activity;sid:83916150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053051)"; flow:established,from_client; content:"GET"; http_method; content:"/psi.ps1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.onlinesupportforroad.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053051/; classtype:trojan-activity;sid:83916151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.10.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053047/; classtype:trojan-activity;sid:83916147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053046)"; flow:established,from_client; content:"GET"; http_method; content:"/employee.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.onlinesupportforroad.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053046/; classtype:trojan-activity;sid:83916146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.244.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053045/; classtype:trojan-activity;sid:83916145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.237.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053044/; classtype:trojan-activity;sid:83916144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053043)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.15.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053043/; classtype:trojan-activity;sid:83916143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.197.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053042/; classtype:trojan-activity;sid:83916142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.87.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053041/; classtype:trojan-activity;sid:83916141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.211.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053040/; classtype:trojan-activity;sid:83916140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.72.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053039/; classtype:trojan-activity;sid:83916139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.54.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053038/; classtype:trojan-activity;sid:83916138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.227.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053037/; classtype:trojan-activity;sid:83916137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053036)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.211.214.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053036/; classtype:trojan-activity;sid:83916136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.211.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053035/; classtype:trojan-activity;sid:83916135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053034)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.217.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053034/; classtype:trojan-activity;sid:83916134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.21.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053033/; classtype:trojan-activity;sid:83916133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.223.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053032/; classtype:trojan-activity;sid:83916132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.18.1"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053031/; classtype:trojan-activity;sid:83916131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.53.154.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053030/; classtype:trojan-activity;sid:83916130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.209.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053028/; classtype:trojan-activity;sid:83916128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.119.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053029/; classtype:trojan-activity;sid:83916129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"210.171.87.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053027/; classtype:trojan-activity;sid:83916127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.95.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053026/; classtype:trojan-activity;sid:83916126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.94.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053025/; classtype:trojan-activity;sid:83916125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.212.142.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053024/; classtype:trojan-activity;sid:83916124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.3.37"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053023/; classtype:trojan-activity;sid:83916123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.19.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053022/; classtype:trojan-activity;sid:83916122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.9.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053021/; classtype:trojan-activity;sid:83916121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.151.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053020/; classtype:trojan-activity;sid:83916120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053019)"; flow:established,from_client; content:"GET"; http_method; content:"/ib4.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.216.70.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053019/; classtype:trojan-activity;sid:83916119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.185.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053018/; classtype:trojan-activity;sid:83916118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053017)"; flow:established,from_client; content:"GET"; http_method; content:"/employee.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.31.116.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053017/; classtype:trojan-activity;sid:83916117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.30.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053016/; classtype:trojan-activity;sid:83916116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053014)"; flow:established,from_client; content:"GET"; http_method; content:"/1002.jpg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"109.199.101.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053014/; classtype:trojan-activity;sid:83916114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053015)"; flow:established,from_client; content:"GET"; http_method; content:"/laodpuuqwxlvfvqt.jpg"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"104.243.37.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053015/; classtype:trojan-activity;sid:83916115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053011)"; flow:established,from_client; content:"GET"; http_method; content:"/4ib.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.216.70.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053011/; classtype:trojan-activity;sid:83916111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053012)"; flow:established,from_client; content:"GET"; http_method; content:"//zohre.jpg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"23.26.108.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053012/; classtype:trojan-activity;sid:83916112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.18.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053013/; classtype:trojan-activity;sid:83916113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053004)"; flow:established,from_client; content:"GET"; http_method; content:"/55n57.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.199.101.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053004/; classtype:trojan-activity;sid:83916104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053005)"; flow:established,from_client; content:"GET"; http_method; content:"//fsp.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"23.26.108.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053005/; classtype:trojan-activity;sid:83916105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053006)"; flow:established,from_client; content:"GET"; http_method; content:"/ant.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.216.70.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053006/; classtype:trojan-activity;sid:83916106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053007)"; flow:established,from_client; content:"GET"; http_method; content:"/i4.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.216.70.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053007/; classtype:trojan-activity;sid:83916107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053008)"; flow:established,from_client; content:"GET"; http_method; content:"/x.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.216.70.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053008/; classtype:trojan-activity;sid:83916108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053009)"; flow:established,from_client; content:"GET"; http_method; content:"/uzopuzbkrpcziwca.txt"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"104.243.37.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053009/; classtype:trojan-activity;sid:83916109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053010)"; flow:established,from_client; content:"GET"; http_method; content:"/v.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.216.70.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053010/; classtype:trojan-activity;sid:83916110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.171.87.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053003/; classtype:trojan-activity;sid:83916103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.21.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053002/; classtype:trojan-activity;sid:83916102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.119.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053001/; classtype:trojan-activity;sid:83916101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3053000)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.94.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3053000/; classtype:trojan-activity;sid:83916100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052999)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.248.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052999/; classtype:trojan-activity;sid:83916099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052998)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.111.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052998/; classtype:trojan-activity;sid:83916098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052997)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.84.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052997/; classtype:trojan-activity;sid:83916097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052996)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.167.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052996/; classtype:trojan-activity;sid:83916096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.242.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052995/; classtype:trojan-activity;sid:83916095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.236.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052994/; classtype:trojan-activity;sid:83916094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.53.154.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052993/; classtype:trojan-activity;sid:83916093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.209.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052992/; classtype:trojan-activity;sid:83916092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.9.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052991/; classtype:trojan-activity;sid:83916091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.214.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052990/; classtype:trojan-activity;sid:83916090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.86.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052989/; classtype:trojan-activity;sid:83916089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052987)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.139.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052987/; classtype:trojan-activity;sid:83916087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052988)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.107.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052988/; classtype:trojan-activity;sid:83916088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.98.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052986/; classtype:trojan-activity;sid:83916086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052984)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.168.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052984/; classtype:trojan-activity;sid:83916084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052985)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.103.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052985/; classtype:trojan-activity;sid:83916085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.242.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052983/; classtype:trojan-activity;sid:83916083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.253.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052982/; classtype:trojan-activity;sid:83916082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.218.192.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052981/; classtype:trojan-activity;sid:83916081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052980)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.18.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052980/; classtype:trojan-activity;sid:83916080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.236.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052979/; classtype:trojan-activity;sid:83916079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.220.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052978/; classtype:trojan-activity;sid:83916078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.12.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052977/; classtype:trojan-activity;sid:83916077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052976)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.242.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052976/; classtype:trojan-activity;sid:83916076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.231.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052975/; classtype:trojan-activity;sid:83916075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.129.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052974/; classtype:trojan-activity;sid:83916074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.101.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052973/; classtype:trojan-activity;sid:83916073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.91.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052972/; classtype:trojan-activity;sid:83916072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.98.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052971/; classtype:trojan-activity;sid:83916071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052970)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.58.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052970/; classtype:trojan-activity;sid:83916070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.220.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052969/; classtype:trojan-activity;sid:83916069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.210.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052968/; classtype:trojan-activity;sid:83916068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.168.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052967/; classtype:trojan-activity;sid:83916067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.164.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052966/; classtype:trojan-activity;sid:83916066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.214.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052964/; classtype:trojan-activity;sid:83916064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.115.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052965/; classtype:trojan-activity;sid:83916065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052963)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.178.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052963/; classtype:trojan-activity;sid:83916063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.54.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052962/; classtype:trojan-activity;sid:83916062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.36.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052961/; classtype:trojan-activity;sid:83916061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.3.37"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052960/; classtype:trojan-activity;sid:83916060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052957)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.124.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052957/; classtype:trojan-activity;sid:83916057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052958)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.33.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052958/; classtype:trojan-activity;sid:83916058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052959)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.112.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052959/; classtype:trojan-activity;sid:83916059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.102.75.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052956/; classtype:trojan-activity;sid:83916056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052955)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.4.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052955/; classtype:trojan-activity;sid:83916055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052953)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.116.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052953/; classtype:trojan-activity;sid:83916053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052954)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.82.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052954/; classtype:trojan-activity;sid:83916054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052952)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.79.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052952/; classtype:trojan-activity;sid:83916052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052951)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.79.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052951/; classtype:trojan-activity;sid:83916051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052950)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.177.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052950/; classtype:trojan-activity;sid:83916050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052949)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.145.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052949/; classtype:trojan-activity;sid:83916049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052946)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.41.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052946/; classtype:trojan-activity;sid:83916046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052947)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.205.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052947/; classtype:trojan-activity;sid:83916047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052948)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.37.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052948/; classtype:trojan-activity;sid:83916048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.62.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052945/; classtype:trojan-activity;sid:83916045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052944)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.2.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052944/; classtype:trojan-activity;sid:83916044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052943)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.87.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052943/; classtype:trojan-activity;sid:83916043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052942)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.245.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052942/; classtype:trojan-activity;sid:83916042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052940)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.33.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052940/; classtype:trojan-activity;sid:83916040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.218.192.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052941/; classtype:trojan-activity;sid:83916041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.220.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052939/; classtype:trojan-activity;sid:83916039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.181.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052938/; classtype:trojan-activity;sid:83916038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.151.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052936/; classtype:trojan-activity;sid:83916036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.12.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052937/; classtype:trojan-activity;sid:83916037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.228.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052935/; classtype:trojan-activity;sid:83916035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.62.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052934/; classtype:trojan-activity;sid:83916034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.210.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052932/; classtype:trojan-activity;sid:83916032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.29.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052933/; classtype:trojan-activity;sid:83916033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052931)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.193.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052931/; classtype:trojan-activity;sid:83916031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052929)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.69.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052929/; classtype:trojan-activity;sid:83916029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052930)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.199.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052930/; classtype:trojan-activity;sid:83916030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.27.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052928/; classtype:trojan-activity;sid:83916028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.115.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052927/; classtype:trojan-activity;sid:83916027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.211.69.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052926/; classtype:trojan-activity;sid:83916026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.164.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052925/; classtype:trojan-activity;sid:83916025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.54.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052924/; classtype:trojan-activity;sid:83916024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.85.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052923/; classtype:trojan-activity;sid:83916023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.242.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052922/; classtype:trojan-activity;sid:83916022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052920)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.95.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052920/; classtype:trojan-activity;sid:83916020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.96.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052921/; classtype:trojan-activity;sid:83916021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052919)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.244.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052919/; classtype:trojan-activity;sid:83916019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.148.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052918/; classtype:trojan-activity;sid:83916018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.108.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052917/; classtype:trojan-activity;sid:83916017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.181.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052916/; classtype:trojan-activity;sid:83916016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.15.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052915/; classtype:trojan-activity;sid:83916015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.42.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052914/; classtype:trojan-activity;sid:83916014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.164.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052913/; classtype:trojan-activity;sid:83916013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.27.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052912/; classtype:trojan-activity;sid:83916012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.100.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052911/; classtype:trojan-activity;sid:83916011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.249.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052910/; classtype:trojan-activity;sid:83916010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.82.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052909/; classtype:trojan-activity;sid:83916009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052908)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.250.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052908/; classtype:trojan-activity;sid:83916008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.69.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052907/; classtype:trojan-activity;sid:83916007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052906)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.1.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052906/; classtype:trojan-activity;sid:83916006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052905)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.154.92.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052905/; classtype:trojan-activity;sid:83916005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.50.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052904/; classtype:trojan-activity;sid:83916004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.85.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052903/; classtype:trojan-activity;sid:83916003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.204.212.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052901/; classtype:trojan-activity;sid:83916001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.0.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052902/; classtype:trojan-activity;sid:83916002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.125.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052900/; classtype:trojan-activity;sid:83916000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.254.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052899/; classtype:trojan-activity;sid:83915999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.72.206"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052898/; classtype:trojan-activity;sid:83915998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.174.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052897/; classtype:trojan-activity;sid:83915997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.116.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052896/; classtype:trojan-activity;sid:83915996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052895)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.227.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052895/; classtype:trojan-activity;sid:83915995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.15.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052894/; classtype:trojan-activity;sid:83915994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.6.91.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052893/; classtype:trojan-activity;sid:83915993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.214.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052892/; classtype:trojan-activity;sid:83915992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.157.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052891/; classtype:trojan-activity;sid:83915991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.177.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052890/; classtype:trojan-activity;sid:83915990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.42.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052889/; classtype:trojan-activity;sid:83915989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.149.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052888/; classtype:trojan-activity;sid:83915988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.27.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052887/; classtype:trojan-activity;sid:83915987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.251.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052886/; classtype:trojan-activity;sid:83915986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.82.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052885/; classtype:trojan-activity;sid:83915985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052884)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.121.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052884/; classtype:trojan-activity;sid:83915984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.135.183.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052883/; classtype:trojan-activity;sid:83915983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.30.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052882/; classtype:trojan-activity;sid:83915982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.242.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052881/; classtype:trojan-activity;sid:83915981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.15.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052880/; classtype:trojan-activity;sid:83915980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.254.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052879/; classtype:trojan-activity;sid:83915979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052878)"; flow:established,from_client; content:"GET"; http_method; content:"/prog/669a659129ee2_crypted.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"79.137.192.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052878/; classtype:trojan-activity;sid:83915978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.21.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052876/; classtype:trojan-activity;sid:83915976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.142.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052877/; classtype:trojan-activity;sid:83915977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.72.206"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052875/; classtype:trojan-activity;sid:83915975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.230.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052874/; classtype:trojan-activity;sid:83915974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052873/; classtype:trojan-activity;sid:83915973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.6.91.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052872/; classtype:trojan-activity;sid:83915972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.214.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052871/; classtype:trojan-activity;sid:83915971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.125.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052870/; classtype:trojan-activity;sid:83915970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052869)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.235.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052869/; classtype:trojan-activity;sid:83915969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052868)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.168.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052868/; classtype:trojan-activity;sid:83915968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.247.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052867/; classtype:trojan-activity;sid:83915967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.45.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052866/; classtype:trojan-activity;sid:83915966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.14.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052865/; classtype:trojan-activity;sid:83915965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.157.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052864/; classtype:trojan-activity;sid:83915964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.43.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052863/; classtype:trojan-activity;sid:83915963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.251.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052862/; classtype:trojan-activity;sid:83915962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.212.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052861/; classtype:trojan-activity;sid:83915961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.81.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052860/; classtype:trojan-activity;sid:83915960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052859)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.172.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052859/; classtype:trojan-activity;sid:83915959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052858)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.33.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052858/; classtype:trojan-activity;sid:83915958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052857)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.116.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052857/; classtype:trojan-activity;sid:83915957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.242.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052856/; classtype:trojan-activity;sid:83915956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.6.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052855/; classtype:trojan-activity;sid:83915955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.21.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052854/; classtype:trojan-activity;sid:83915954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.17.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052852/; classtype:trojan-activity;sid:83915952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052853)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.50.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052853/; classtype:trojan-activity;sid:83915953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.8.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052851/; classtype:trojan-activity;sid:83915951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.14.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052850/; classtype:trojan-activity;sid:83915950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.185.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052849/; classtype:trojan-activity;sid:83915949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.141.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052848/; classtype:trojan-activity;sid:83915948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.170.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052847/; classtype:trojan-activity;sid:83915947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052846)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.39.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052846/; classtype:trojan-activity;sid:83915946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052845)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.24.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052845/; classtype:trojan-activity;sid:83915945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052844)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.201.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052844/; classtype:trojan-activity;sid:83915944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.73.95.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052843/; classtype:trojan-activity;sid:83915943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.45.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052842/; classtype:trojan-activity;sid:83915942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.199.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052841/; classtype:trojan-activity;sid:83915941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.228.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052839/; classtype:trojan-activity;sid:83915939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.160.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052840/; classtype:trojan-activity;sid:83915940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.92.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052838/; classtype:trojan-activity;sid:83915938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.68.179"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052837/; classtype:trojan-activity;sid:83915937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.119.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052836/; classtype:trojan-activity;sid:83915936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.82.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052835/; classtype:trojan-activity;sid:83915935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.80.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052834/; classtype:trojan-activity;sid:83915934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.28.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052833/; classtype:trojan-activity;sid:83915933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052832)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.89.155"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052832/; classtype:trojan-activity;sid:83915932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052831)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052831/; classtype:trojan-activity;sid:83915931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.6.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052830/; classtype:trojan-activity;sid:83915930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.95.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052829/; classtype:trojan-activity;sid:83915929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.99.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052828/; classtype:trojan-activity;sid:83915928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.33.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052827/; classtype:trojan-activity;sid:83915927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.17.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052826/; classtype:trojan-activity;sid:83915926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.122.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052825/; classtype:trojan-activity;sid:83915925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.141.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052824/; classtype:trojan-activity;sid:83915924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052823)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.228.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052823/; classtype:trojan-activity;sid:83915923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.249.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052822/; classtype:trojan-activity;sid:83915922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.73.95.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052821/; classtype:trojan-activity;sid:83915921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.212.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052819/; classtype:trojan-activity;sid:83915919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.214.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052820/; classtype:trojan-activity;sid:83915920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.55.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052818/; classtype:trojan-activity;sid:83915918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.165.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052817/; classtype:trojan-activity;sid:83915917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.160.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052816/; classtype:trojan-activity;sid:83915916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052815)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.218.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052815/; classtype:trojan-activity;sid:83915915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052814)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"106.15.239.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052814/; classtype:trojan-activity;sid:83915914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052813)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.14.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052813/; classtype:trojan-activity;sid:83915913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052812)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.217.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052812/; classtype:trojan-activity;sid:83915912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052811)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.200.168.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052811/; classtype:trojan-activity;sid:83915911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052809)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.133.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052809/; classtype:trojan-activity;sid:83915909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.201.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052810/; classtype:trojan-activity;sid:83915910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.92.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052808/; classtype:trojan-activity;sid:83915908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.199.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052807/; classtype:trojan-activity;sid:83915907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.37.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052806/; classtype:trojan-activity;sid:83915906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.72.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052805/; classtype:trojan-activity;sid:83915905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.250.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052804/; classtype:trojan-activity;sid:83915904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.10.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052803/; classtype:trojan-activity;sid:83915903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.39.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052802/; classtype:trojan-activity;sid:83915902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.158.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052801/; classtype:trojan-activity;sid:83915901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.42.156"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052800/; classtype:trojan-activity;sid:83915900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.52.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052799/; classtype:trojan-activity;sid:83915899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.163.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052797/; classtype:trojan-activity;sid:83915897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.133.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052798/; classtype:trojan-activity;sid:83915898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.201.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052796/; classtype:trojan-activity;sid:83915896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.183.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052795/; classtype:trojan-activity;sid:83915895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.6.2.64"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052794/; classtype:trojan-activity;sid:83915894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.103.142"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052793/; classtype:trojan-activity;sid:83915893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.28.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052792/; classtype:trojan-activity;sid:83915892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.91.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052791/; classtype:trojan-activity;sid:83915891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.118.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052790/; classtype:trojan-activity;sid:83915890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.173.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052789/; classtype:trojan-activity;sid:83915889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.67.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052788/; classtype:trojan-activity;sid:83915888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.33.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052787/; classtype:trojan-activity;sid:83915887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.122.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052786/; classtype:trojan-activity;sid:83915886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.149.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052785/; classtype:trojan-activity;sid:83915885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.171.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052784/; classtype:trojan-activity;sid:83915884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.66.68.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052783/; classtype:trojan-activity;sid:83915883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.245.158.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052782/; classtype:trojan-activity;sid:83915882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.145.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052781/; classtype:trojan-activity;sid:83915881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.160.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052780/; classtype:trojan-activity;sid:83915880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.136.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052779/; classtype:trojan-activity;sid:83915879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052778)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.204.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052778/; classtype:trojan-activity;sid:83915878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052775)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.170.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052775/; classtype:trojan-activity;sid:83915875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.180.36.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052776/; classtype:trojan-activity;sid:83915876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.35.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052777/; classtype:trojan-activity;sid:83915877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052774)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.138.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052774/; classtype:trojan-activity;sid:83915874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.4.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052773/; classtype:trojan-activity;sid:83915873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052772/; classtype:trojan-activity;sid:83915872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052770)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.164.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052770/; classtype:trojan-activity;sid:83915870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052771)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.37.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052771/; classtype:trojan-activity;sid:83915871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052768)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.168.86.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052768/; classtype:trojan-activity;sid:83915868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052769)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.38.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052769/; classtype:trojan-activity;sid:83915869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052766)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.109.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052766/; classtype:trojan-activity;sid:83915866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052767)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.194.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052767/; classtype:trojan-activity;sid:83915867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052764)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.11.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052764/; classtype:trojan-activity;sid:83915864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052765)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.133.109.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052765/; classtype:trojan-activity;sid:83915865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052763)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.74.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052763/; classtype:trojan-activity;sid:83915863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052762)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.165.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052762/; classtype:trojan-activity;sid:83915862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052760)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.255.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052760/; classtype:trojan-activity;sid:83915860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.34.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052761/; classtype:trojan-activity;sid:83915861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052759)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.191.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052759/; classtype:trojan-activity;sid:83915859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052758)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.78.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052758/; classtype:trojan-activity;sid:83915858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052757)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.21.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052757/; classtype:trojan-activity;sid:83915857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052754)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.163.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052754/; classtype:trojan-activity;sid:83915854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052755)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.58.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052755/; classtype:trojan-activity;sid:83915855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052756)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.62.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052756/; classtype:trojan-activity;sid:83915856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.202.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052751/; classtype:trojan-activity;sid:83915851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052752)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.175.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052752/; classtype:trojan-activity;sid:83915852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052753)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.235.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052753/; classtype:trojan-activity;sid:83915853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.161.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052750/; classtype:trojan-activity;sid:83915850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052749)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|resid=8e46c1968a0bd204%21125|7c|26|7c|authkey=!agfr46opw6byh2g"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052749/; classtype:trojan-activity;sid:83915849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052747)"; flow:established,from_client; content:"GET"; http_method; content:"/88188/winiti.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.3.13.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052747/; classtype:trojan-activity;sid:83915847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.61.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052748/; classtype:trojan-activity;sid:83915848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.14.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052746/; classtype:trojan-activity;sid:83915846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.37.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052745/; classtype:trojan-activity;sid:83915845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052744)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.39.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052744/; classtype:trojan-activity;sid:83915844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.10.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052743/; classtype:trojan-activity;sid:83915843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.178.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052742/; classtype:trojan-activity;sid:83915842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.180.14.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052741/; classtype:trojan-activity;sid:83915841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.219.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052740/; classtype:trojan-activity;sid:83915840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.52.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052739/; classtype:trojan-activity;sid:83915839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.160.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052738/; classtype:trojan-activity;sid:83915838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.201.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052737/; classtype:trojan-activity;sid:83915837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.163.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052736/; classtype:trojan-activity;sid:83915836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.118.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052735/; classtype:trojan-activity;sid:83915835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052731)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/weq/ienetcache.hta"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"107.172.4.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052731/; classtype:trojan-activity;sid:83915831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052732)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/grd/ienetcache.hta"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"192.3.13.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052732/; classtype:trojan-activity;sid:83915832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.122.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052733/; classtype:trojan-activity;sid:83915833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052734)"; flow:established,from_client; content:"GET"; http_method; content:"/515/winiti.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"107.172.4.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052734/; classtype:trojan-activity;sid:83915834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052730)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/srmaster-3e0e8.appspot.com/o/revenger.jpg|3f|alt=media|7c|26|7c|token=f4f35bff-72c6-4f56-ae67-ea2379366dd5"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052730/; classtype:trojan-activity;sid:83915830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052729)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.125.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052729/; classtype:trojan-activity;sid:83915829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052728)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.196.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052728/; classtype:trojan-activity;sid:83915828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.149.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052724/; classtype:trojan-activity;sid:83915824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052725)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.208.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052725/; classtype:trojan-activity;sid:83915825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.34.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052726/; classtype:trojan-activity;sid:83915826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052727)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.211.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052727/; classtype:trojan-activity;sid:83915827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.225.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052723/; classtype:trojan-activity;sid:83915823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.22.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052722/; classtype:trojan-activity;sid:83915822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.27.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052721/; classtype:trojan-activity;sid:83915821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052719)"; flow:established,from_client; content:"GET"; http_method; content:"/90590/me/me.me.me.me.mememe.doc"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"38.240.40.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052719/; classtype:trojan-activity;sid:83915819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.173.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052720/; classtype:trojan-activity;sid:83915820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.180.36.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052718/; classtype:trojan-activity;sid:83915818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.62.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052717/; classtype:trojan-activity;sid:83915817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.88.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052716/; classtype:trojan-activity;sid:83915816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.237.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052713/; classtype:trojan-activity;sid:83915813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.203.94.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052714/; classtype:trojan-activity;sid:83915814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.91.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052715/; classtype:trojan-activity;sid:83915815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052712)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.245.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052712/; classtype:trojan-activity;sid:83915812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.88.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052710/; classtype:trojan-activity;sid:83915810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.61.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052711/; classtype:trojan-activity;sid:83915811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.204.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052709/; classtype:trojan-activity;sid:83915809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052708)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.28.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052708/; classtype:trojan-activity;sid:83915808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052707)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052707/; classtype:trojan-activity;sid:83915807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.209.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052703/; classtype:trojan-activity;sid:83915803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052704)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"43.240.65.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052704/; classtype:trojan-activity;sid:83915804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052705)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.198.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052705/; classtype:trojan-activity;sid:83915805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052706)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"220.248.47.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052706/; classtype:trojan-activity;sid:83915806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052702)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.91.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052702/; classtype:trojan-activity;sid:83915802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052701)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.69.217.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052701/; classtype:trojan-activity;sid:83915801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.146.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052700/; classtype:trojan-activity;sid:83915800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052699)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.35.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052699/; classtype:trojan-activity;sid:83915799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.180.14.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052698/; classtype:trojan-activity;sid:83915798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052697)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"211.226.15.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052697/; classtype:trojan-activity;sid:83915797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.181.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052696/; classtype:trojan-activity;sid:83915796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.14.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052693/; classtype:trojan-activity;sid:83915793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.207.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052694/; classtype:trojan-activity;sid:83915794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.175.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052695/; classtype:trojan-activity;sid:83915795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.85.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052692/; classtype:trojan-activity;sid:83915792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052691)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.189.103.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052691/; classtype:trojan-activity;sid:83915791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.154.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052689/; classtype:trojan-activity;sid:83915789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.191.137.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052690/; classtype:trojan-activity;sid:83915790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.88.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052688/; classtype:trojan-activity;sid:83915788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.178.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052687/; classtype:trojan-activity;sid:83915787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.101.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052686/; classtype:trojan-activity;sid:83915786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.143.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052684/; classtype:trojan-activity;sid:83915784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.176.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052685/; classtype:trojan-activity;sid:83915785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.254.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052683/; classtype:trojan-activity;sid:83915783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.254.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052682/; classtype:trojan-activity;sid:83915782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.24.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052681/; classtype:trojan-activity;sid:83915781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.24.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052680/; classtype:trojan-activity;sid:83915780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052679)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.183.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052679/; classtype:trojan-activity;sid:83915779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052678)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.254.205.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052678/; classtype:trojan-activity;sid:83915778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.174.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052677/; classtype:trojan-activity;sid:83915777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052676)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.13.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052676/; classtype:trojan-activity;sid:83915776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.185.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052674/; classtype:trojan-activity;sid:83915774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.213.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052675/; classtype:trojan-activity;sid:83915775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.96.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052672/; classtype:trojan-activity;sid:83915772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.122.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052673/; classtype:trojan-activity;sid:83915773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052671)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.127.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052671/; classtype:trojan-activity;sid:83915771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.109.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052670/; classtype:trojan-activity;sid:83915770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.27.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052669/; classtype:trojan-activity;sid:83915769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052660)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.kdnewsindia.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052660/; classtype:trojan-activity;sid:83915760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052661)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.commingleenterprises.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052661/; classtype:trojan-activity;sid:83915761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052662)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.ekhushab.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052662/; classtype:trojan-activity;sid:83915762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052663)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.bestt-shirts.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052663/; classtype:trojan-activity;sid:83915763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052664)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.eastsuninteriors.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052664/; classtype:trojan-activity;sid:83915764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052665)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"eastsuninteriors.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052665/; classtype:trojan-activity;sid:83915765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052666)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.monarambientes.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052666/; classtype:trojan-activity;sid:83915766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052667)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.meerahustle.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052667/; classtype:trojan-activity;sid:83915767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052668)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.domainsenses.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052668/; classtype:trojan-activity;sid:83915768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.203.94.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052659/; classtype:trojan-activity;sid:83915759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.111.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052658/; classtype:trojan-activity;sid:83915758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.62.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052657/; classtype:trojan-activity;sid:83915757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.173.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052655/; classtype:trojan-activity;sid:83915755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.237.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052656/; classtype:trojan-activity;sid:83915756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.121.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052654/; classtype:trojan-activity;sid:83915754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.122.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052653/; classtype:trojan-activity;sid:83915753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.216.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052652/; classtype:trojan-activity;sid:83915752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.172.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052651/; classtype:trojan-activity;sid:83915751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.45.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052650/; classtype:trojan-activity;sid:83915750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.101.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052649/; classtype:trojan-activity;sid:83915749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.175.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052648/; classtype:trojan-activity;sid:83915748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052647)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.207.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052647/; classtype:trojan-activity;sid:83915747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052646)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.248.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052646/; classtype:trojan-activity;sid:83915746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.2.104.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052645/; classtype:trojan-activity;sid:83915745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.46.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052644/; classtype:trojan-activity;sid:83915744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.112.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052643/; classtype:trojan-activity;sid:83915743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.176.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052642/; classtype:trojan-activity;sid:83915742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.73.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052641/; classtype:trojan-activity;sid:83915741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.170.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052640/; classtype:trojan-activity;sid:83915740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.85.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052639/; classtype:trojan-activity;sid:83915739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.246.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052638/; classtype:trojan-activity;sid:83915738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052637/; classtype:trojan-activity;sid:83915737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.38.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052636/; classtype:trojan-activity;sid:83915736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.182.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052635/; classtype:trojan-activity;sid:83915735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.254.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052634/; classtype:trojan-activity;sid:83915734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.244.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052633/; classtype:trojan-activity;sid:83915733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.149.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052632/; classtype:trojan-activity;sid:83915732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.89.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052631/; classtype:trojan-activity;sid:83915731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052630)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.34.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052630/; classtype:trojan-activity;sid:83915730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.96.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052629/; classtype:trojan-activity;sid:83915729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.213.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052628/; classtype:trojan-activity;sid:83915728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.109.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052627/; classtype:trojan-activity;sid:83915727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.57.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052626/; classtype:trojan-activity;sid:83915726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.0.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052625/; classtype:trojan-activity;sid:83915725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.121.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052624/; classtype:trojan-activity;sid:83915724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.72.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052623/; classtype:trojan-activity;sid:83915723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.67.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052621/; classtype:trojan-activity;sid:83915721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052622)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.216.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052622/; classtype:trojan-activity;sid:83915722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.25.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052619/; classtype:trojan-activity;sid:83915719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.34.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052620/; classtype:trojan-activity;sid:83915720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.15.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052618/; classtype:trojan-activity;sid:83915718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.104.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052617/; classtype:trojan-activity;sid:83915717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.213.237.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052616/; classtype:trojan-activity;sid:83915716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.50.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052615/; classtype:trojan-activity;sid:83915715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.181.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052613/; classtype:trojan-activity;sid:83915713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.85.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052614/; classtype:trojan-activity;sid:83915714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.43.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052612/; classtype:trojan-activity;sid:83915712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052611)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.119.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052611/; classtype:trojan-activity;sid:83915711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052610)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.142.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052610/; classtype:trojan-activity;sid:83915710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052609)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.5.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052609/; classtype:trojan-activity;sid:83915709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.220.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052608/; classtype:trojan-activity;sid:83915708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.55.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052607/; classtype:trojan-activity;sid:83915707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.246.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052606/; classtype:trojan-activity;sid:83915706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.60.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052605/; classtype:trojan-activity;sid:83915705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052604)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.175.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052604/; classtype:trojan-activity;sid:83915704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.170.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052601/; classtype:trojan-activity;sid:83915701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.46.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052602/; classtype:trojan-activity;sid:83915702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.218.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052603/; classtype:trojan-activity;sid:83915703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.92.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052600/; classtype:trojan-activity;sid:83915700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.54.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052599/; classtype:trojan-activity;sid:83915699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.72.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052598/; classtype:trojan-activity;sid:83915698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052597)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.149.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052597/; classtype:trojan-activity;sid:83915697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.187.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052596/; classtype:trojan-activity;sid:83915696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.3.80"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052595/; classtype:trojan-activity;sid:83915695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.38.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052594/; classtype:trojan-activity;sid:83915694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.120.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052593/; classtype:trojan-activity;sid:83915693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.137.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052592/; classtype:trojan-activity;sid:83915692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.244.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052591/; classtype:trojan-activity;sid:83915691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.149.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052590/; classtype:trojan-activity;sid:83915690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.73.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052589/; classtype:trojan-activity;sid:83915689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052588)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"c-regioale.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052588/; classtype:trojan-activity;sid:83915688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.89.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052587/; classtype:trojan-activity;sid:83915687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052581)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"i-fnfolp.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052581/; classtype:trojan-activity;sid:83915681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052582)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"i-fnfolp.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052582/; classtype:trojan-activity;sid:83915682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052583)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"i-fnfolp.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052583/; classtype:trojan-activity;sid:83915683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052584)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"i-fnfolp.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052584/; classtype:trojan-activity;sid:83915684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052585)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"i-fnfolp.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052585/; classtype:trojan-activity;sid:83915685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052586)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"i-fnfolp.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052586/; classtype:trojan-activity;sid:83915686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052580)"; flow:established,from_client; content:"GET"; http_method; content:"/ciabins.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"i-fnfolp.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052580/; classtype:trojan-activity;sid:83915680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052579)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.20.149"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052579/; classtype:trojan-activity;sid:83915679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.6.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052578/; classtype:trojan-activity;sid:83915678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052577)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.249.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052577/; classtype:trojan-activity;sid:83915677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052576)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.120.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052576/; classtype:trojan-activity;sid:83915676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.178.249.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052575/; classtype:trojan-activity;sid:83915675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.249.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052574/; classtype:trojan-activity;sid:83915674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.170.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052573/; classtype:trojan-activity;sid:83915673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.211.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052572/; classtype:trojan-activity;sid:83915672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.103.175.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052571/; classtype:trojan-activity;sid:83915671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.67.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052570/; classtype:trojan-activity;sid:83915670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.25.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052569/; classtype:trojan-activity;sid:83915669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.34.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052568/; classtype:trojan-activity;sid:83915668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052567)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"c-regioale.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052567/; classtype:trojan-activity;sid:83915667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052556)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.c-regioale.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052556/; classtype:trojan-activity;sid:83915656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052557)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.c-regioale.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052557/; classtype:trojan-activity;sid:83915657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052558)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.i-fnfolp.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052558/; classtype:trojan-activity;sid:83915658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052559)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.c-regioale.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052559/; classtype:trojan-activity;sid:83915659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052560)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.c-regioale.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052560/; classtype:trojan-activity;sid:83915660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052561)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.i-fnfolp.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052561/; classtype:trojan-activity;sid:83915661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052562)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.i-fnfolp.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052562/; classtype:trojan-activity;sid:83915662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052563)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.c-regioale.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052563/; classtype:trojan-activity;sid:83915663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052564)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.i-fnfolp.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052564/; classtype:trojan-activity;sid:83915664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052565)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.c-regioale.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052565/; classtype:trojan-activity;sid:83915665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052566)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.i-fnfolp.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052566/; classtype:trojan-activity;sid:83915666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052555)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.i-fnfolp.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052555/; classtype:trojan-activity;sid:83915655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052553)"; flow:established,from_client; content:"GET"; http_method; content:"/ciabins.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.c-regioale.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052553/; classtype:trojan-activity;sid:83915653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052548)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"c-regioale.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052548/; classtype:trojan-activity;sid:83915648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052549)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"c-regioale.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052549/; classtype:trojan-activity;sid:83915649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052550)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"c-regioale.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052550/; classtype:trojan-activity;sid:83915650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052551)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"c-regioale.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052551/; classtype:trojan-activity;sid:83915651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052552)"; flow:established,from_client; content:"GET"; http_method; content:"/ciabins.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.i-fnfolp.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052552/; classtype:trojan-activity;sid:83915652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052547)"; flow:established,from_client; content:"GET"; http_method; content:"/ciabins.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"c-regioale.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052547/; classtype:trojan-activity;sid:83915647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.241.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052545/; classtype:trojan-activity;sid:83915645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.40.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052546/; classtype:trojan-activity;sid:83915646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.60.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052543/; classtype:trojan-activity;sid:83915643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.213.237.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052544/; classtype:trojan-activity;sid:83915644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.36.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052542/; classtype:trojan-activity;sid:83915642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052541)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.149.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052541/; classtype:trojan-activity;sid:83915641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052540)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.131.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052540/; classtype:trojan-activity;sid:83915640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.221.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052539/; classtype:trojan-activity;sid:83915639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052537)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.221.65.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052537/; classtype:trojan-activity;sid:83915637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052538)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.221.65.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052538/; classtype:trojan-activity;sid:83915638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052535)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.221.65.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052535/; classtype:trojan-activity;sid:83915635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052536)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.38.106.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052536/; classtype:trojan-activity;sid:83915636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052530)"; flow:established,from_client; content:"GET"; http_method; content:"/ciabins.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"37.221.65.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052530/; classtype:trojan-activity;sid:83915630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.86.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052531/; classtype:trojan-activity;sid:83915631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052532)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.92.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052532/; classtype:trojan-activity;sid:83915632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052533)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.221.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052533/; classtype:trojan-activity;sid:83915633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.55.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052534/; classtype:trojan-activity;sid:83915634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.200.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052529/; classtype:trojan-activity;sid:83915629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.240.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052528/; classtype:trojan-activity;sid:83915628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.37.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052527/; classtype:trojan-activity;sid:83915627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.18.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052526/; classtype:trojan-activity;sid:83915626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.145.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052525/; classtype:trojan-activity;sid:83915625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052524)"; flow:established,from_client; content:"GET"; http_method; content:"/90590/mem.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"38.240.40.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052524/; classtype:trojan-activity;sid:83915624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.166.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052522/; classtype:trojan-activity;sid:83915622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.60.236.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052523/; classtype:trojan-activity;sid:83915623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.187.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052521/; classtype:trojan-activity;sid:83915621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.20.163"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052520/; classtype:trojan-activity;sid:83915620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.46.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052519/; classtype:trojan-activity;sid:83915619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.82.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052518/; classtype:trojan-activity;sid:83915618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052517)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bittorrent.am"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052517/; classtype:trojan-activity;sid:83915617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052506)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bittorrent.am"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052506/; classtype:trojan-activity;sid:83915606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052507)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.bittorrent.am"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052507/; classtype:trojan-activity;sid:83915607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052508)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.bittorrent.am"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052508/; classtype:trojan-activity;sid:83915608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052509)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bittorrent.am"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052509/; classtype:trojan-activity;sid:83915609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052510)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bittorrent.am"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052510/; classtype:trojan-activity;sid:83915610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052511)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bittorrent.am"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052511/; classtype:trojan-activity;sid:83915611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052512)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.bittorrent.am"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052512/; classtype:trojan-activity;sid:83915612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052513)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.bittorrent.am"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052513/; classtype:trojan-activity;sid:83915613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052514)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.bittorrent.am"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052514/; classtype:trojan-activity;sid:83915614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052515)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.bittorrent.am"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052515/; classtype:trojan-activity;sid:83915615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052516)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bittorrent.am"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052516/; classtype:trojan-activity;sid:83915616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052504)"; flow:established,from_client; content:"GET"; http_method; content:"/ciabins.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"bittorrent.am"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052504/; classtype:trojan-activity;sid:83915604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052505)"; flow:established,from_client; content:"GET"; http_method; content:"/ciabins.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.bittorrent.am"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052505/; classtype:trojan-activity;sid:83915605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052503)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.219.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052503/; classtype:trojan-activity;sid:83915603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.213.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052502/; classtype:trojan-activity;sid:83915602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052501)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"93.123.85.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052501/; classtype:trojan-activity;sid:83915601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052493)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.211.67.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052493/; classtype:trojan-activity;sid:83915593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.187.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052494/; classtype:trojan-activity;sid:83915594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052495)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"93.123.85.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052495/; classtype:trojan-activity;sid:83915595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052496)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"93.123.85.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052496/; classtype:trojan-activity;sid:83915596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052497)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"93.123.85.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052497/; classtype:trojan-activity;sid:83915597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052498)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"93.123.85.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052498/; classtype:trojan-activity;sid:83915598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052499)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.208.158.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052499/; classtype:trojan-activity;sid:83915599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052500)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"93.123.85.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052500/; classtype:trojan-activity;sid:83915600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052492)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.10.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052492/; classtype:trojan-activity;sid:83915592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.231.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052491/; classtype:trojan-activity;sid:83915591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.178.249.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052490/; classtype:trojan-activity;sid:83915590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052478)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm4t"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"93.123.85.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052478/; classtype:trojan-activity;sid:83915578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052479)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"kdnewsindia.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052479/; classtype:trojan-activity;sid:83915579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052480)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"monarambientes.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052480/; classtype:trojan-activity;sid:83915580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052481)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"meerahustle.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052481/; classtype:trojan-activity;sid:83915581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052482)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"93.123.85.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052482/; classtype:trojan-activity;sid:83915582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052483)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bestt-shirts.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052483/; classtype:trojan-activity;sid:83915583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052484)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"commingleenterprises.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052484/; classtype:trojan-activity;sid:83915584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052485)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ekhushab.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052485/; classtype:trojan-activity;sid:83915585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052486)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"93.123.85.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052486/; classtype:trojan-activity;sid:83915586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052487)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"domainsenses.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052487/; classtype:trojan-activity;sid:83915587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.191.137.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052488/; classtype:trojan-activity;sid:83915588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.191.137.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052489/; classtype:trojan-activity;sid:83915589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.227.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052472/; classtype:trojan-activity;sid:83915572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052473)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.99.0.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052473/; classtype:trojan-activity;sid:83915573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052474)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.m68"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"93.123.85.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052474/; classtype:trojan-activity;sid:83915574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052475)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"93.123.85.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052475/; classtype:trojan-activity;sid:83915575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052476)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.i686"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"93.123.85.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052476/; classtype:trojan-activity;sid:83915576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052477)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"93.123.85.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052477/; classtype:trojan-activity;sid:83915577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052469)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.189.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052469/; classtype:trojan-activity;sid:83915569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052470)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.161.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052470/; classtype:trojan-activity;sid:83915570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.120.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052471/; classtype:trojan-activity;sid:83915571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.211.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052468/; classtype:trojan-activity;sid:83915568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052466)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/vbs.jpeg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"198.46.176.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052466/; classtype:trojan-activity;sid:83915566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052467)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/js.jpeg"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"198.46.176.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052467/; classtype:trojan-activity;sid:83915567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052465)"; flow:established,from_client; content:"GET"; http_method; content:"/90590/crosscheckonionsweetpottatogirl.gif"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"38.240.40.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052465/; classtype:trojan-activity;sid:83915565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.125.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052464/; classtype:trojan-activity;sid:83915564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.117.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052463/; classtype:trojan-activity;sid:83915563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.11.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052462/; classtype:trojan-activity;sid:83915562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.169.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052460/; classtype:trojan-activity;sid:83915560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.86.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052461/; classtype:trojan-activity;sid:83915561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.200.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052459/; classtype:trojan-activity;sid:83915559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.74.232.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052457/; classtype:trojan-activity;sid:83915557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.103.175.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052458/; classtype:trojan-activity;sid:83915558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052456)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.3.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052456/; classtype:trojan-activity;sid:83915556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052455)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.185.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052455/; classtype:trojan-activity;sid:83915555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.145.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052454/; classtype:trojan-activity;sid:83915554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.248.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052453/; classtype:trojan-activity;sid:83915553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.236.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052452/; classtype:trojan-activity;sid:83915552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.43.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052449/; classtype:trojan-activity;sid:83915549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.215.4.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052450/; classtype:trojan-activity;sid:83915550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.36.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052451/; classtype:trojan-activity;sid:83915551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.40.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052447/; classtype:trojan-activity;sid:83915547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.241.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052448/; classtype:trojan-activity;sid:83915548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.18.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052446/; classtype:trojan-activity;sid:83915546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.46.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052445/; classtype:trojan-activity;sid:83915545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.116.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052444/; classtype:trojan-activity;sid:83915544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052443)"; flow:established,from_client; content:"GET"; http_method; content:"/95095/zhhr.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.161.133.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052443/; classtype:trojan-activity;sid:83915543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.161.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052441/; classtype:trojan-activity;sid:83915541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052442/; classtype:trojan-activity;sid:83915542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.166.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052440/; classtype:trojan-activity;sid:83915540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.61.93.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052439/; classtype:trojan-activity;sid:83915539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.185.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052438/; classtype:trojan-activity;sid:83915538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.102.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052437/; classtype:trojan-activity;sid:83915537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052436)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.181.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052436/; classtype:trojan-activity;sid:83915536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052434)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.112.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052434/; classtype:trojan-activity;sid:83915534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052435)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.28.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052435/; classtype:trojan-activity;sid:83915535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.239.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052433/; classtype:trojan-activity;sid:83915533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052432)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.163.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052432/; classtype:trojan-activity;sid:83915532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.211.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052431/; classtype:trojan-activity;sid:83915531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052430)"; flow:established,from_client; content:"GET"; http_method; content:"/95095/butterburnverysweetgirleated.gif"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"103.161.133.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052430/; classtype:trojan-activity;sid:83915530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.125.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052429/; classtype:trojan-activity;sid:83915529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.151.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052428/; classtype:trojan-activity;sid:83915528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.134.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052427/; classtype:trojan-activity;sid:83915527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052425)"; flow:established,from_client; content:"GET"; http_method; content:"/516/winiti.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"107.172.4.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052425/; classtype:trojan-activity;sid:83915525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052426)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/weq/we/we.we.we.we.wewewewe.doc"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"107.172.4.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052426/; classtype:trojan-activity;sid:83915526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.117.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052424/; classtype:trojan-activity;sid:83915524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.74.232.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052422/; classtype:trojan-activity;sid:83915522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.88.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052423/; classtype:trojan-activity;sid:83915523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052421)"; flow:established,from_client; content:"GET"; http_method; content:"/656/winiti.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"107.172.4.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052421/; classtype:trojan-activity;sid:83915521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.161.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052420/; classtype:trojan-activity;sid:83915520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.122.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052418/; classtype:trojan-activity;sid:83915518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.170.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052419/; classtype:trojan-activity;sid:83915519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.11.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052417/; classtype:trojan-activity;sid:83915517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.104.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052416/; classtype:trojan-activity;sid:83915516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/mimikatz.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052415/; classtype:trojan-activity;sid:83915515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimispool.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052412/; classtype:trojan-activity;sid:83915512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimilib.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052413/; classtype:trojan-activity;sid:83915513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimidrv.sys"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052414/; classtype:trojan-activity;sid:83915514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052410)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052410/; classtype:trojan-activity;sid:83915510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052411)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052411/; classtype:trojan-activity;sid:83915511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052408)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.64.226.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052408/; classtype:trojan-activity;sid:83915508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052409)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.38.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052409/; classtype:trojan-activity;sid:83915509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.2.40"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052407/; classtype:trojan-activity;sid:83915507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052406)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.209.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052406/; classtype:trojan-activity;sid:83915506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052405)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.14.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052405/; classtype:trojan-activity;sid:83915505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052404)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.102.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052404/; classtype:trojan-activity;sid:83915504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.173.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052403/; classtype:trojan-activity;sid:83915503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052401)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.116.45.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052401/; classtype:trojan-activity;sid:83915501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052402)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.58.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052402/; classtype:trojan-activity;sid:83915502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimidrv.sys"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052395/; classtype:trojan-activity;sid:83915495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052396)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.85.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052396/; classtype:trojan-activity;sid:83915496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052397)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.175.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052397/; classtype:trojan-activity;sid:83915497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052398)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.239.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052398/; classtype:trojan-activity;sid:83915498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052399)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.37.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052399/; classtype:trojan-activity;sid:83915499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimikatz.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052400/; classtype:trojan-activity;sid:83915500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimispool.dll"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052392/; classtype:trojan-activity;sid:83915492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilove.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052393/; classtype:trojan-activity;sid:83915493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilib.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052394/; classtype:trojan-activity;sid:83915494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052391)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.12.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052391/; classtype:trojan-activity;sid:83915491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.27.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052390/; classtype:trojan-activity;sid:83915490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.116.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052388/; classtype:trojan-activity;sid:83915488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.10.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052389/; classtype:trojan-activity;sid:83915489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.134.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052387/; classtype:trojan-activity;sid:83915487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.104.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052386/; classtype:trojan-activity;sid:83915486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.46.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052385/; classtype:trojan-activity;sid:83915485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.122.255.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052384/; classtype:trojan-activity;sid:83915484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.23.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052382/; classtype:trojan-activity;sid:83915482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.239.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052383/; classtype:trojan-activity;sid:83915483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.185.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052381/; classtype:trojan-activity;sid:83915481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.202.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052380/; classtype:trojan-activity;sid:83915480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.170.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052379/; classtype:trojan-activity;sid:83915479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.52.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052378/; classtype:trojan-activity;sid:83915478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.211.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052377/; classtype:trojan-activity;sid:83915477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052376)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.0.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052376/; classtype:trojan-activity;sid:83915476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.252.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052375/; classtype:trojan-activity;sid:83915475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.136.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052374/; classtype:trojan-activity;sid:83915474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.91.207.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052372/; classtype:trojan-activity;sid:83915472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.202.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052373/; classtype:trojan-activity;sid:83915473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.170.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052371/; classtype:trojan-activity;sid:83915471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.233.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052370/; classtype:trojan-activity;sid:83915470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052369)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.231.98.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052369/; classtype:trojan-activity;sid:83915469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.122.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052368/; classtype:trojan-activity;sid:83915468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.85.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052367/; classtype:trojan-activity;sid:83915467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.104.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052366/; classtype:trojan-activity;sid:83915466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.73.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052365/; classtype:trojan-activity;sid:83915465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.80.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052363/; classtype:trojan-activity;sid:83915463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.166.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052364/; classtype:trojan-activity;sid:83915464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052362)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.55.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052362/; classtype:trojan-activity;sid:83915462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.99.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052361/; classtype:trojan-activity;sid:83915461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.87.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052360/; classtype:trojan-activity;sid:83915460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.110.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052359/; classtype:trojan-activity;sid:83915459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.167.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052357/; classtype:trojan-activity;sid:83915457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.103.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052358/; classtype:trojan-activity;sid:83915458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.46.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052356/; classtype:trojan-activity;sid:83915456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.122.255.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052355/; classtype:trojan-activity;sid:83915455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.202.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052354/; classtype:trojan-activity;sid:83915454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.154.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052352/; classtype:trojan-activity;sid:83915452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.23.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052353/; classtype:trojan-activity;sid:83915453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.91.207.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052351/; classtype:trojan-activity;sid:83915451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.22.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052350/; classtype:trojan-activity;sid:83915450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052349)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.61.93.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052349/; classtype:trojan-activity;sid:83915449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052348)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.146.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052348/; classtype:trojan-activity;sid:83915448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.91.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052347/; classtype:trojan-activity;sid:83915447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.48.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052346/; classtype:trojan-activity;sid:83915446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.229.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052345/; classtype:trojan-activity;sid:83915445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.73.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052344/; classtype:trojan-activity;sid:83915444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.80.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052343/; classtype:trojan-activity;sid:83915443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.208.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052342/; classtype:trojan-activity;sid:83915442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.184.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052341/; classtype:trojan-activity;sid:83915441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.87.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052340/; classtype:trojan-activity;sid:83915440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.147.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052339/; classtype:trojan-activity;sid:83915439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.60.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052338/; classtype:trojan-activity;sid:83915438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052336/; classtype:trojan-activity;sid:83915436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.57.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052337/; classtype:trojan-activity;sid:83915437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.229.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052335/; classtype:trojan-activity;sid:83915435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.85.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052334/; classtype:trojan-activity;sid:83915434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.178.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052333/; classtype:trojan-activity;sid:83915433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.32.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052332/; classtype:trojan-activity;sid:83915432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052331)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.118.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052331/; classtype:trojan-activity;sid:83915431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.103.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052330/; classtype:trojan-activity;sid:83915430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.194.55.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052329/; classtype:trojan-activity;sid:83915429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.102.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052328/; classtype:trojan-activity;sid:83915428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.114.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052326/; classtype:trojan-activity;sid:83915426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.250.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052327/; classtype:trojan-activity;sid:83915427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.135.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052324/; classtype:trojan-activity;sid:83915424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.155.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052325/; classtype:trojan-activity;sid:83915425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.18.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052323/; classtype:trojan-activity;sid:83915423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.229.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052322/; classtype:trojan-activity;sid:83915422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.107.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052320/; classtype:trojan-activity;sid:83915420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.154.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052321/; classtype:trojan-activity;sid:83915421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.34.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052319/; classtype:trojan-activity;sid:83915419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.229.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052318/; classtype:trojan-activity;sid:83915418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052317)"; flow:established,from_client; content:"GET"; http_method; content:"/imagesfilefoldergallery/filedomaincollection/150_fogruzkunwk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"pawsopm.webd.pl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052317/; classtype:trojan-activity;sid:83915417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052316)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.234.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052316/; classtype:trojan-activity;sid:83915416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052315)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/2.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"coe.com.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052315/; classtype:trojan-activity;sid:83915415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052313)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.115.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052313/; classtype:trojan-activity;sid:83915413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052314)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052314/; classtype:trojan-activity;sid:83915414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.89.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052311/; classtype:trojan-activity;sid:83915411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.208.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052312/; classtype:trojan-activity;sid:83915412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.173.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052310/; classtype:trojan-activity;sid:83915410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.87.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052309/; classtype:trojan-activity;sid:83915409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.197.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052308/; classtype:trojan-activity;sid:83915408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.190.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052306/; classtype:trojan-activity;sid:83915406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.48.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052307/; classtype:trojan-activity;sid:83915407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.151.157.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052305/; classtype:trojan-activity;sid:83915405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.67.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052304/; classtype:trojan-activity;sid:83915404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052303)"; flow:established,from_client; content:"GET"; http_method; content:"/aaxmiwemjgf3.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"212.162.149.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052303/; classtype:trojan-activity;sid:83915403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.116.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052302/; classtype:trojan-activity;sid:83915402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.155.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052301/; classtype:trojan-activity;sid:83915401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.5.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052300/; classtype:trojan-activity;sid:83915400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.107.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052299/; classtype:trojan-activity;sid:83915399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052298)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.189.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052298/; classtype:trojan-activity;sid:83915398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052296)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.42.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052296/; classtype:trojan-activity;sid:83915396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052297)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.166.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052297/; classtype:trojan-activity;sid:83915397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.6.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052295/; classtype:trojan-activity;sid:83915395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.57.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052294/; classtype:trojan-activity;sid:83915394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052293)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.173.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052293/; classtype:trojan-activity;sid:83915393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.152.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052292/; classtype:trojan-activity;sid:83915392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.82.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052291/; classtype:trojan-activity;sid:83915391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.179.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052290/; classtype:trojan-activity;sid:83915390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.58.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052289/; classtype:trojan-activity;sid:83915389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.67.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052288/; classtype:trojan-activity;sid:83915388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.190.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052287/; classtype:trojan-activity;sid:83915387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.55.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052286/; classtype:trojan-activity;sid:83915386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052285)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.95.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052285/; classtype:trojan-activity;sid:83915385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.119.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052284/; classtype:trojan-activity;sid:83915384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052283)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.215.249.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052283/; classtype:trojan-activity;sid:83915383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052282)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.218.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052282/; classtype:trojan-activity;sid:83915382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052281)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.117.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052281/; classtype:trojan-activity;sid:83915381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.202.88.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052280/; classtype:trojan-activity;sid:83915380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.206.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052279/; classtype:trojan-activity;sid:83915379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.203.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052278/; classtype:trojan-activity;sid:83915378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.151.157.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052277/; classtype:trojan-activity;sid:83915377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.238.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052276/; classtype:trojan-activity;sid:83915376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.116.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052275/; classtype:trojan-activity;sid:83915375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.218.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052274/; classtype:trojan-activity;sid:83915374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.82.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052273/; classtype:trojan-activity;sid:83915373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.227.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052272/; classtype:trojan-activity;sid:83915372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.58.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052271/; classtype:trojan-activity;sid:83915371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.152.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052270/; classtype:trojan-activity;sid:83915370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.102.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052269/; classtype:trojan-activity;sid:83915369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052268)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.87.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052268/; classtype:trojan-activity;sid:83915368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.81.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052267/; classtype:trojan-activity;sid:83915367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052266)"; flow:established,from_client; content:"GET"; http_method; content:"/95095/tnb/hc.hc.hc.hc.hchchchch.doc"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"103.161.133.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052266/; classtype:trojan-activity;sid:83915366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.135.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052265/; classtype:trojan-activity;sid:83915365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.55.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052264/; classtype:trojan-activity;sid:83915364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.156.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052263/; classtype:trojan-activity;sid:83915363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.154.251.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052261/; classtype:trojan-activity;sid:83915361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.113.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052262/; classtype:trojan-activity;sid:83915362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.83.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052260/; classtype:trojan-activity;sid:83915360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052259)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ctlr.partners.gloriadeicr.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052259/; classtype:trojan-activity;sid:83915359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052258)"; flow:established,from_client; content:"GET"; http_method; content:"/~lrxwrjig/invoice/let.php"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cp4-lax1.ultahosts.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052258/; classtype:trojan-activity;sid:83915358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052257)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/2.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"coe.com.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052257/; classtype:trojan-activity;sid:83915357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052256)"; flow:established,from_client; content:"GET"; http_method; content:"/prog/669a08aa861a2_filemanager.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"79.137.192.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052256/; classtype:trojan-activity;sid:83915356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.209.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052255/; classtype:trojan-activity;sid:83915355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.116.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052254/; classtype:trojan-activity;sid:83915354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052253)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.203.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052253/; classtype:trojan-activity;sid:83915353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.112.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052252/; classtype:trojan-activity;sid:83915352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.93.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052251/; classtype:trojan-activity;sid:83915351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.18.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052248/; classtype:trojan-activity;sid:83915348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.95.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052249/; classtype:trojan-activity;sid:83915349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.119.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052250/; classtype:trojan-activity;sid:83915350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052247)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.79.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052247/; classtype:trojan-activity;sid:83915347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052246)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.240.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052246/; classtype:trojan-activity;sid:83915346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052245)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.7.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052245/; classtype:trojan-activity;sid:83915345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052244)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.60.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052244/; classtype:trojan-activity;sid:83915344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.172.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052243/; classtype:trojan-activity;sid:83915343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.183.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052242/; classtype:trojan-activity;sid:83915342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.5.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052241/; classtype:trojan-activity;sid:83915341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.239.77.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052240/; classtype:trojan-activity;sid:83915340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.124.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052239/; classtype:trojan-activity;sid:83915339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.208.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052238/; classtype:trojan-activity;sid:83915338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.237.40.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052237/; classtype:trojan-activity;sid:83915337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052235)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"108.181.0.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052235/; classtype:trojan-activity;sid:83915335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052236)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"108.181.0.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052236/; classtype:trojan-activity;sid:83915336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052230)"; flow:established,from_client; content:"GET"; http_method; content:"/m540vl.7z"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"litter.catbox.moe"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052230/; classtype:trojan-activity;sid:83915330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052231)"; flow:established,from_client; content:"GET"; http_method; content:"/54icqu.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"litter.catbox.moe"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052231/; classtype:trojan-activity;sid:83915331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052232)"; flow:established,from_client; content:"GET"; http_method; content:"/0ldn9i.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"litter.catbox.moe"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052232/; classtype:trojan-activity;sid:83915332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.202.88.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052233/; classtype:trojan-activity;sid:83915333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052234)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"194.59.30.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052234/; classtype:trojan-activity;sid:83915334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052229)"; flow:established,from_client; content:"GET"; http_method; content:"/x83ivt.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"litter.catbox.moe"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052229/; classtype:trojan-activity;sid:83915329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.243.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052228/; classtype:trojan-activity;sid:83915328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.158.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052227/; classtype:trojan-activity;sid:83915327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052226)"; flow:established,from_client; content:"GET"; http_method; content:"/w1/x.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"contadorweb.pro"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052226/; classtype:trojan-activity;sid:83915326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052225)"; flow:established,from_client; content:"GET"; http_method; content:"/media/favicon/default/dr/sorrisadr.png"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"134.147.31.34.bc.googleusercontent.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052225/; classtype:trojan-activity;sid:83915325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052224)"; flow:established,from_client; content:"GET"; http_method; content:"/18.zip"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.246.138.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052224/; classtype:trojan-activity;sid:83915324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052222)"; flow:established,from_client; content:"GET"; http_method; content:"/xx/milieuskadeligst.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"se.elof7.za.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052222/; classtype:trojan-activity;sid:83915322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052223)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/1260000575081156649/1262766114727919626/worldwars.rar|3f|ex=66991b96|7c|26|7c|is=6697ca16|7c|26|7c|hm=5f8ecc6473145fcd63d2914320ef0e788000b853c4759955648666ef58f0822d|7c|26|7c|"; http_uri; depth:189; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052223/; classtype:trojan-activity;sid:83915323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.114.84.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052221/; classtype:trojan-activity;sid:83915321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.81.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052220/; classtype:trojan-activity;sid:83915320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.55.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052219/; classtype:trojan-activity;sid:83915319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.195.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052218/; classtype:trojan-activity;sid:83915318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052217)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.95.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052217/; classtype:trojan-activity;sid:83915317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052216)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.33.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052216/; classtype:trojan-activity;sid:83915316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.113.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052214/; classtype:trojan-activity;sid:83915314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052215)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.192.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052215/; classtype:trojan-activity;sid:83915315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.156.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052213/; classtype:trojan-activity;sid:83915313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.150.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052212/; classtype:trojan-activity;sid:83915312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.95.44.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052211/; classtype:trojan-activity;sid:83915311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052210)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.186.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052210/; classtype:trojan-activity;sid:83915310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.33.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052209/; classtype:trojan-activity;sid:83915309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.98.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052208/; classtype:trojan-activity;sid:83915308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.83.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052207/; classtype:trojan-activity;sid:83915307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.117.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052205/; classtype:trojan-activity;sid:83915305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.209.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052206/; classtype:trojan-activity;sid:83915306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.116.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052204/; classtype:trojan-activity;sid:83915304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.238.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052203/; classtype:trojan-activity;sid:83915303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052202)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.157.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052202/; classtype:trojan-activity;sid:83915302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.172.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052200/; classtype:trojan-activity;sid:83915300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052201)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.216.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052201/; classtype:trojan-activity;sid:83915301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052199)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.221.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052199/; classtype:trojan-activity;sid:83915299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.112.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052198/; classtype:trojan-activity;sid:83915298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.19.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052197/; classtype:trojan-activity;sid:83915297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.93.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052195/; classtype:trojan-activity;sid:83915295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.167.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052196/; classtype:trojan-activity;sid:83915296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.239.77.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052194/; classtype:trojan-activity;sid:83915294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.93.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052193/; classtype:trojan-activity;sid:83915293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.209.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052192/; classtype:trojan-activity;sid:83915292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052188)"; flow:established,from_client; content:"GET"; http_method; content:"/8405906461a5200c/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"85.28.47.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052188/; classtype:trojan-activity;sid:83915288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052189)"; flow:established,from_client; content:"GET"; http_method; content:"/8405906461a5200c/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"85.28.47.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052189/; classtype:trojan-activity;sid:83915289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052190)"; flow:established,from_client; content:"GET"; http_method; content:"/8405906461a5200c/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"85.28.47.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052190/; classtype:trojan-activity;sid:83915290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052191)"; flow:established,from_client; content:"GET"; http_method; content:"/8405906461a5200c/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"85.28.47.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052191/; classtype:trojan-activity;sid:83915291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052185)"; flow:established,from_client; content:"GET"; http_method; content:"/8405906461a5200c/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"85.28.47.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052185/; classtype:trojan-activity;sid:83915285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052186)"; flow:established,from_client; content:"GET"; http_method; content:"/8405906461a5200c/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"85.28.47.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052186/; classtype:trojan-activity;sid:83915286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052187)"; flow:established,from_client; content:"GET"; http_method; content:"/8405906461a5200c/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"85.28.47.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052187/; classtype:trojan-activity;sid:83915287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.155.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052183/; classtype:trojan-activity;sid:83915283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.98.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052184/; classtype:trojan-activity;sid:83915284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052182)"; flow:established,from_client; content:"GET"; http_method; content:"/newwork.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"79.137.192.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052182/; classtype:trojan-activity;sid:83915282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.28.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052181/; classtype:trojan-activity;sid:83915281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052180)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.27.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052180/; classtype:trojan-activity;sid:83915280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.5.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052179/; classtype:trojan-activity;sid:83915279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.45.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052178/; classtype:trojan-activity;sid:83915278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.44.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052177/; classtype:trojan-activity;sid:83915277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052176)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.26.200"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052176/; classtype:trojan-activity;sid:83915276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.148.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052175/; classtype:trojan-activity;sid:83915275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052174)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.34.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052174/; classtype:trojan-activity;sid:83915274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052173)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.40.86.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052173/; classtype:trojan-activity;sid:83915273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052172)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.39.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052172/; classtype:trojan-activity;sid:83915272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052171)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.139.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052171/; classtype:trojan-activity;sid:83915271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052170)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052170/; classtype:trojan-activity;sid:83915270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.129.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052168/; classtype:trojan-activity;sid:83915268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.18.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052169/; classtype:trojan-activity;sid:83915269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.3.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052167/; classtype:trojan-activity;sid:83915267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.37.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052166/; classtype:trojan-activity;sid:83915266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052165)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.72.6.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052165/; classtype:trojan-activity;sid:83915265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.95.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052162/; classtype:trojan-activity;sid:83915262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.156.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052163/; classtype:trojan-activity;sid:83915263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.154.251.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052164/; classtype:trojan-activity;sid:83915264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.139.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052161/; classtype:trojan-activity;sid:83915261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.226.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052159/; classtype:trojan-activity;sid:83915259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.32.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052160/; classtype:trojan-activity;sid:83915260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.114.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052158/; classtype:trojan-activity;sid:83915258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.202.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052157/; classtype:trojan-activity;sid:83915257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.81.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052156/; classtype:trojan-activity;sid:83915256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.148.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052155/; classtype:trojan-activity;sid:83915255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.193.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052153/; classtype:trojan-activity;sid:83915253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.133.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052154/; classtype:trojan-activity;sid:83915254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.70.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052152/; classtype:trojan-activity;sid:83915252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.79.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052151/; classtype:trojan-activity;sid:83915251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.215.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052150/; classtype:trojan-activity;sid:83915250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.167.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052149/; classtype:trojan-activity;sid:83915249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052148)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.82.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052148/; classtype:trojan-activity;sid:83915248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052147)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.93.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052147/; classtype:trojan-activity;sid:83915247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.131.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052146/; classtype:trojan-activity;sid:83915246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.132.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052145/; classtype:trojan-activity;sid:83915245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.184.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052144/; classtype:trojan-activity;sid:83915244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.209.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052142/; classtype:trojan-activity;sid:83915242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.213.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052143/; classtype:trojan-activity;sid:83915243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.235.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052141/; classtype:trojan-activity;sid:83915241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.27.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052140/; classtype:trojan-activity;sid:83915240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.207.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052139/; classtype:trojan-activity;sid:83915239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.25.240.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052138/; classtype:trojan-activity;sid:83915238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.36.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052136/; classtype:trojan-activity;sid:83915236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.66.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052137/; classtype:trojan-activity;sid:83915237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.221.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052135/; classtype:trojan-activity;sid:83915235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.45.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052134/; classtype:trojan-activity;sid:83915234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.61.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052133/; classtype:trojan-activity;sid:83915233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.243.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052132/; classtype:trojan-activity;sid:83915232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.95.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052131/; classtype:trojan-activity;sid:83915231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052130)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.209.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052130/; classtype:trojan-activity;sid:83915230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052129)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.0.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052129/; classtype:trojan-activity;sid:83915229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052128)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.205.231.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052128/; classtype:trojan-activity;sid:83915228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.56.183.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052127/; classtype:trojan-activity;sid:83915227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.251.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052126/; classtype:trojan-activity;sid:83915226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.156.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052125/; classtype:trojan-activity;sid:83915225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.19.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052124/; classtype:trojan-activity;sid:83915224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.168.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052122/; classtype:trojan-activity;sid:83915222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.138.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052123/; classtype:trojan-activity;sid:83915223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.139.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052121/; classtype:trojan-activity;sid:83915221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052115)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.59.248.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052115/; classtype:trojan-activity;sid:83915215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052116)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5.59.248.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052116/; classtype:trojan-activity;sid:83915216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052117)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.59.248.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052117/; classtype:trojan-activity;sid:83915217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052118)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.59.248.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052118/; classtype:trojan-activity;sid:83915218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052119)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c.spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5.59.248.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052119/; classtype:trojan-activity;sid:83915219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052120)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.59.248.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052120/; classtype:trojan-activity;sid:83915220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.193.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052114/; classtype:trojan-activity;sid:83915214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052113)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5.59.248.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052113/; classtype:trojan-activity;sid:83915213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052112/; classtype:trojan-activity;sid:83915212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.70.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052111/; classtype:trojan-activity;sid:83915211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.133.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052110/; classtype:trojan-activity;sid:83915210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.56.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052109/; classtype:trojan-activity;sid:83915209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.118.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052108/; classtype:trojan-activity;sid:83915208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.131.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052107/; classtype:trojan-activity;sid:83915207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.79.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052105/; classtype:trojan-activity;sid:83915205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.209.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052106/; classtype:trojan-activity;sid:83915206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.74.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052104/; classtype:trojan-activity;sid:83915204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052102)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.254.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052102/; classtype:trojan-activity;sid:83915202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052103)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.14.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052103/; classtype:trojan-activity;sid:83915203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.59.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052101/; classtype:trojan-activity;sid:83915201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.93.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052100/; classtype:trojan-activity;sid:83915200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.133.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052099/; classtype:trojan-activity;sid:83915199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.0.230"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052098/; classtype:trojan-activity;sid:83915198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.56.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052097/; classtype:trojan-activity;sid:83915197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.36.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052096/; classtype:trojan-activity;sid:83915196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.66.68.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052095/; classtype:trojan-activity;sid:83915195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.235.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052093/; classtype:trojan-activity;sid:83915193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.4.183"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052094/; classtype:trojan-activity;sid:83915194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052092/; classtype:trojan-activity;sid:83915192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.145.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052091/; classtype:trojan-activity;sid:83915191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.215.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052090/; classtype:trojan-activity;sid:83915190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.251.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052089/; classtype:trojan-activity;sid:83915189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.16.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052087/; classtype:trojan-activity;sid:83915187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.92.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052088/; classtype:trojan-activity;sid:83915188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052085)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.56.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052085/; classtype:trojan-activity;sid:83915185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.191.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052086/; classtype:trojan-activity;sid:83915186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.41.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052084/; classtype:trojan-activity;sid:83915184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.64.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052083/; classtype:trojan-activity;sid:83915183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.176.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052082/; classtype:trojan-activity;sid:83915182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.254.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052081/; classtype:trojan-activity;sid:83915181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.118.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052079/; classtype:trojan-activity;sid:83915179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052080)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.133.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052080/; classtype:trojan-activity;sid:83915180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.56.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052078/; classtype:trojan-activity;sid:83915178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.60.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052077/; classtype:trojan-activity;sid:83915177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052076)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.45.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052076/; classtype:trojan-activity;sid:83915176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.39.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052075/; classtype:trojan-activity;sid:83915175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.74.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052074/; classtype:trojan-activity;sid:83915174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.71.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052073/; classtype:trojan-activity;sid:83915173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.101.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052072/; classtype:trojan-activity;sid:83915172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052071)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.90.163"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052071/; classtype:trojan-activity;sid:83915171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052070)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.2.23"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052070/; classtype:trojan-activity;sid:83915170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052069)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.104.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052069/; classtype:trojan-activity;sid:83915169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052068)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.48.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052068/; classtype:trojan-activity;sid:83915168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.157.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052067/; classtype:trojan-activity;sid:83915167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052064)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.143.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052064/; classtype:trojan-activity;sid:83915164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.59.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052065/; classtype:trojan-activity;sid:83915165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052066)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.0.230"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052066/; classtype:trojan-activity;sid:83915166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052063)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.65.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052063/; classtype:trojan-activity;sid:83915163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.163.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052062/; classtype:trojan-activity;sid:83915162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.145.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052061/; classtype:trojan-activity;sid:83915161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052060)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.209.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052060/; classtype:trojan-activity;sid:83915160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.167.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052059/; classtype:trojan-activity;sid:83915159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.235.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052058/; classtype:trojan-activity;sid:83915158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.6.211.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052057/; classtype:trojan-activity;sid:83915157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.13.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052055/; classtype:trojan-activity;sid:83915155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.187.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052056/; classtype:trojan-activity;sid:83915156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.4.183"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052054/; classtype:trojan-activity;sid:83915154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.191.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052053/; classtype:trojan-activity;sid:83915153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.171.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052052/; classtype:trojan-activity;sid:83915152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.60.227.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052051/; classtype:trojan-activity;sid:83915151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.104.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052050/; classtype:trojan-activity;sid:83915150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.143.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052049/; classtype:trojan-activity;sid:83915149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.200.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052048/; classtype:trojan-activity;sid:83915148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.254.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052047/; classtype:trojan-activity;sid:83915147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052046)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.145.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052046/; classtype:trojan-activity;sid:83915146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052045)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.239.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052045/; classtype:trojan-activity;sid:83915145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052044)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.66.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052044/; classtype:trojan-activity;sid:83915144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052043)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.76.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052043/; classtype:trojan-activity;sid:83915143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.41.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052042/; classtype:trojan-activity;sid:83915142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.158.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052041/; classtype:trojan-activity;sid:83915141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.168.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052040/; classtype:trojan-activity;sid:83915140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.87.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052039/; classtype:trojan-activity;sid:83915139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.16.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052038/; classtype:trojan-activity;sid:83915138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.219.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052036/; classtype:trojan-activity;sid:83915136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.95.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052037/; classtype:trojan-activity;sid:83915137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.94.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052035/; classtype:trojan-activity;sid:83915135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.178.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052034/; classtype:trojan-activity;sid:83915134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.249.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052033/; classtype:trojan-activity;sid:83915133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.127.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052032/; classtype:trojan-activity;sid:83915132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.56.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052031/; classtype:trojan-activity;sid:83915131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.162.215.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052028/; classtype:trojan-activity;sid:83915128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.79.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052029/; classtype:trojan-activity;sid:83915129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.143.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052030/; classtype:trojan-activity;sid:83915130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.45.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052027/; classtype:trojan-activity;sid:83915127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.39.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052026/; classtype:trojan-activity;sid:83915126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.114.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052025/; classtype:trojan-activity;sid:83915125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.101.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052024/; classtype:trojan-activity;sid:83915124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.90.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052023/; classtype:trojan-activity;sid:83915123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.14.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052022/; classtype:trojan-activity;sid:83915122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052021)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.114.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052021/; classtype:trojan-activity;sid:83915121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.163.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052020/; classtype:trojan-activity;sid:83915120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052019)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.34.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052019/; classtype:trojan-activity;sid:83915119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.167.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052018/; classtype:trojan-activity;sid:83915118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.186.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052017/; classtype:trojan-activity;sid:83915117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.57.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052016/; classtype:trojan-activity;sid:83915116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.60.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052015/; classtype:trojan-activity;sid:83915115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.54.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052014/; classtype:trojan-activity;sid:83915114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.235.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052013/; classtype:trojan-activity;sid:83915113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.101.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052012/; classtype:trojan-activity;sid:83915112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.6.211.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052011/; classtype:trojan-activity;sid:83915111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052010)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.200.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052010/; classtype:trojan-activity;sid:83915110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052009)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.126.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052009/; classtype:trojan-activity;sid:83915109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.187.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052008/; classtype:trojan-activity;sid:83915108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.214.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052007/; classtype:trojan-activity;sid:83915107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052006)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.79.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052006/; classtype:trojan-activity;sid:83915106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.219.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052005/; classtype:trojan-activity;sid:83915105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052004)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.185.140.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052004/; classtype:trojan-activity;sid:83915104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.0.60.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052003/; classtype:trojan-activity;sid:83915103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.212.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052002/; classtype:trojan-activity;sid:83915102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.215.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052001/; classtype:trojan-activity;sid:83915101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.195.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052000/; classtype:trojan-activity;sid:83915100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.95.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051999/; classtype:trojan-activity;sid:83915099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.54.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051998/; classtype:trojan-activity;sid:83915098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.178.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051997/; classtype:trojan-activity;sid:83915097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.90.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051996/; classtype:trojan-activity;sid:83915096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.154.117.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051995/; classtype:trojan-activity;sid:83915095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.114.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051994/; classtype:trojan-activity;sid:83915094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.178.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051993/; classtype:trojan-activity;sid:83915093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051991)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5.59.248.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051991/; classtype:trojan-activity;sid:83915091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.237.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051992/; classtype:trojan-activity;sid:83915092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.247.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051990/; classtype:trojan-activity;sid:83915090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051988)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.71.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051988/; classtype:trojan-activity;sid:83915088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.89.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051989/; classtype:trojan-activity;sid:83915089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.101.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051987/; classtype:trojan-activity;sid:83915087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.22.217.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051986/; classtype:trojan-activity;sid:83915086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051984)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.117.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051984/; classtype:trojan-activity;sid:83915084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051985)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.36.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051985/; classtype:trojan-activity;sid:83915085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.104.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051983/; classtype:trojan-activity;sid:83915083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.64.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051982/; classtype:trojan-activity;sid:83915082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.155.223.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051980/; classtype:trojan-activity;sid:83915080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.119.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051981/; classtype:trojan-activity;sid:83915081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.160.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051979/; classtype:trojan-activity;sid:83915079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.211.137.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051978/; classtype:trojan-activity;sid:83915078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.68.130.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051977/; classtype:trojan-activity;sid:83915077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051976)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.214.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051976/; classtype:trojan-activity;sid:83915076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.89.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051975/; classtype:trojan-activity;sid:83915075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.222.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051974/; classtype:trojan-activity;sid:83915074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.151.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051973/; classtype:trojan-activity;sid:83915073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.215.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051972/; classtype:trojan-activity;sid:83915072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.47.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051971/; classtype:trojan-activity;sid:83915071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.0.60.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051970/; classtype:trojan-activity;sid:83915070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.209.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051969/; classtype:trojan-activity;sid:83915069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051966)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.119.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051966/; classtype:trojan-activity;sid:83915066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.11.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051967/; classtype:trojan-activity;sid:83915067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051968)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.108.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051968/; classtype:trojan-activity;sid:83915068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.124.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051965/; classtype:trojan-activity;sid:83915065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.255.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051964/; classtype:trojan-activity;sid:83915064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.71.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051962/; classtype:trojan-activity;sid:83915062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.19.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051963/; classtype:trojan-activity;sid:83915063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.90.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051961/; classtype:trojan-activity;sid:83915061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.237.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051960/; classtype:trojan-activity;sid:83915060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.195.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051959/; classtype:trojan-activity;sid:83915059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.114.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051958/; classtype:trojan-activity;sid:83915058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.229.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051957/; classtype:trojan-activity;sid:83915057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.56.126.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051955/; classtype:trojan-activity;sid:83915055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.117.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051956/; classtype:trojan-activity;sid:83915056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.247.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051954/; classtype:trojan-activity;sid:83915054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.84.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051953/; classtype:trojan-activity;sid:83915053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.248.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051952/; classtype:trojan-activity;sid:83915052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.61.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051951/; classtype:trojan-activity;sid:83915051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.21.174.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051950/; classtype:trojan-activity;sid:83915050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.24.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051949/; classtype:trojan-activity;sid:83915049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.148.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051948/; classtype:trojan-activity;sid:83915048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.119.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051947/; classtype:trojan-activity;sid:83915047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.68.130.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051946/; classtype:trojan-activity;sid:83915046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.87.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051945/; classtype:trojan-activity;sid:83915045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.155.223.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051944/; classtype:trojan-activity;sid:83915044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.35.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051943/; classtype:trojan-activity;sid:83915043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.95.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051942/; classtype:trojan-activity;sid:83915042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.137.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051941/; classtype:trojan-activity;sid:83915041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051940)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.160.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051940/; classtype:trojan-activity;sid:83915040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.174.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051939/; classtype:trojan-activity;sid:83915039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.135.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051938/; classtype:trojan-activity;sid:83915038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.21.174.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051937/; classtype:trojan-activity;sid:83915037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.195.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051936/; classtype:trojan-activity;sid:83915036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.112.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051935/; classtype:trojan-activity;sid:83915035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.209.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051933/; classtype:trojan-activity;sid:83915033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.60.251.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051934/; classtype:trojan-activity;sid:83915034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051931)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.26.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051931/; classtype:trojan-activity;sid:83915031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051932)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.149.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051932/; classtype:trojan-activity;sid:83915032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051930)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.16.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051930/; classtype:trojan-activity;sid:83915030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051929)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.176.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051929/; classtype:trojan-activity;sid:83915029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051928)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.118.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051928/; classtype:trojan-activity;sid:83915028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.103.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051927/; classtype:trojan-activity;sid:83915027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051926)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.226.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051926/; classtype:trojan-activity;sid:83915026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051925)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.241.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051925/; classtype:trojan-activity;sid:83915025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.143.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051924/; classtype:trojan-activity;sid:83915024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.74.226.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051923/; classtype:trojan-activity;sid:83915023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.249.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051922/; classtype:trojan-activity;sid:83915022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051921)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.242.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051921/; classtype:trojan-activity;sid:83915021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051920)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.247.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051920/; classtype:trojan-activity;sid:83915020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.186.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051919/; classtype:trojan-activity;sid:83915019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051917)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.228.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051917/; classtype:trojan-activity;sid:83915017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.110.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051918/; classtype:trojan-activity;sid:83915018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.116.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051915/; classtype:trojan-activity;sid:83915015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.19.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051916/; classtype:trojan-activity;sid:83915016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.56.126.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051914/; classtype:trojan-activity;sid:83915014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.123.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051913/; classtype:trojan-activity;sid:83915013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.100.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051912/; classtype:trojan-activity;sid:83915012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.117.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051911/; classtype:trojan-activity;sid:83915011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.147.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051910/; classtype:trojan-activity;sid:83915010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.61.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051909/; classtype:trojan-activity;sid:83915009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051908)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.193.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051908/; classtype:trojan-activity;sid:83915008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051906/; classtype:trojan-activity;sid:83915006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.148.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051907/; classtype:trojan-activity;sid:83915007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.233.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051904/; classtype:trojan-activity;sid:83915004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.140.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051905/; classtype:trojan-activity;sid:83915005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.47.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051903/; classtype:trojan-activity;sid:83915003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.124.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051902/; classtype:trojan-activity;sid:83915002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.55.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051901/; classtype:trojan-activity;sid:83915001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.29.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051899/; classtype:trojan-activity;sid:83914999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051900)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.43.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051900/; classtype:trojan-activity;sid:83915000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.131.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051898/; classtype:trojan-activity;sid:83914998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051897)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.69.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051897/; classtype:trojan-activity;sid:83914997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051896)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.149.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051896/; classtype:trojan-activity;sid:83914996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051895)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.134.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051895/; classtype:trojan-activity;sid:83914995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.25.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051894/; classtype:trojan-activity;sid:83914994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.190.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051892/; classtype:trojan-activity;sid:83914992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.249.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051893/; classtype:trojan-activity;sid:83914993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.23.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051891/; classtype:trojan-activity;sid:83914991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.9.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051890/; classtype:trojan-activity;sid:83914990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.174.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051889/; classtype:trojan-activity;sid:83914989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.70.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051888/; classtype:trojan-activity;sid:83914988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.231.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051887/; classtype:trojan-activity;sid:83914987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.135.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051886/; classtype:trojan-activity;sid:83914986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.193.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051885/; classtype:trojan-activity;sid:83914985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.127.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051884/; classtype:trojan-activity;sid:83914984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.209.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051883/; classtype:trojan-activity;sid:83914983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.35.164.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051882/; classtype:trojan-activity;sid:83914982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.95.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051881/; classtype:trojan-activity;sid:83914981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.159.84.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051880/; classtype:trojan-activity;sid:83914980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.185.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051879/; classtype:trojan-activity;sid:83914979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.157.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051878/; classtype:trojan-activity;sid:83914978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.143.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051876/; classtype:trojan-activity;sid:83914976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.191.82.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051877/; classtype:trojan-activity;sid:83914977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.235.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051875/; classtype:trojan-activity;sid:83914975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.150.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051874/; classtype:trojan-activity;sid:83914974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051872)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.100.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051872/; classtype:trojan-activity;sid:83914972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051873)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.163.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051873/; classtype:trojan-activity;sid:83914973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.93.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051871/; classtype:trojan-activity;sid:83914971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.27.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051870/; classtype:trojan-activity;sid:83914970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.123.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051869/; classtype:trojan-activity;sid:83914969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.112.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051864/; classtype:trojan-activity;sid:83914964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.126.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051865/; classtype:trojan-activity;sid:83914965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.147.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051866/; classtype:trojan-activity;sid:83914966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.186.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051867/; classtype:trojan-activity;sid:83914967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.177.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051868/; classtype:trojan-activity;sid:83914968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.12.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051863/; classtype:trojan-activity;sid:83914963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.171.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051862/; classtype:trojan-activity;sid:83914962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.233.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051861/; classtype:trojan-activity;sid:83914961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.231.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051860/; classtype:trojan-activity;sid:83914960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.55.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051859/; classtype:trojan-activity;sid:83914959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.249.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051858/; classtype:trojan-activity;sid:83914958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.25.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051857/; classtype:trojan-activity;sid:83914957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.23.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051856/; classtype:trojan-activity;sid:83914956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.37.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051854/; classtype:trojan-activity;sid:83914954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.39.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051855/; classtype:trojan-activity;sid:83914955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051853)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.196.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051853/; classtype:trojan-activity;sid:83914953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.35.164.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051852/; classtype:trojan-activity;sid:83914952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.196.118.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051851/; classtype:trojan-activity;sid:83914951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.127.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051850/; classtype:trojan-activity;sid:83914950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.9.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051849/; classtype:trojan-activity;sid:83914949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.193.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051848/; classtype:trojan-activity;sid:83914948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.159.84.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051847/; classtype:trojan-activity;sid:83914947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.156.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051846/; classtype:trojan-activity;sid:83914946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.150.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051845/; classtype:trojan-activity;sid:83914945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.191.82.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051844/; classtype:trojan-activity;sid:83914944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.114.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051843/; classtype:trojan-activity;sid:83914943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051842)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.41.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051842/; classtype:trojan-activity;sid:83914942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.161.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051841/; classtype:trojan-activity;sid:83914941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051840)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.228.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051840/; classtype:trojan-activity;sid:83914940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.177.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051839/; classtype:trojan-activity;sid:83914939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.126.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051838/; classtype:trojan-activity;sid:83914938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.124.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051837/; classtype:trojan-activity;sid:83914937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.94.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051836/; classtype:trojan-activity;sid:83914936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.161.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051835/; classtype:trojan-activity;sid:83914935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.171.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051834/; classtype:trojan-activity;sid:83914934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.161.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051832/; classtype:trojan-activity;sid:83914932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.181.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051833/; classtype:trojan-activity;sid:83914933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.46.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051831/; classtype:trojan-activity;sid:83914931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051830)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.46.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051830/; classtype:trojan-activity;sid:83914930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.70.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051829/; classtype:trojan-activity;sid:83914929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.47.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051828/; classtype:trojan-activity;sid:83914928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.72.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051827/; classtype:trojan-activity;sid:83914927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.36.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051826/; classtype:trojan-activity;sid:83914926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.64.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051825/; classtype:trojan-activity;sid:83914925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.88.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051822/; classtype:trojan-activity;sid:83914922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051823)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.88.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051823/; classtype:trojan-activity;sid:83914923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.125.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051824/; classtype:trojan-activity;sid:83914924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.6.144.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051821/; classtype:trojan-activity;sid:83914921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.147.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051820/; classtype:trojan-activity;sid:83914920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051819)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.202.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051819/; classtype:trojan-activity;sid:83914919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.47.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051818/; classtype:trojan-activity;sid:83914918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.19.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051817/; classtype:trojan-activity;sid:83914917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.113.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051816/; classtype:trojan-activity;sid:83914916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051815)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.113.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051815/; classtype:trojan-activity;sid:83914915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.206.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051814/; classtype:trojan-activity;sid:83914914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.136.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051813/; classtype:trojan-activity;sid:83914913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.114.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051812/; classtype:trojan-activity;sid:83914912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.190.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051811/; classtype:trojan-activity;sid:83914911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.94.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051810/; classtype:trojan-activity;sid:83914910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.17.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051809/; classtype:trojan-activity;sid:83914909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051808)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.117.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051808/; classtype:trojan-activity;sid:83914908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.206.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051807/; classtype:trojan-activity;sid:83914907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.179.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051806/; classtype:trojan-activity;sid:83914906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.124.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051805/; classtype:trojan-activity;sid:83914905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.88.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051804/; classtype:trojan-activity;sid:83914904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.37.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051803/; classtype:trojan-activity;sid:83914903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.47.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051800/; classtype:trojan-activity;sid:83914900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.181.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051801/; classtype:trojan-activity;sid:83914901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.161.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051802/; classtype:trojan-activity;sid:83914902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.105.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051798/; classtype:trojan-activity;sid:83914898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.48.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051799/; classtype:trojan-activity;sid:83914899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.5.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051797/; classtype:trojan-activity;sid:83914897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.125.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051796/; classtype:trojan-activity;sid:83914896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.139.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051795/; classtype:trojan-activity;sid:83914895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.183.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051794/; classtype:trojan-activity;sid:83914894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.144.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051793/; classtype:trojan-activity;sid:83914893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.125.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051792/; classtype:trojan-activity;sid:83914892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.246.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051791/; classtype:trojan-activity;sid:83914891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.139.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051790/; classtype:trojan-activity;sid:83914890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051789)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.123.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051789/; classtype:trojan-activity;sid:83914889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051788)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.69.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051788/; classtype:trojan-activity;sid:83914888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.196.118.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051787/; classtype:trojan-activity;sid:83914887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.206.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051786/; classtype:trojan-activity;sid:83914886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.113.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051785/; classtype:trojan-activity;sid:83914885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.93.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051784/; classtype:trojan-activity;sid:83914884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.19.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051783/; classtype:trojan-activity;sid:83914883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.59.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051782/; classtype:trojan-activity;sid:83914882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.41.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051781/; classtype:trojan-activity;sid:83914881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.44.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051780/; classtype:trojan-activity;sid:83914880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.144.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051779/; classtype:trojan-activity;sid:83914879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.233.0"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051778/; classtype:trojan-activity;sid:83914878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.37.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051777/; classtype:trojan-activity;sid:83914877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.133.136.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051776/; classtype:trojan-activity;sid:83914876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051775)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.87.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051775/; classtype:trojan-activity;sid:83914875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.179.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051773/; classtype:trojan-activity;sid:83914873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.248.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051774/; classtype:trojan-activity;sid:83914874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051771)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.47.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051771/; classtype:trojan-activity;sid:83914871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.7.189"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051772/; classtype:trojan-activity;sid:83914872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.249.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051770/; classtype:trojan-activity;sid:83914870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.135.221.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051769/; classtype:trojan-activity;sid:83914869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.45.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051768/; classtype:trojan-activity;sid:83914868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.55.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051765/; classtype:trojan-activity;sid:83914865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.175.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051766/; classtype:trojan-activity;sid:83914866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.171.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051767/; classtype:trojan-activity;sid:83914867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.94.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051764/; classtype:trojan-activity;sid:83914864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.206.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051763/; classtype:trojan-activity;sid:83914863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.99.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051762/; classtype:trojan-activity;sid:83914862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.178.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051761/; classtype:trojan-activity;sid:83914861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.133.136.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051760/; classtype:trojan-activity;sid:83914860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.105.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051759/; classtype:trojan-activity;sid:83914859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.139.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051758/; classtype:trojan-activity;sid:83914858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051757)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.145.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051757/; classtype:trojan-activity;sid:83914857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.199.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051755/; classtype:trojan-activity;sid:83914855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.254.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051756/; classtype:trojan-activity;sid:83914856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.29.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051754/; classtype:trojan-activity;sid:83914854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.117.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051753/; classtype:trojan-activity;sid:83914853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051752)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.138.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051752/; classtype:trojan-activity;sid:83914852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.88.90"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051751/; classtype:trojan-activity;sid:83914851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.111.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051750/; classtype:trojan-activity;sid:83914850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051749)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.117.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051749/; classtype:trojan-activity;sid:83914849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.173.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051747/; classtype:trojan-activity;sid:83914847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051748)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.12.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051748/; classtype:trojan-activity;sid:83914848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.32.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051746/; classtype:trojan-activity;sid:83914846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.121.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051745/; classtype:trojan-activity;sid:83914845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051744)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.119.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051744/; classtype:trojan-activity;sid:83914844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.41.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051743/; classtype:trojan-activity;sid:83914843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.223.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051742/; classtype:trojan-activity;sid:83914842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.240.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051741/; classtype:trojan-activity;sid:83914841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.121.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051740/; classtype:trojan-activity;sid:83914840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.233.0"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051739/; classtype:trojan-activity;sid:83914839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.206.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051738/; classtype:trojan-activity;sid:83914838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051737)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.32.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051737/; classtype:trojan-activity;sid:83914837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051736)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.217.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051736/; classtype:trojan-activity;sid:83914836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051735)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.193.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051735/; classtype:trojan-activity;sid:83914835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.254.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051733/; classtype:trojan-activity;sid:83914833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051734)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.162.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051734/; classtype:trojan-activity;sid:83914834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.41.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051732/; classtype:trojan-activity;sid:83914832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.205.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051731/; classtype:trojan-activity;sid:83914831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051730/; classtype:trojan-activity;sid:83914830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.95.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051729/; classtype:trojan-activity;sid:83914829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.155.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051728/; classtype:trojan-activity;sid:83914828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.52.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051727/; classtype:trojan-activity;sid:83914827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.29.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051726/; classtype:trojan-activity;sid:83914826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.159.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051725/; classtype:trojan-activity;sid:83914825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.192.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051724/; classtype:trojan-activity;sid:83914824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.29.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051723/; classtype:trojan-activity;sid:83914823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.117.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051721/; classtype:trojan-activity;sid:83914821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.83.235"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051722/; classtype:trojan-activity;sid:83914822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.26.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051720/; classtype:trojan-activity;sid:83914820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.32.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051719/; classtype:trojan-activity;sid:83914819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.128.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051718/; classtype:trojan-activity;sid:83914818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.111.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051717/; classtype:trojan-activity;sid:83914817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.179.181.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051716/; classtype:trojan-activity;sid:83914816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.161.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051715/; classtype:trojan-activity;sid:83914815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.73.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051714/; classtype:trojan-activity;sid:83914814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.9.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051713/; classtype:trojan-activity;sid:83914813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.223.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051712/; classtype:trojan-activity;sid:83914812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.213.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051711/; classtype:trojan-activity;sid:83914811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.254.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051710/; classtype:trojan-activity;sid:83914810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.41.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051709/; classtype:trojan-activity;sid:83914809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.55.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051708/; classtype:trojan-activity;sid:83914808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.155.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051707/; classtype:trojan-activity;sid:83914807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.83.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051706/; classtype:trojan-activity;sid:83914806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051705)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.115.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051705/; classtype:trojan-activity;sid:83914805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051704)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.54.92.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051704/; classtype:trojan-activity;sid:83914804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051703)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.5.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051703/; classtype:trojan-activity;sid:83914803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051702)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.113.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051702/; classtype:trojan-activity;sid:83914802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051701)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.236.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051701/; classtype:trojan-activity;sid:83914801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.165.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051700/; classtype:trojan-activity;sid:83914800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051699)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.29.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051699/; classtype:trojan-activity;sid:83914799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.52.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051698/; classtype:trojan-activity;sid:83914798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.159.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051697/; classtype:trojan-activity;sid:83914797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.96.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3051696/; classtype:trojan-activity;sid:83914796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.83.235"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051695/; classtype:trojan-activity;sid:83914795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.140.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051694/; classtype:trojan-activity;sid:83914794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051693)"; flow:established,from_client; content:"GET"; http_method; content:"/vre"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"vjplatavj25.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051693/; classtype:trojan-activity;sid:83914793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.10.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051692/; classtype:trojan-activity;sid:83914792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.213.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051691/; classtype:trojan-activity;sid:83914791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.85.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051689/; classtype:trojan-activity;sid:83914789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.9.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051690/; classtype:trojan-activity;sid:83914790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051688)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.40.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051688/; classtype:trojan-activity;sid:83914788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.45.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051686/; classtype:trojan-activity;sid:83914786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051687)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.86.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051687/; classtype:trojan-activity;sid:83914787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051684)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.14.57.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051684/; classtype:trojan-activity;sid:83914784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.214.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051685/; classtype:trojan-activity;sid:83914785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051683/; classtype:trojan-activity;sid:83914783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.187.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051682/; classtype:trojan-activity;sid:83914782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.254.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051681/; classtype:trojan-activity;sid:83914781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.94.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051680/; classtype:trojan-activity;sid:83914780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.3.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051678/; classtype:trojan-activity;sid:83914778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.165.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051679/; classtype:trojan-activity;sid:83914779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.85.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051677/; classtype:trojan-activity;sid:83914777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.83.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051676/; classtype:trojan-activity;sid:83914776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.140.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051675/; classtype:trojan-activity;sid:83914775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051674)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.215.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051674/; classtype:trojan-activity;sid:83914774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.218.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051673/; classtype:trojan-activity;sid:83914773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.114.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051672/; classtype:trojan-activity;sid:83914772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.86.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051671/; classtype:trojan-activity;sid:83914771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.171.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051670/; classtype:trojan-activity;sid:83914770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.172.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051669/; classtype:trojan-activity;sid:83914769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.71.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051667/; classtype:trojan-activity;sid:83914767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.173.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051668/; classtype:trojan-activity;sid:83914768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.196.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051666/; classtype:trojan-activity;sid:83914766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.77.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051665/; classtype:trojan-activity;sid:83914765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051664/; classtype:trojan-activity;sid:83914764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.227.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051663/; classtype:trojan-activity;sid:83914763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.149.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051662/; classtype:trojan-activity;sid:83914762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.1.23"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051661/; classtype:trojan-activity;sid:83914761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.147.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051659/; classtype:trojan-activity;sid:83914759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.100.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051660/; classtype:trojan-activity;sid:83914760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.179.181.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051658/; classtype:trojan-activity;sid:83914758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.114.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051657/; classtype:trojan-activity;sid:83914757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.45.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051655/; classtype:trojan-activity;sid:83914755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.174.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051656/; classtype:trojan-activity;sid:83914756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051654)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.255.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051654/; classtype:trojan-activity;sid:83914754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051653)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.162.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051653/; classtype:trojan-activity;sid:83914753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051652)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.54.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051652/; classtype:trojan-activity;sid:83914752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051651)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-plugins/do0ntworryx1.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"excelautomationsolutions.in"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051651/; classtype:trojan-activity;sid:83914751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051649/; classtype:trojan-activity;sid:83914749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.186.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051650/; classtype:trojan-activity;sid:83914750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051648)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/1.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"namphuctourist.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051648/; classtype:trojan-activity;sid:83914748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051647)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.198.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051647/; classtype:trojan-activity;sid:83914747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051645)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.94.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051645/; classtype:trojan-activity;sid:83914745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.93.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051646/; classtype:trojan-activity;sid:83914746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.3.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051644/; classtype:trojan-activity;sid:83914744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.173.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051643/; classtype:trojan-activity;sid:83914743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.191.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051642/; classtype:trojan-activity;sid:83914742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051641/; classtype:trojan-activity;sid:83914741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.208.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051640/; classtype:trojan-activity;sid:83914740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.210.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051639/; classtype:trojan-activity;sid:83914739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.77.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051638/; classtype:trojan-activity;sid:83914738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.196.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051637/; classtype:trojan-activity;sid:83914737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.145.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051636/; classtype:trojan-activity;sid:83914736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051635)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.0.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051635/; classtype:trojan-activity;sid:83914735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051634)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.21.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051634/; classtype:trojan-activity;sid:83914734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051633)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.185.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051633/; classtype:trojan-activity;sid:83914733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.106.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051632/; classtype:trojan-activity;sid:83914732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.91.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051631/; classtype:trojan-activity;sid:83914731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.71.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051630/; classtype:trojan-activity;sid:83914730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.86.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051629/; classtype:trojan-activity;sid:83914729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.147.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051628/; classtype:trojan-activity;sid:83914728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.221.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051627/; classtype:trojan-activity;sid:83914727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.248.102.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051626/; classtype:trojan-activity;sid:83914726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.41.30.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051625/; classtype:trojan-activity;sid:83914725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.235.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051624/; classtype:trojan-activity;sid:83914724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.122.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051623/; classtype:trojan-activity;sid:83914723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051622)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.227.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051622/; classtype:trojan-activity;sid:83914722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.106.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051621/; classtype:trojan-activity;sid:83914721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.144.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051620/; classtype:trojan-activity;sid:83914720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.210.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051619/; classtype:trojan-activity;sid:83914719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.109.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051618/; classtype:trojan-activity;sid:83914718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051617)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.99.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051617/; classtype:trojan-activity;sid:83914717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051616)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.0.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051616/; classtype:trojan-activity;sid:83914716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.191.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051615/; classtype:trojan-activity;sid:83914715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.105.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051614/; classtype:trojan-activity;sid:83914714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.186.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051613/; classtype:trojan-activity;sid:83914713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.239.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051612/; classtype:trojan-activity;sid:83914712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.187.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051611/; classtype:trojan-activity;sid:83914711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.145.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051610/; classtype:trojan-activity;sid:83914710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.91.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051608/; classtype:trojan-activity;sid:83914708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051609)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.186.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051609/; classtype:trojan-activity;sid:83914709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.44.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051607/; classtype:trojan-activity;sid:83914707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.215.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051606/; classtype:trojan-activity;sid:83914706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.164.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051604/; classtype:trojan-activity;sid:83914704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.150.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051605/; classtype:trojan-activity;sid:83914705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.158.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051603/; classtype:trojan-activity;sid:83914703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.210.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051602/; classtype:trojan-activity;sid:83914702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.41.30.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051600/; classtype:trojan-activity;sid:83914700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.193.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051601/; classtype:trojan-activity;sid:83914701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.221.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051599/; classtype:trojan-activity;sid:83914699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.125.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051598/; classtype:trojan-activity;sid:83914698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.123.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051597/; classtype:trojan-activity;sid:83914697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.210.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051596/; classtype:trojan-activity;sid:83914696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.5.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051595/; classtype:trojan-activity;sid:83914695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.142.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051594/; classtype:trojan-activity;sid:83914694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.90.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051593/; classtype:trojan-activity;sid:83914693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.215.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051592/; classtype:trojan-activity;sid:83914692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.221.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051591/; classtype:trojan-activity;sid:83914691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051590)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.165.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051590/; classtype:trojan-activity;sid:83914690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.233.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051589/; classtype:trojan-activity;sid:83914689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.34.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051588/; classtype:trojan-activity;sid:83914688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.239.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051587/; classtype:trojan-activity;sid:83914687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.18.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051586/; classtype:trojan-activity;sid:83914686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.164.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051585/; classtype:trojan-activity;sid:83914685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.37.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051584/; classtype:trojan-activity;sid:83914684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051583/; classtype:trojan-activity;sid:83914683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051582)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.194.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051582/; classtype:trojan-activity;sid:83914682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051581)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.178.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051581/; classtype:trojan-activity;sid:83914681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051580)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.124.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051580/; classtype:trojan-activity;sid:83914680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.85.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051579/; classtype:trojan-activity;sid:83914679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051578)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.133.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051578/; classtype:trojan-activity;sid:83914678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.86.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051577/; classtype:trojan-activity;sid:83914677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.158.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051576/; classtype:trojan-activity;sid:83914676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.251.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051575/; classtype:trojan-activity;sid:83914675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.193.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051574/; classtype:trojan-activity;sid:83914674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.99.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051573/; classtype:trojan-activity;sid:83914673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.143.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051572/; classtype:trojan-activity;sid:83914672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.61.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051571/; classtype:trojan-activity;sid:83914671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.251.165.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051570/; classtype:trojan-activity;sid:83914670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.123.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051569/; classtype:trojan-activity;sid:83914669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.110.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051568/; classtype:trojan-activity;sid:83914668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.225.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051567/; classtype:trojan-activity;sid:83914667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.172.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051566/; classtype:trojan-activity;sid:83914666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051565)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.157.144.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051565/; classtype:trojan-activity;sid:83914665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051563)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.55.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051563/; classtype:trojan-activity;sid:83914663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051564)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.7.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051564/; classtype:trojan-activity;sid:83914664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.221.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051562/; classtype:trojan-activity;sid:83914662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.67.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051561/; classtype:trojan-activity;sid:83914661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.18.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051560/; classtype:trojan-activity;sid:83914660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051559)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.199.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051559/; classtype:trojan-activity;sid:83914659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.127.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051557/; classtype:trojan-activity;sid:83914657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.235.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051558/; classtype:trojan-activity;sid:83914658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.236.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051556/; classtype:trojan-activity;sid:83914656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.233.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051555/; classtype:trojan-activity;sid:83914655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.122.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051554/; classtype:trojan-activity;sid:83914654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.128.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051553/; classtype:trojan-activity;sid:83914653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.150.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051551/; classtype:trojan-activity;sid:83914651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051552)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.241.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051552/; classtype:trojan-activity;sid:83914652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.57.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051549/; classtype:trojan-activity;sid:83914649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.143.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051550/; classtype:trojan-activity;sid:83914650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.225.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051548/; classtype:trojan-activity;sid:83914648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.99.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051547/; classtype:trojan-activity;sid:83914647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.66.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051546/; classtype:trojan-activity;sid:83914646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.220.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051545/; classtype:trojan-activity;sid:83914645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.61.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051544/; classtype:trojan-activity;sid:83914644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.236.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051543/; classtype:trojan-activity;sid:83914643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.122.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051542/; classtype:trojan-activity;sid:83914642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.183.60.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051541/; classtype:trojan-activity;sid:83914641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.110.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051540/; classtype:trojan-activity;sid:83914640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.76.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051539/; classtype:trojan-activity;sid:83914639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051538)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.252.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051538/; classtype:trojan-activity;sid:83914638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051537)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.45.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051537/; classtype:trojan-activity;sid:83914637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051536)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.164.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051536/; classtype:trojan-activity;sid:83914636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051535)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.34.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051535/; classtype:trojan-activity;sid:83914635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.199.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051534/; classtype:trojan-activity;sid:83914634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.67.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051533/; classtype:trojan-activity;sid:83914633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.95.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051531/; classtype:trojan-activity;sid:83914631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.9.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051532/; classtype:trojan-activity;sid:83914632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.128.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051530/; classtype:trojan-activity;sid:83914630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.80.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051529/; classtype:trojan-activity;sid:83914629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.147.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051528/; classtype:trojan-activity;sid:83914628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.86.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051527/; classtype:trojan-activity;sid:83914627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.57.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051526/; classtype:trojan-activity;sid:83914626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.167.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051525/; classtype:trojan-activity;sid:83914625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.220.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051524/; classtype:trojan-activity;sid:83914624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051523)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.204.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051523/; classtype:trojan-activity;sid:83914623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051522)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.6.106"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051522/; classtype:trojan-activity;sid:83914622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051521)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.160.191.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051521/; classtype:trojan-activity;sid:83914621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.246.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051520/; classtype:trojan-activity;sid:83914620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.172.190.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051519/; classtype:trojan-activity;sid:83914619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.123.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051518/; classtype:trojan-activity;sid:83914618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.178.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051517/; classtype:trojan-activity;sid:83914617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.76.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051516/; classtype:trojan-activity;sid:83914616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.107.27.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051515/; classtype:trojan-activity;sid:83914615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051514)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.101.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051514/; classtype:trojan-activity;sid:83914614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051512)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.60.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051512/; classtype:trojan-activity;sid:83914612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051513)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.55.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051513/; classtype:trojan-activity;sid:83914613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051511)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.107.27.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051511/; classtype:trojan-activity;sid:83914611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.9.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051510/; classtype:trojan-activity;sid:83914610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051509)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.122.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051509/; classtype:trojan-activity;sid:83914609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.129.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051508/; classtype:trojan-activity;sid:83914608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.86.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051507/; classtype:trojan-activity;sid:83914607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.200.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051505/; classtype:trojan-activity;sid:83914605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.201.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051506/; classtype:trojan-activity;sid:83914606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.183.60.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051504/; classtype:trojan-activity;sid:83914604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051503)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.88.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051503/; classtype:trojan-activity;sid:83914603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051502)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.207.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051502/; classtype:trojan-activity;sid:83914602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051501)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.66.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051501/; classtype:trojan-activity;sid:83914601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051499)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.118.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051499/; classtype:trojan-activity;sid:83914599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.95.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051500/; classtype:trojan-activity;sid:83914600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.68.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051498/; classtype:trojan-activity;sid:83914598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.123.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051497/; classtype:trojan-activity;sid:83914597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.65.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051496/; classtype:trojan-activity;sid:83914596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.75.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051495/; classtype:trojan-activity;sid:83914595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.43.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051494/; classtype:trojan-activity;sid:83914594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.6.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051493/; classtype:trojan-activity;sid:83914593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.16.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051492/; classtype:trojan-activity;sid:83914592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.47.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051491/; classtype:trojan-activity;sid:83914591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.201.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051490/; classtype:trojan-activity;sid:83914590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.121.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051489/; classtype:trojan-activity;sid:83914589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051488)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.172.190.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051488/; classtype:trojan-activity;sid:83914588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.38.106.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051486/; classtype:trojan-activity;sid:83914586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.65.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051487/; classtype:trojan-activity;sid:83914587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.166.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051485/; classtype:trojan-activity;sid:83914585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051484)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.95.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051484/; classtype:trojan-activity;sid:83914584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051483)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.134.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051483/; classtype:trojan-activity;sid:83914583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051482)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.77.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051482/; classtype:trojan-activity;sid:83914582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.188.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051481/; classtype:trojan-activity;sid:83914581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.169.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051480/; classtype:trojan-activity;sid:83914580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.183.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051479/; classtype:trojan-activity;sid:83914579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.142.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051478/; classtype:trojan-activity;sid:83914578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.172.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051476/; classtype:trojan-activity;sid:83914576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.117.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051477/; classtype:trojan-activity;sid:83914577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.60.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051475/; classtype:trojan-activity;sid:83914575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.91.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051473/; classtype:trojan-activity;sid:83914573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.171.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051474/; classtype:trojan-activity;sid:83914574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.188.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051472/; classtype:trojan-activity;sid:83914572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.171.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051471/; classtype:trojan-activity;sid:83914571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051469)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.41.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051469/; classtype:trojan-activity;sid:83914569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051470)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.6.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051470/; classtype:trojan-activity;sid:83914570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.221.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051468/; classtype:trojan-activity;sid:83914568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.178.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051467/; classtype:trojan-activity;sid:83914567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051466)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.145.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051466/; classtype:trojan-activity;sid:83914566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.6.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051465/; classtype:trojan-activity;sid:83914565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.91.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051464/; classtype:trojan-activity;sid:83914564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.76.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051463/; classtype:trojan-activity;sid:83914563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.117.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051462/; classtype:trojan-activity;sid:83914562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051461)"; flow:established,from_client; content:"GET"; http_method; content:"/orderreview"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"lpl.award.vuheritagefoundation.org"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051461/; classtype:trojan-activity;sid:83914561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.13.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051460/; classtype:trojan-activity;sid:83914560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.121.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051459/; classtype:trojan-activity;sid:83914559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.142.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051458/; classtype:trojan-activity;sid:83914558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051457/; classtype:trojan-activity;sid:83914557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.65.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051456/; classtype:trojan-activity;sid:83914556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051454)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.192.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051454/; classtype:trojan-activity;sid:83914554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051455)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.218.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051455/; classtype:trojan-activity;sid:83914555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051453)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.29.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051453/; classtype:trojan-activity;sid:83914553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.92.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051452/; classtype:trojan-activity;sid:83914552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.34.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051451/; classtype:trojan-activity;sid:83914551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.70.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051450/; classtype:trojan-activity;sid:83914550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.225.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051449/; classtype:trojan-activity;sid:83914549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.172.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051448/; classtype:trojan-activity;sid:83914548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.230.27.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051447/; classtype:trojan-activity;sid:83914547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.208.180.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051443/; classtype:trojan-activity;sid:83914543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051444)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.105.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051444/; classtype:trojan-activity;sid:83914544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051445)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.125.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051445/; classtype:trojan-activity;sid:83914545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.60.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051446/; classtype:trojan-activity;sid:83914546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051442)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.9.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051442/; classtype:trojan-activity;sid:83914542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.103.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051440/; classtype:trojan-activity;sid:83914540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.75.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051441/; classtype:trojan-activity;sid:83914541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.60.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051439/; classtype:trojan-activity;sid:83914539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.46.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051438/; classtype:trojan-activity;sid:83914538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.13.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051436/; classtype:trojan-activity;sid:83914536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.76.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051437/; classtype:trojan-activity;sid:83914537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.112.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051435/; classtype:trojan-activity;sid:83914535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.92.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051434/; classtype:trojan-activity;sid:83914534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.84.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051433/; classtype:trojan-activity;sid:83914533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051432)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.37.244.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051432/; classtype:trojan-activity;sid:83914532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051431)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.79.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051431/; classtype:trojan-activity;sid:83914531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051429)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.171.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051429/; classtype:trojan-activity;sid:83914529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.42.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051430/; classtype:trojan-activity;sid:83914530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.209.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051428/; classtype:trojan-activity;sid:83914528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.34.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051427/; classtype:trojan-activity;sid:83914527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.70.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051426/; classtype:trojan-activity;sid:83914526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.225.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051425/; classtype:trojan-activity;sid:83914525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.86.66.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051424/; classtype:trojan-activity;sid:83914524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.151.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051423/; classtype:trojan-activity;sid:83914523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.222.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051422/; classtype:trojan-activity;sid:83914522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051421)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.230.27.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051421/; classtype:trojan-activity;sid:83914521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.103.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051420/; classtype:trojan-activity;sid:83914520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.254.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051419/; classtype:trojan-activity;sid:83914519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.171.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051418/; classtype:trojan-activity;sid:83914518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.193.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051417/; classtype:trojan-activity;sid:83914517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.46.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051416/; classtype:trojan-activity;sid:83914516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.166.114.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051414/; classtype:trojan-activity;sid:83914514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.9.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051415/; classtype:trojan-activity;sid:83914515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.112.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051413/; classtype:trojan-activity;sid:83914513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.145.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051412/; classtype:trojan-activity;sid:83914512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.86.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051411/; classtype:trojan-activity;sid:83914511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.151.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051409/; classtype:trojan-activity;sid:83914509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.60.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051410/; classtype:trojan-activity;sid:83914510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051408)"; flow:established,from_client; content:"GET"; http_method; content:"/prog/6698c0ab59e68_aerosoft.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"79.137.192.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051408/; classtype:trojan-activity;sid:83914508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.127.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051407/; classtype:trojan-activity;sid:83914507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.170.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051406/; classtype:trojan-activity;sid:83914506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.252.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051405/; classtype:trojan-activity;sid:83914505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.6.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051404/; classtype:trojan-activity;sid:83914504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.86.66.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051403/; classtype:trojan-activity;sid:83914503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.95.24.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051401/; classtype:trojan-activity;sid:83914501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.143.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051402/; classtype:trojan-activity;sid:83914502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.151.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051400/; classtype:trojan-activity;sid:83914500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.238.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051399/; classtype:trojan-activity;sid:83914499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.166.114.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051398/; classtype:trojan-activity;sid:83914498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.9.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051397/; classtype:trojan-activity;sid:83914497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051395)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.150.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051395/; classtype:trojan-activity;sid:83914495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051396)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.252.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051396/; classtype:trojan-activity;sid:83914496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051394)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.50.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051394/; classtype:trojan-activity;sid:83914494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.171.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051393/; classtype:trojan-activity;sid:83914493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.246.56.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051392/; classtype:trojan-activity;sid:83914492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.160.200.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051391/; classtype:trojan-activity;sid:83914491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.38.106.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051390/; classtype:trojan-activity;sid:83914490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.86.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051389/; classtype:trojan-activity;sid:83914489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.162.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051388/; classtype:trojan-activity;sid:83914488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.170.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051387/; classtype:trojan-activity;sid:83914487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.190.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051386/; classtype:trojan-activity;sid:83914486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.150.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051385/; classtype:trojan-activity;sid:83914485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.127.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051384/; classtype:trojan-activity;sid:83914484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051383)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.99.18.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051383/; classtype:trojan-activity;sid:83914483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051382)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.182.63.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051382/; classtype:trojan-activity;sid:83914482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.5.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051381/; classtype:trojan-activity;sid:83914481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.255.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051380/; classtype:trojan-activity;sid:83914480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051379)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.51.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051379/; classtype:trojan-activity;sid:83914479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.217.139.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051378/; classtype:trojan-activity;sid:83914478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.127.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051377/; classtype:trojan-activity;sid:83914477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051376)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.156.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051376/; classtype:trojan-activity;sid:83914476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051374)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.29.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051374/; classtype:trojan-activity;sid:83914474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.6.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051375/; classtype:trojan-activity;sid:83914475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.190.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051373/; classtype:trojan-activity;sid:83914473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.252.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051372/; classtype:trojan-activity;sid:83914472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.197.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051371/; classtype:trojan-activity;sid:83914471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.137.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051370/; classtype:trojan-activity;sid:83914470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.220.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051368/; classtype:trojan-activity;sid:83914468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.186.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051369/; classtype:trojan-activity;sid:83914469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.0.53"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051367/; classtype:trojan-activity;sid:83914467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.119.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051366/; classtype:trojan-activity;sid:83914466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.246.56.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051365/; classtype:trojan-activity;sid:83914465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051364)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.197.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051364/; classtype:trojan-activity;sid:83914464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.59.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051363/; classtype:trojan-activity;sid:83914463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.116.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051362/; classtype:trojan-activity;sid:83914462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.160.200.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051361/; classtype:trojan-activity;sid:83914461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.87.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051360/; classtype:trojan-activity;sid:83914460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.10.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051359/; classtype:trojan-activity;sid:83914459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.114.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051358/; classtype:trojan-activity;sid:83914458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051356)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.189.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051356/; classtype:trojan-activity;sid:83914456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.93.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051357/; classtype:trojan-activity;sid:83914457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.150.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051355/; classtype:trojan-activity;sid:83914455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051353)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.244.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051353/; classtype:trojan-activity;sid:83914453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.5.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051354/; classtype:trojan-activity;sid:83914454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.199.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051351/; classtype:trojan-activity;sid:83914451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.162.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051352/; classtype:trojan-activity;sid:83914452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051350)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.115.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051350/; classtype:trojan-activity;sid:83914450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.76.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051349/; classtype:trojan-activity;sid:83914449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.90.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051348/; classtype:trojan-activity;sid:83914448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.94.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051347/; classtype:trojan-activity;sid:83914447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.27.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051346/; classtype:trojan-activity;sid:83914446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.217.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051345/; classtype:trojan-activity;sid:83914445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.176.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051344/; classtype:trojan-activity;sid:83914444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.255.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051343/; classtype:trojan-activity;sid:83914443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.214.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051342/; classtype:trojan-activity;sid:83914442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.177.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051341/; classtype:trojan-activity;sid:83914441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.76.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051340/; classtype:trojan-activity;sid:83914440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.132.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051339/; classtype:trojan-activity;sid:83914439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.127.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051338/; classtype:trojan-activity;sid:83914438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051337)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.5.156"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051337/; classtype:trojan-activity;sid:83914437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051336)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.18.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051336/; classtype:trojan-activity;sid:83914436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051335)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.89.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051335/; classtype:trojan-activity;sid:83914435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.59.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051334/; classtype:trojan-activity;sid:83914434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.18.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051333/; classtype:trojan-activity;sid:83914433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.186.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051332/; classtype:trojan-activity;sid:83914432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.143.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051331/; classtype:trojan-activity;sid:83914431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.36.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051329/; classtype:trojan-activity;sid:83914429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.58.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051330/; classtype:trojan-activity;sid:83914430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.119.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051328/; classtype:trojan-activity;sid:83914428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.116.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051327/; classtype:trojan-activity;sid:83914427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.87.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051326/; classtype:trojan-activity;sid:83914426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.0.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051325/; classtype:trojan-activity;sid:83914425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.90.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051324/; classtype:trojan-activity;sid:83914424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051323)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.233.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051323/; classtype:trojan-activity;sid:83914423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.76.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051320/; classtype:trojan-activity;sid:83914420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051321)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.174.238.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051321/; classtype:trojan-activity;sid:83914421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.207.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051322/; classtype:trojan-activity;sid:83914422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.214.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051319/; classtype:trojan-activity;sid:83914419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.161.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051318/; classtype:trojan-activity;sid:83914418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.32.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051317/; classtype:trojan-activity;sid:83914417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.177.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051316/; classtype:trojan-activity;sid:83914416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.132.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051315/; classtype:trojan-activity;sid:83914415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.100.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051314/; classtype:trojan-activity;sid:83914414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.176.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051313/; classtype:trojan-activity;sid:83914413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051312)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.248.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051312/; classtype:trojan-activity;sid:83914412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051311)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.58.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051311/; classtype:trojan-activity;sid:83914411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051310)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.213.92.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051310/; classtype:trojan-activity;sid:83914410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051307)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.250.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051307/; classtype:trojan-activity;sid:83914407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051308)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.141.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051308/; classtype:trojan-activity;sid:83914408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.161.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051309/; classtype:trojan-activity;sid:83914409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051306)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.247.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051306/; classtype:trojan-activity;sid:83914406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051305)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.45.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051305/; classtype:trojan-activity;sid:83914405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.112.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051304/; classtype:trojan-activity;sid:83914404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.76.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051303/; classtype:trojan-activity;sid:83914403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.36.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051302/; classtype:trojan-activity;sid:83914402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.217.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051301/; classtype:trojan-activity;sid:83914401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051300)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.138.12.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051300/; classtype:trojan-activity;sid:83914400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.207.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051299/; classtype:trojan-activity;sid:83914399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.161.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051298/; classtype:trojan-activity;sid:83914398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051297)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.108.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051297/; classtype:trojan-activity;sid:83914397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051295)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.7.156"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051295/; classtype:trojan-activity;sid:83914395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.211.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051296/; classtype:trojan-activity;sid:83914396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.32.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051294/; classtype:trojan-activity;sid:83914394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.84.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051293/; classtype:trojan-activity;sid:83914393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051290)"; flow:established,from_client; content:"GET"; http_method; content:"/doduchieu_oswe.tmp"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.128.226.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051290/; classtype:trojan-activity;sid:83914390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051291)"; flow:established,from_client; content:"GET"; http_method; content:"/doduchieu.tmp"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"47.128.226.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051291/; classtype:trojan-activity;sid:83914391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.252.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051292/; classtype:trojan-activity;sid:83914392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.206.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051289/; classtype:trojan-activity;sid:83914389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051288)"; flow:established,from_client; content:"GET"; http_method; content:"/decoy/doduchieu.pdf"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"47.128.226.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051288/; classtype:trojan-activity;sid:83914388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.168.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051286/; classtype:trojan-activity;sid:83914386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.163.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051287/; classtype:trojan-activity;sid:83914387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051285)"; flow:established,from_client; content:"GET"; http_method; content:"/safe_shell.shc.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.128.226.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051285/; classtype:trojan-activity;sid:83914385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051284)"; flow:established,from_client; content:"GET"; http_method; content:"/decoy/do-duc-hieu-oswe.pdf"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"47.128.226.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051284/; classtype:trojan-activity;sid:83914384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051283)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.239.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051283/; classtype:trojan-activity;sid:83914383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.142.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051282/; classtype:trojan-activity;sid:83914382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.237.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051280/; classtype:trojan-activity;sid:83914380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.250.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051281/; classtype:trojan-activity;sid:83914381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.127.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051279/; classtype:trojan-activity;sid:83914379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051278)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.65.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051278/; classtype:trojan-activity;sid:83914378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051276)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.72.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051276/; classtype:trojan-activity;sid:83914376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051277)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.105.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051277/; classtype:trojan-activity;sid:83914377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.112.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051275/; classtype:trojan-activity;sid:83914375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.110.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051274/; classtype:trojan-activity;sid:83914374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.235.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051273/; classtype:trojan-activity;sid:83914373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.163.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051272/; classtype:trojan-activity;sid:83914372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.237.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051271/; classtype:trojan-activity;sid:83914371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.7.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051270/; classtype:trojan-activity;sid:83914370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.141.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051268/; classtype:trojan-activity;sid:83914368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.206.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051269/; classtype:trojan-activity;sid:83914369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.49.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051266/; classtype:trojan-activity;sid:83914366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.211.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051267/; classtype:trojan-activity;sid:83914367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.109.146.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051265/; classtype:trojan-activity;sid:83914365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.129.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051264/; classtype:trojan-activity;sid:83914364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.84.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051263/; classtype:trojan-activity;sid:83914363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.145.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051262/; classtype:trojan-activity;sid:83914362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.116.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051261/; classtype:trojan-activity;sid:83914361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.54.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051260/; classtype:trojan-activity;sid:83914360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.168.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051259/; classtype:trojan-activity;sid:83914359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.239.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051258/; classtype:trojan-activity;sid:83914358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.228.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051257/; classtype:trojan-activity;sid:83914357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051256)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.124.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051256/; classtype:trojan-activity;sid:83914356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.245.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051255/; classtype:trojan-activity;sid:83914355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051254)"; flow:established,from_client; content:"GET"; http_method; content:"/ebube.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"pub-39c431b0c306497287a06e8cea23fa74.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051254/; classtype:trojan-activity;sid:83914354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.117.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051252/; classtype:trojan-activity;sid:83914352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.143.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051253/; classtype:trojan-activity;sid:83914353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.110.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051251/; classtype:trojan-activity;sid:83914351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.254.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051250/; classtype:trojan-activity;sid:83914350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.141.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051249/; classtype:trojan-activity;sid:83914349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.142.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051248/; classtype:trojan-activity;sid:83914348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.7.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051247/; classtype:trojan-activity;sid:83914347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.245.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051246/; classtype:trojan-activity;sid:83914346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.174.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051245/; classtype:trojan-activity;sid:83914345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.97.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051243/; classtype:trojan-activity;sid:83914343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.145.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051241/; classtype:trojan-activity;sid:83914341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051242)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.254.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051242/; classtype:trojan-activity;sid:83914342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051239)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.255.244.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051239/; classtype:trojan-activity;sid:83914339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051240)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.248.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051240/; classtype:trojan-activity;sid:83914340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.129.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051238/; classtype:trojan-activity;sid:83914338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.116.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051237/; classtype:trojan-activity;sid:83914337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051236)"; flow:established,from_client; content:"GET"; http_method; content:"/admin/js/sqjxhtzqi8.jpg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"hmhealthservices.in"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051236/; classtype:trojan-activity;sid:83914336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051235)"; flow:established,from_client; content:"GET"; http_method; content:"/warsong.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"77.105.132.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051235/; classtype:trojan-activity;sid:83914335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.184.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051233/; classtype:trojan-activity;sid:83914333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051234)"; flow:established,from_client; content:"GET"; http_method; content:"/djsoftware.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"77.105.132.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051234/; classtype:trojan-activity;sid:83914334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051232)"; flow:established,from_client; content:"GET"; http_method; content:"/new_clip.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mamallan.life"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051232/; classtype:trojan-activity;sid:83914332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.77.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051231/; classtype:trojan-activity;sid:83914331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.10.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051230/; classtype:trojan-activity;sid:83914330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.228.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051229/; classtype:trojan-activity;sid:83914329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.199.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051228/; classtype:trojan-activity;sid:83914328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.104.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051227/; classtype:trojan-activity;sid:83914327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051226)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.188.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051226/; classtype:trojan-activity;sid:83914326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.71.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051225/; classtype:trojan-activity;sid:83914325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.142.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051224/; classtype:trojan-activity;sid:83914324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051222)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.59.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051222/; classtype:trojan-activity;sid:83914322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051223)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.236.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051223/; classtype:trojan-activity;sid:83914323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051221)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.55.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051221/; classtype:trojan-activity;sid:83914321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.209.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051219/; classtype:trojan-activity;sid:83914319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051220)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.110.252.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051220/; classtype:trojan-activity;sid:83914320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.214.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051216/; classtype:trojan-activity;sid:83914316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.143.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051217/; classtype:trojan-activity;sid:83914317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.227.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051218/; classtype:trojan-activity;sid:83914318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051215)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.117.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051215/; classtype:trojan-activity;sid:83914315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.175.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051213/; classtype:trojan-activity;sid:83914313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.254.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051214/; classtype:trojan-activity;sid:83914314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051212/; classtype:trojan-activity;sid:83914312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051211)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/blocks/l2.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"sbhtv.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051211/; classtype:trojan-activity;sid:83914311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051210)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.3.134"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051210/; classtype:trojan-activity;sid:83914310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.230.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051209/; classtype:trojan-activity;sid:83914309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051208)"; flow:established,from_client; content:"GET"; http_method; content:"/demo/l2.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"staging-brandixsoft.co.uk"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051208/; classtype:trojan-activity;sid:83914308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.137.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051207/; classtype:trojan-activity;sid:83914307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.247.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051206/; classtype:trojan-activity;sid:83914306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051205)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.145.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051205/; classtype:trojan-activity;sid:83914305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.41.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051204/; classtype:trojan-activity;sid:83914304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.168.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051203/; classtype:trojan-activity;sid:83914303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.5.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051202/; classtype:trojan-activity;sid:83914302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.184.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051201/; classtype:trojan-activity;sid:83914301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.175.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051200/; classtype:trojan-activity;sid:83914300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.34.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051199/; classtype:trojan-activity;sid:83914299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.137.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051198/; classtype:trojan-activity;sid:83914298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.133.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051196/; classtype:trojan-activity;sid:83914296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.60.251.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051197/; classtype:trojan-activity;sid:83914297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.200.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051195/; classtype:trojan-activity;sid:83914295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.214.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051194/; classtype:trojan-activity;sid:83914294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.71.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051193/; classtype:trojan-activity;sid:83914293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051192)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.241.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051192/; classtype:trojan-activity;sid:83914292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.113.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051191/; classtype:trojan-activity;sid:83914291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051189)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.117.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051189/; classtype:trojan-activity;sid:83914289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.214.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051190/; classtype:trojan-activity;sid:83914290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051188)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.210.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051188/; classtype:trojan-activity;sid:83914288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.161.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051187/; classtype:trojan-activity;sid:83914287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.226.242.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051186/; classtype:trojan-activity;sid:83914286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.186.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051185/; classtype:trojan-activity;sid:83914285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.158.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051184/; classtype:trojan-activity;sid:83914284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051183)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.230.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051183/; classtype:trojan-activity;sid:83914283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051182)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.244.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051182/; classtype:trojan-activity;sid:83914282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051181)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.240.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051181/; classtype:trojan-activity;sid:83914281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.117.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051180/; classtype:trojan-activity;sid:83914280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.247.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051179/; classtype:trojan-activity;sid:83914279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.3.134"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051178/; classtype:trojan-activity;sid:83914278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.186.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051177/; classtype:trojan-activity;sid:83914277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051176)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.234.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051176/; classtype:trojan-activity;sid:83914276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.200.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051175/; classtype:trojan-activity;sid:83914275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.2.31.11"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051174/; classtype:trojan-activity;sid:83914274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.29.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051173/; classtype:trojan-activity;sid:83914273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051172)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.209.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051172/; classtype:trojan-activity;sid:83914272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051171)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.202.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051171/; classtype:trojan-activity;sid:83914271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.113.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051170/; classtype:trojan-activity;sid:83914270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051169)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.225.118.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051169/; classtype:trojan-activity;sid:83914269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051168)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.187.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051168/; classtype:trojan-activity;sid:83914268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.115.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051167/; classtype:trojan-activity;sid:83914267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051166)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.212.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051166/; classtype:trojan-activity;sid:83914266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051165)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.59.208"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051165/; classtype:trojan-activity;sid:83914265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051164)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.32.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051164/; classtype:trojan-activity;sid:83914264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051163)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.202.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051163/; classtype:trojan-activity;sid:83914263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051162)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.29.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051162/; classtype:trojan-activity;sid:83914262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051159)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.55.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051159/; classtype:trojan-activity;sid:83914259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051160)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.93.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051160/; classtype:trojan-activity;sid:83914260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051161)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.3.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051161/; classtype:trojan-activity;sid:83914261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051158)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.191.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051158/; classtype:trojan-activity;sid:83914258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.168.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051157/; classtype:trojan-activity;sid:83914257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051156)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.143.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051156/; classtype:trojan-activity;sid:83914256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.32.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051155/; classtype:trojan-activity;sid:83914255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051154)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.233.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051154/; classtype:trojan-activity;sid:83914254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.5.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051153/; classtype:trojan-activity;sid:83914253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.41.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051152/; classtype:trojan-activity;sid:83914252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.60.251.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051151/; classtype:trojan-activity;sid:83914251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.133.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051150/; classtype:trojan-activity;sid:83914250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.207.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051149/; classtype:trojan-activity;sid:83914249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.193.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051147/; classtype:trojan-activity;sid:83914247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.211.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051148/; classtype:trojan-activity;sid:83914248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.161.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051146/; classtype:trojan-activity;sid:83914246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.11.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051145/; classtype:trojan-activity;sid:83914245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.40.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051144/; classtype:trojan-activity;sid:83914244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.76.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051143/; classtype:trojan-activity;sid:83914243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.207.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051142/; classtype:trojan-activity;sid:83914242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.132.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051141/; classtype:trojan-activity;sid:83914241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051140)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.80.196.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051140/; classtype:trojan-activity;sid:83914240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.186.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051139/; classtype:trojan-activity;sid:83914239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.44.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051135/; classtype:trojan-activity;sid:83914235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.89.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051136/; classtype:trojan-activity;sid:83914236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.70.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051137/; classtype:trojan-activity;sid:83914237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051138)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.233.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051138/; classtype:trojan-activity;sid:83914238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.175.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051134/; classtype:trojan-activity;sid:83914234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.87.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051133/; classtype:trojan-activity;sid:83914233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.38.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051132/; classtype:trojan-activity;sid:83914232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.31.11"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051131/; classtype:trojan-activity;sid:83914231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.186.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051130/; classtype:trojan-activity;sid:83914230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.243.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051129/; classtype:trojan-activity;sid:83914229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.234.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051128/; classtype:trojan-activity;sid:83914228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.51.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051127/; classtype:trojan-activity;sid:83914227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.113.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051126/; classtype:trojan-activity;sid:83914226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051125)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.170.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051125/; classtype:trojan-activity;sid:83914225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.7.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051124/; classtype:trojan-activity;sid:83914224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051123)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.33.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051123/; classtype:trojan-activity;sid:83914223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051122)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.179.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051122/; classtype:trojan-activity;sid:83914222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.205.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051121/; classtype:trojan-activity;sid:83914221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.227.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051120/; classtype:trojan-activity;sid:83914220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.11.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051119/; classtype:trojan-activity;sid:83914219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.191.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051117/; classtype:trojan-activity;sid:83914217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.211.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051118/; classtype:trojan-activity;sid:83914218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.79.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051116/; classtype:trojan-activity;sid:83914216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.87.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051115/; classtype:trojan-activity;sid:83914215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051114)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.99.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051114/; classtype:trojan-activity;sid:83914214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051113)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.219.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051113/; classtype:trojan-activity;sid:83914213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.38.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051112/; classtype:trojan-activity;sid:83914212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.51.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051111/; classtype:trojan-activity;sid:83914211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.12.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051110/; classtype:trojan-activity;sid:83914210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.33.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051109/; classtype:trojan-activity;sid:83914209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.175.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051108/; classtype:trojan-activity;sid:83914208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.26.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051107/; classtype:trojan-activity;sid:83914207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.2.60"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051106/; classtype:trojan-activity;sid:83914206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.234.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051105/; classtype:trojan-activity;sid:83914205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.86.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051104/; classtype:trojan-activity;sid:83914204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051103)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.26.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051103/; classtype:trojan-activity;sid:83914203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051102)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.83.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051102/; classtype:trojan-activity;sid:83914202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.128.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051101/; classtype:trojan-activity;sid:83914201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051100)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.2.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051100/; classtype:trojan-activity;sid:83914200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051099)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.5.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051099/; classtype:trojan-activity;sid:83914199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.9.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051098/; classtype:trojan-activity;sid:83914198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.227.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051097/; classtype:trojan-activity;sid:83914197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.205.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051096/; classtype:trojan-activity;sid:83914196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.250.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051095/; classtype:trojan-activity;sid:83914195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.161.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051094/; classtype:trojan-activity;sid:83914194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.191.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051093/; classtype:trojan-activity;sid:83914193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.5.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051092/; classtype:trojan-activity;sid:83914192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051091)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.239.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051091/; classtype:trojan-activity;sid:83914191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.236.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051090/; classtype:trojan-activity;sid:83914190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.83.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051089/; classtype:trojan-activity;sid:83914189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.79.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051088/; classtype:trojan-activity;sid:83914188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.64.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051087/; classtype:trojan-activity;sid:83914187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.62.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051086/; classtype:trojan-activity;sid:83914186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.209.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051085/; classtype:trojan-activity;sid:83914185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.2.60"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051084/; classtype:trojan-activity;sid:83914184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051083)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.114.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051083/; classtype:trojan-activity;sid:83914183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051082)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.34.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051082/; classtype:trojan-activity;sid:83914182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.175.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051081/; classtype:trojan-activity;sid:83914181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051080)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.187.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051080/; classtype:trojan-activity;sid:83914180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.152.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051079/; classtype:trojan-activity;sid:83914179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.86.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051078/; classtype:trojan-activity;sid:83914178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.204.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051077/; classtype:trojan-activity;sid:83914177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.250.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051076/; classtype:trojan-activity;sid:83914176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051075)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.76.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051075/; classtype:trojan-activity;sid:83914175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.48.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051074/; classtype:trojan-activity;sid:83914174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051073)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.157.145.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051073/; classtype:trojan-activity;sid:83914173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051071)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.14.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051071/; classtype:trojan-activity;sid:83914171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.161.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051072/; classtype:trojan-activity;sid:83914172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051070)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.61.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051070/; classtype:trojan-activity;sid:83914170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051068)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.13.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051068/; classtype:trojan-activity;sid:83914168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.234.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051069/; classtype:trojan-activity;sid:83914169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051067)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.98.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051067/; classtype:trojan-activity;sid:83914167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.242.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051066/; classtype:trojan-activity;sid:83914166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.89.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051065/; classtype:trojan-activity;sid:83914165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.177.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051064/; classtype:trojan-activity;sid:83914164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051063)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.182.161.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051063/; classtype:trojan-activity;sid:83914163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.249.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051061/; classtype:trojan-activity;sid:83914161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.64.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051062/; classtype:trojan-activity;sid:83914162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051060)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/1262621763930427403/1263398989181485096/enquiry.js|3f|ex=669a177f|7c|26|7c|is=6698c5ff|7c|26|7c|hm=4ca65b63c19d5fb624263eddc7bf3405c65f8b6e11318c1114a47b367cfed6e5|7c|26|7c|"; http_uri; depth:186; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051060/; classtype:trojan-activity;sid:83914160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051059)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.236.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051059/; classtype:trojan-activity;sid:83914159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.39.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051058/; classtype:trojan-activity;sid:83914158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.117.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051057/; classtype:trojan-activity;sid:83914157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.198.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051056/; classtype:trojan-activity;sid:83914156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.45.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051055/; classtype:trojan-activity;sid:83914155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.46.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051054/; classtype:trojan-activity;sid:83914154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051053)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.82.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051053/; classtype:trojan-activity;sid:83914153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.177.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051052/; classtype:trojan-activity;sid:83914152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051051)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.172.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051051/; classtype:trojan-activity;sid:83914151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051050)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.174.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051050/; classtype:trojan-activity;sid:83914150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.5.145"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051049/; classtype:trojan-activity;sid:83914149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051048/; classtype:trojan-activity;sid:83914148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.231.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051047/; classtype:trojan-activity;sid:83914147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.231.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051046/; classtype:trojan-activity;sid:83914146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.247.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051045/; classtype:trojan-activity;sid:83914145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051044)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.94.154.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051044/; classtype:trojan-activity;sid:83914144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.184.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051043/; classtype:trojan-activity;sid:83914143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.204.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051042/; classtype:trojan-activity;sid:83914142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.189.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051041/; classtype:trojan-activity;sid:83914141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.242.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051040/; classtype:trojan-activity;sid:83914140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.45.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051039/; classtype:trojan-activity;sid:83914139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.191.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051038/; classtype:trojan-activity;sid:83914138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.244.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051037/; classtype:trojan-activity;sid:83914137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051036)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.10.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051036/; classtype:trojan-activity;sid:83914136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051035)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.91.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051035/; classtype:trojan-activity;sid:83914135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051034)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.14.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051034/; classtype:trojan-activity;sid:83914134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.249.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051033/; classtype:trojan-activity;sid:83914133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.177.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051032/; classtype:trojan-activity;sid:83914132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.46.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051031/; classtype:trojan-activity;sid:83914131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.125.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051030/; classtype:trojan-activity;sid:83914130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.198.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051029/; classtype:trojan-activity;sid:83914129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051028)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"187.137.0.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051028/; classtype:trojan-activity;sid:83914128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.216.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051025/; classtype:trojan-activity;sid:83914125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051026)"; flow:established,from_client; content:"GET"; http_method; content:"/prog/66990947b9f24_crypted.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"79.137.192.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051026/; classtype:trojan-activity;sid:83914126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.29.32"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051027/; classtype:trojan-activity;sid:83914127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.86.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051024/; classtype:trojan-activity;sid:83914124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.178.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051023/; classtype:trojan-activity;sid:83914123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051022)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.214.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051022/; classtype:trojan-activity;sid:83914122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051021)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.190.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051021/; classtype:trojan-activity;sid:83914121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051020)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.34.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051020/; classtype:trojan-activity;sid:83914120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.231.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051018/; classtype:trojan-activity;sid:83914118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051019)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.38.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051019/; classtype:trojan-activity;sid:83914119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.46.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051016/; classtype:trojan-activity;sid:83914116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.29.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051017/; classtype:trojan-activity;sid:83914117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.100.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051015/; classtype:trojan-activity;sid:83914115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.192.116.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051014/; classtype:trojan-activity;sid:83914114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.184.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051013/; classtype:trojan-activity;sid:83914113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.94.154.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051012/; classtype:trojan-activity;sid:83914112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.189.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051011/; classtype:trojan-activity;sid:83914111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.168.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051010/; classtype:trojan-activity;sid:83914110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.191.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051009/; classtype:trojan-activity;sid:83914109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.29.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051008/; classtype:trojan-activity;sid:83914108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.100.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051007/; classtype:trojan-activity;sid:83914107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.116.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051006/; classtype:trojan-activity;sid:83914106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.117.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051005/; classtype:trojan-activity;sid:83914105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.87.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051004/; classtype:trojan-activity;sid:83914104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051003)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.92.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051003/; classtype:trojan-activity;sid:83914103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.2.109.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051002/; classtype:trojan-activity;sid:83914102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.251.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051001/; classtype:trojan-activity;sid:83914101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3051000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.216.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3051000/; classtype:trojan-activity;sid:83914100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.198.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050999/; classtype:trojan-activity;sid:83914099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050995)"; flow:established,from_client; content:"GET"; http_method; content:"/wishvb/dew.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bas.swpushroller.eu"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050995/; classtype:trojan-activity;sid:83914095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050996)"; flow:established,from_client; content:"GET"; http_method; content:"/wishvb/dew.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"141.98.10.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050996/; classtype:trojan-activity;sid:83914096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050997)"; flow:established,from_client; content:"GET"; http_method; content:"/wishvb/dew.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bas.swpushroller.eu"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050997/; classtype:trojan-activity;sid:83914097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050998)"; flow:established,from_client; content:"GET"; http_method; content:"/wishvb/dew.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"141.98.10.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050998/; classtype:trojan-activity;sid:83914098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.238.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050994/; classtype:trojan-activity;sid:83914094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.46.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050993/; classtype:trojan-activity;sid:83914093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.168.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050992/; classtype:trojan-activity;sid:83914092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.46.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050991/; classtype:trojan-activity;sid:83914091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050988)"; flow:established,from_client; content:"GET"; http_method; content:"/docwis/archive.vbs"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"tip.swpushroller.eu"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050988/; classtype:trojan-activity;sid:83914088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050989)"; flow:established,from_client; content:"GET"; http_method; content:"/docwis/qwredfrf.vbs"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tip.swpushroller.eu"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050989/; classtype:trojan-activity;sid:83914089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050990)"; flow:established,from_client; content:"GET"; http_method; content:"/docwis/archive.vbs"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"tip.swpushroller.eu"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050990/; classtype:trojan-activity;sid:83914090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050983)"; flow:established,from_client; content:"GET"; http_method; content:"/docwis/archive.vbs"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"141.98.10.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050983/; classtype:trojan-activity;sid:83914083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050984)"; flow:established,from_client; content:"GET"; http_method; content:"/docwis/qwredfrf.vbs"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"141.98.10.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050984/; classtype:trojan-activity;sid:83914084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050985)"; flow:established,from_client; content:"GET"; http_method; content:"/docwis/qwredfrf.vbs"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"141.98.10.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050985/; classtype:trojan-activity;sid:83914085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050986)"; flow:established,from_client; content:"GET"; http_method; content:"/docwis/qwredfrf.vbs"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tip.swpushroller.eu"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050986/; classtype:trojan-activity;sid:83914086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050987)"; flow:established,from_client; content:"GET"; http_method; content:"/docwis/archive.vbs"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"141.98.10.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050987/; classtype:trojan-activity;sid:83914087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.197.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050982/; classtype:trojan-activity;sid:83914082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050981)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.190.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050981/; classtype:trojan-activity;sid:83914081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.56.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050980/; classtype:trojan-activity;sid:83914080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050979/; classtype:trojan-activity;sid:83914079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050978)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.59.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050978/; classtype:trojan-activity;sid:83914078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050977)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/ezp/idbk.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"178.215.236.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050977/; classtype:trojan-activity;sid:83914077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050976)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/ezp/brandedcrosscheckflowerhair.gif"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"178.215.236.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050976/; classtype:trojan-activity;sid:83914076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050974)"; flow:established,from_client; content:"GET"; http_method; content:"/33133/crosscheckworldwideharitreatment.gif"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"141.95.110.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050974/; classtype:trojan-activity;sid:83914074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050975)"; flow:established,from_client; content:"GET"; http_method; content:"/33133/rft.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"141.95.110.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050975/; classtype:trojan-activity;sid:83914075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.192.116.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050973/; classtype:trojan-activity;sid:83914073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050972)"; flow:established,from_client; content:"GET"; http_method; content:"/80180/bncc.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.161.133.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050972/; classtype:trojan-activity;sid:83914072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050971/; classtype:trojan-activity;sid:83914071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050970)"; flow:established,from_client; content:"GET"; http_method; content:"/80180/clearpicneedflowersnadimagesforhairwork.gif"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"103.161.133.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050970/; classtype:trojan-activity;sid:83914070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.213.110.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050969/; classtype:trojan-activity;sid:83914069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.89.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050968/; classtype:trojan-activity;sid:83914068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.236.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050966/; classtype:trojan-activity;sid:83914066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050967)"; flow:established,from_client; content:"GET"; http_method; content:"/onebase64.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"107.173.4.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050967/; classtype:trojan-activity;sid:83914067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.173.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050965/; classtype:trojan-activity;sid:83914065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.210.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050963/; classtype:trojan-activity;sid:83914063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050964)"; flow:established,from_client; content:"GET"; http_method; content:"/ongooodod.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"107.173.4.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050964/; classtype:trojan-activity;sid:83914064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050962)"; flow:established,from_client; content:"GET"; http_method; content:"/welovedatinglover.gif"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"107.173.4.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050962/; classtype:trojan-activity;sid:83914062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.67.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050961/; classtype:trojan-activity;sid:83914061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.116.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050960/; classtype:trojan-activity;sid:83914060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050958)"; flow:established,from_client; content:"GET"; http_method; content:"/hp/ezhbou.vdf"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.126.209.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050958/; classtype:trojan-activity;sid:83914058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050959)"; flow:established,from_client; content:"GET"; http_method; content:"/hp/xuuhwrr.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.126.209.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050959/; classtype:trojan-activity;sid:83914059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050954)"; flow:established,from_client; content:"GET"; http_method; content:"/dr/orkhbhd.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.126.209.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050954/; classtype:trojan-activity;sid:83914054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050955)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/kvtxktswwp.mp3"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.126.209.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050955/; classtype:trojan-activity;sid:83914055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050956)"; flow:established,from_client; content:"GET"; http_method; content:"/ab/jqitfcork.vdf"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.126.209.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050956/; classtype:trojan-activity;sid:83914056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050957)"; flow:established,from_client; content:"GET"; http_method; content:"/dropbox/wbonjmsbbtc.wav"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"45.126.209.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050957/; classtype:trojan-activity;sid:83914057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050952)"; flow:established,from_client; content:"GET"; http_method; content:"/hp/dmzzizrqyuh.mp3"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.126.209.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050952/; classtype:trojan-activity;sid:83914052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050953)"; flow:established,from_client; content:"GET"; http_method; content:"/hp/punefkkt.mp4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.126.209.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050953/; classtype:trojan-activity;sid:83914053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.146.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050951/; classtype:trojan-activity;sid:83914051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.101.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050950/; classtype:trojan-activity;sid:83914050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050949)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.200.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050949/; classtype:trojan-activity;sid:83914049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050948)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.245.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050948/; classtype:trojan-activity;sid:83914048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050947)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.226.170.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050947/; classtype:trojan-activity;sid:83914047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050946)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.142.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050946/; classtype:trojan-activity;sid:83914046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.25.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050945/; classtype:trojan-activity;sid:83914045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050942)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.78.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050942/; classtype:trojan-activity;sid:83914042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050943)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.84.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050943/; classtype:trojan-activity;sid:83914043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050944)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.187.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050944/; classtype:trojan-activity;sid:83914044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050938)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.43.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050938/; classtype:trojan-activity;sid:83914038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050939)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.123.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050939/; classtype:trojan-activity;sid:83914039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050940)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.79.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050940/; classtype:trojan-activity;sid:83914040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050941)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.77.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050941/; classtype:trojan-activity;sid:83914041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050937)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.36.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050937/; classtype:trojan-activity;sid:83914037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050935)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.116.7.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050935/; classtype:trojan-activity;sid:83914035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050936)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.170.201.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050936/; classtype:trojan-activity;sid:83914036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.112.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050934/; classtype:trojan-activity;sid:83914034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050933)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.20.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050933/; classtype:trojan-activity;sid:83914033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.93.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050932/; classtype:trojan-activity;sid:83914032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.204.126.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050931/; classtype:trojan-activity;sid:83914031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.109.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050930/; classtype:trojan-activity;sid:83914030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.173.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050929/; classtype:trojan-activity;sid:83914029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.251.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050928/; classtype:trojan-activity;sid:83914028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.197.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050927/; classtype:trojan-activity;sid:83914027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.210.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050926/; classtype:trojan-activity;sid:83914026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.180.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050925/; classtype:trojan-activity;sid:83914025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.238.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050924/; classtype:trojan-activity;sid:83914024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.46.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050923/; classtype:trojan-activity;sid:83914023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.173.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050922/; classtype:trojan-activity;sid:83914022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.227.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050921/; classtype:trojan-activity;sid:83914021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.161.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050920/; classtype:trojan-activity;sid:83914020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.75.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050918/; classtype:trojan-activity;sid:83914018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.9.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050919/; classtype:trojan-activity;sid:83914019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050917)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.58.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050917/; classtype:trojan-activity;sid:83914017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050915)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.173.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050915/; classtype:trojan-activity;sid:83914015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050916)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050916/; classtype:trojan-activity;sid:83914016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.16.114.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050914/; classtype:trojan-activity;sid:83914014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.234.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050913/; classtype:trojan-activity;sid:83914013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.117.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050912/; classtype:trojan-activity;sid:83914012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.21.121"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050911/; classtype:trojan-activity;sid:83914011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.135.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050910/; classtype:trojan-activity;sid:83914010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.6.134.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050909/; classtype:trojan-activity;sid:83914009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050908)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.173.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050908/; classtype:trojan-activity;sid:83914008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.0.106"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050907/; classtype:trojan-activity;sid:83914007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.180.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050906/; classtype:trojan-activity;sid:83914006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.215.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050904/; classtype:trojan-activity;sid:83914004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.146.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050905/; classtype:trojan-activity;sid:83914005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.101.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050903/; classtype:trojan-activity;sid:83914003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050901)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.132.76.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050901/; classtype:trojan-activity;sid:83914001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050902)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.122.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050902/; classtype:trojan-activity;sid:83914002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050899)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.124.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050899/; classtype:trojan-activity;sid:83913999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.93.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050900/; classtype:trojan-activity;sid:83914000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.59.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050898/; classtype:trojan-activity;sid:83913998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.66.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050897/; classtype:trojan-activity;sid:83913997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.250.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050896/; classtype:trojan-activity;sid:83913996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.146.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050895/; classtype:trojan-activity;sid:83913995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.142.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050893/; classtype:trojan-activity;sid:83913993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.145.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050894/; classtype:trojan-activity;sid:83913994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.228.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050892/; classtype:trojan-activity;sid:83913992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.153.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050891/; classtype:trojan-activity;sid:83913991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.235.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050890/; classtype:trojan-activity;sid:83913990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.6.134.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050889/; classtype:trojan-activity;sid:83913989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.9.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050888/; classtype:trojan-activity;sid:83913988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.11.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050887/; classtype:trojan-activity;sid:83913987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.59.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050886/; classtype:trojan-activity;sid:83913986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.117.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050884/; classtype:trojan-activity;sid:83913984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050885)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.117.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050885/; classtype:trojan-activity;sid:83913985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.181.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050883/; classtype:trojan-activity;sid:83913983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050882)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.88.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050882/; classtype:trojan-activity;sid:83913982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.34.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050881/; classtype:trojan-activity;sid:83913981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.75.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050880/; classtype:trojan-activity;sid:83913980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050879)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.40.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050879/; classtype:trojan-activity;sid:83913979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050878)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.38.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050878/; classtype:trojan-activity;sid:83913978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.97.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050877/; classtype:trojan-activity;sid:83913977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.234.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050876/; classtype:trojan-activity;sid:83913976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.77.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050875/; classtype:trojan-activity;sid:83913975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.11.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050874/; classtype:trojan-activity;sid:83913974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.180.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050873/; classtype:trojan-activity;sid:83913973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.177.159"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050872/; classtype:trojan-activity;sid:83913972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050871)"; flow:established,from_client; content:"GET"; http_method; content:"/vual/tabor.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"77.91.77.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050871/; classtype:trojan-activity;sid:83913971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.247.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050870/; classtype:trojan-activity;sid:83913970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.173.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050869/; classtype:trojan-activity;sid:83913969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.142.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050868/; classtype:trojan-activity;sid:83913968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.15.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050866/; classtype:trojan-activity;sid:83913966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.215.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050867/; classtype:trojan-activity;sid:83913967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.173.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050865/; classtype:trojan-activity;sid:83913965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.154.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050864/; classtype:trojan-activity;sid:83913964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.82.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050863/; classtype:trojan-activity;sid:83913963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.171.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050862/; classtype:trojan-activity;sid:83913962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050861)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.180.185.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050861/; classtype:trojan-activity;sid:83913961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.228.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050860/; classtype:trojan-activity;sid:83913960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050859)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.234.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050859/; classtype:trojan-activity;sid:83913959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050858)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.215.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050858/; classtype:trojan-activity;sid:83913958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050857)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.86.246.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050857/; classtype:trojan-activity;sid:83913957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.66.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050856/; classtype:trojan-activity;sid:83913956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.187.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050855/; classtype:trojan-activity;sid:83913955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.34.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050852/; classtype:trojan-activity;sid:83913952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050853)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.145.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050853/; classtype:trojan-activity;sid:83913953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.234.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050854/; classtype:trojan-activity;sid:83913954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.127.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050851/; classtype:trojan-activity;sid:83913951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.166.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050850/; classtype:trojan-activity;sid:83913950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.34.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050849/; classtype:trojan-activity;sid:83913949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050847)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/venture24.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050847/; classtype:trojan-activity;sid:83913947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050848)"; flow:established,from_client; content:"GET"; http_method; content:"/rkei/1068.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050848/; classtype:trojan-activity;sid:83913948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050835)"; flow:established,from_client; content:"GET"; http_method; content:"/rkei/223-8.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050835/; classtype:trojan-activity;sid:83913935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050836)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/997.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050836/; classtype:trojan-activity;sid:83913936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050837)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/venture18.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050837/; classtype:trojan-activity;sid:83913937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050838)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/alingme.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050838/; classtype:trojan-activity;sid:83913938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050839)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/venture43.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050839/; classtype:trojan-activity;sid:83913939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050840)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/venture33.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050840/; classtype:trojan-activity;sid:83913940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050841)"; flow:established,from_client; content:"GET"; http_method; content:"/rkei/erlnb.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050841/; classtype:trojan-activity;sid:83913941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050842)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/dlbzqv.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050842/; classtype:trojan-activity;sid:83913942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050843)"; flow:established,from_client; content:"GET"; http_method; content:"/rkei/1085.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050843/; classtype:trojan-activity;sid:83913943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050844)"; flow:established,from_client; content:"GET"; http_method; content:"/rkei/uialn.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050844/; classtype:trojan-activity;sid:83913944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050845)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/layout.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050845/; classtype:trojan-activity;sid:83913945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050846)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/venture01.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050846/; classtype:trojan-activity;sid:83913946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050826)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/xplayd.hta"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050826/; classtype:trojan-activity;sid:83913926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050827)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/dadmut.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050827/; classtype:trojan-activity;sid:83913927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050828)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/venture23.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050828/; classtype:trojan-activity;sid:83913928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050829)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/589.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050829/; classtype:trojan-activity;sid:83913929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050830)"; flow:established,from_client; content:"GET"; http_method; content:"/rkei/layout.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050830/; classtype:trojan-activity;sid:83913930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050831)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/stien.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050831/; classtype:trojan-activity;sid:83913931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050832)"; flow:established,from_client; content:"GET"; http_method; content:"/rkei/xwemz.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050832/; classtype:trojan-activity;sid:83913932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050833)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/venture08.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050833/; classtype:trojan-activity;sid:83913933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050834)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/1284.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050834/; classtype:trojan-activity;sid:83913934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050818)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/venture20.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050818/; classtype:trojan-activity;sid:83913918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050819)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/djfaumon.hta"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050819/; classtype:trojan-activity;sid:83913919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050820)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/venture36.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050820/; classtype:trojan-activity;sid:83913920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050821)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/venture50.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050821/; classtype:trojan-activity;sid:83913921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050822)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/svkdmal.png"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050822/; classtype:trojan-activity;sid:83913922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050823)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/venture26.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050823/; classtype:trojan-activity;sid:83913923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050824)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/venture75.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050824/; classtype:trojan-activity;sid:83913924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050825)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/erlnb.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050825/; classtype:trojan-activity;sid:83913925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050811)"; flow:established,from_client; content:"GET"; http_method; content:"/rkei/vorthauay.hta"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050811/; classtype:trojan-activity;sid:83913911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050812)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/venture39.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050812/; classtype:trojan-activity;sid:83913912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050813)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/venture32.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050813/; classtype:trojan-activity;sid:83913913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050814)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/venture60.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050814/; classtype:trojan-activity;sid:83913914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050815)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/venture77.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050815/; classtype:trojan-activity;sid:83913915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050816)"; flow:established,from_client; content:"GET"; http_method; content:"/rkei/stien.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050816/; classtype:trojan-activity;sid:83913916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050817)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/venture53.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050817/; classtype:trojan-activity;sid:83913917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050805)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/venture19.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050805/; classtype:trojan-activity;sid:83913905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050806)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/venture03.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050806/; classtype:trojan-activity;sid:83913906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050807)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/venture37.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050807/; classtype:trojan-activity;sid:83913907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050808)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/1337x.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050808/; classtype:trojan-activity;sid:83913908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050809)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/venture07.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050809/; classtype:trojan-activity;sid:83913909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050810)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/venture70.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050810/; classtype:trojan-activity;sid:83913910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050796)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/venture57.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050796/; classtype:trojan-activity;sid:83913896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050797)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/kdosmaul.hta"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050797/; classtype:trojan-activity;sid:83913897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050798)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/venture76.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050798/; classtype:trojan-activity;sid:83913898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050799)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/skmvlcamz.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050799/; classtype:trojan-activity;sid:83913899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050800)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/atte.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050800/; classtype:trojan-activity;sid:83913900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050801)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/venture61.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050801/; classtype:trojan-activity;sid:83913901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050802)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/venture49.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050802/; classtype:trojan-activity;sid:83913902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050803)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/venture45.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050803/; classtype:trojan-activity;sid:83913903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.97.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050804/; classtype:trojan-activity;sid:83913904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050792)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/venture28.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050792/; classtype:trojan-activity;sid:83913892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050793)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/venture31.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050793/; classtype:trojan-activity;sid:83913893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050794)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/impalsvaju.png"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050794/; classtype:trojan-activity;sid:83913894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050795)"; flow:established,from_client; content:"GET"; http_method; content:"/kvro/venture17.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050795/; classtype:trojan-activity;sid:83913895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050791)"; flow:established,from_client; content:"GET"; http_method; content:"/rkei/1337x.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.66.231.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050791/; classtype:trojan-activity;sid:83913891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050790)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.160.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050790/; classtype:trojan-activity;sid:83913890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050789)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.226.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050789/; classtype:trojan-activity;sid:83913889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050788)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.209.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050788/; classtype:trojan-activity;sid:83913888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050787)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.92.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050787/; classtype:trojan-activity;sid:83913887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050786)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.169.60.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050786/; classtype:trojan-activity;sid:83913886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.154.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050785/; classtype:trojan-activity;sid:83913885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.9.243"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050784/; classtype:trojan-activity;sid:83913884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.167.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050782/; classtype:trojan-activity;sid:83913882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.171.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050783/; classtype:trojan-activity;sid:83913883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.77.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050781/; classtype:trojan-activity;sid:83913881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.141.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050780/; classtype:trojan-activity;sid:83913880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050779)"; flow:established,from_client; content:"GET"; http_method; content:"/ujuax.iso"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"scar77747.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050779/; classtype:trojan-activity;sid:83913879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050778)"; flow:established,from_client; content:"GET"; http_method; content:"/scar2.hta"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"scar77747.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050778/; classtype:trojan-activity;sid:83913878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.82.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050777/; classtype:trojan-activity;sid:83913877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.44.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050776/; classtype:trojan-activity;sid:83913876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.86.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050775/; classtype:trojan-activity;sid:83913875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.115.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050774/; classtype:trojan-activity;sid:83913874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050771)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.208.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050771/; classtype:trojan-activity;sid:83913871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.213.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050772/; classtype:trojan-activity;sid:83913872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050773/; classtype:trojan-activity;sid:83913873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050770/; classtype:trojan-activity;sid:83913870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.70.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050769/; classtype:trojan-activity;sid:83913869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.44.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050768/; classtype:trojan-activity;sid:83913868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.174.238.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050767/; classtype:trojan-activity;sid:83913867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.165.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050766/; classtype:trojan-activity;sid:83913866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.127.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050765/; classtype:trojan-activity;sid:83913865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.127.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050763/; classtype:trojan-activity;sid:83913863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.163.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050764/; classtype:trojan-activity;sid:83913864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.205.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050761/; classtype:trojan-activity;sid:83913861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.60.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050762/; classtype:trojan-activity;sid:83913862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.34.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050760/; classtype:trojan-activity;sid:83913860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.132.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050759/; classtype:trojan-activity;sid:83913859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.119.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050758/; classtype:trojan-activity;sid:83913858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.57.214.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050757/; classtype:trojan-activity;sid:83913857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.86.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050756/; classtype:trojan-activity;sid:83913856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.166.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050755/; classtype:trojan-activity;sid:83913855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.182.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050754/; classtype:trojan-activity;sid:83913854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.9.243"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050753/; classtype:trojan-activity;sid:83913853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.171.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050752/; classtype:trojan-activity;sid:83913852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.234.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050751/; classtype:trojan-activity;sid:83913851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.167.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050750/; classtype:trojan-activity;sid:83913850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.60.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050749/; classtype:trojan-activity;sid:83913849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.151.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050748/; classtype:trojan-activity;sid:83913848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050746)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.16.114.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050746/; classtype:trojan-activity;sid:83913846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.152.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050747/; classtype:trojan-activity;sid:83913847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.236.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050745/; classtype:trojan-activity;sid:83913845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050744)"; flow:established,from_client; content:"GET"; http_method; content:"/shell-x64.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.55.131.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050744/; classtype:trojan-activity;sid:83913844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.107.8.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050743/; classtype:trojan-activity;sid:83913843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.174.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050742/; classtype:trojan-activity;sid:83913842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.171.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050741/; classtype:trojan-activity;sid:83913841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.177.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050740/; classtype:trojan-activity;sid:83913840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.49.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050739/; classtype:trojan-activity;sid:83913839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.235.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050738/; classtype:trojan-activity;sid:83913838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.44.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050737/; classtype:trojan-activity;sid:83913837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.141.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050736/; classtype:trojan-activity;sid:83913836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.205.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050735/; classtype:trojan-activity;sid:83913835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.34.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050734/; classtype:trojan-activity;sid:83913834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.196.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050733/; classtype:trojan-activity;sid:83913833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.84.214.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050730/; classtype:trojan-activity;sid:83913830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.241.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050729/; classtype:trojan-activity;sid:83913829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.114.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050728/; classtype:trojan-activity;sid:83913828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.53.129"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050727/; classtype:trojan-activity;sid:83913827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.149.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050726/; classtype:trojan-activity;sid:83913826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.162.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050724/; classtype:trojan-activity;sid:83913824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.60.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050725/; classtype:trojan-activity;sid:83913825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.74.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050723/; classtype:trojan-activity;sid:83913823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.60.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050722/; classtype:trojan-activity;sid:83913822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.204.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050721/; classtype:trojan-activity;sid:83913821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.251.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050720/; classtype:trojan-activity;sid:83913820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.132.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050719/; classtype:trojan-activity;sid:83913819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.214.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050718/; classtype:trojan-activity;sid:83913818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.182.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050717/; classtype:trojan-activity;sid:83913817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.119.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050716/; classtype:trojan-activity;sid:83913816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.151.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050715/; classtype:trojan-activity;sid:83913815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.238.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050714/; classtype:trojan-activity;sid:83913814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.171.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050713/; classtype:trojan-activity;sid:83913813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.205.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050712/; classtype:trojan-activity;sid:83913812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.229.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050711/; classtype:trojan-activity;sid:83913811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.47.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050710/; classtype:trojan-activity;sid:83913810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.13.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050705/; classtype:trojan-activity;sid:83913805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.209.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050706/; classtype:trojan-activity;sid:83913806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.60.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050707/; classtype:trojan-activity;sid:83913807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050708)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.195.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050708/; classtype:trojan-activity;sid:83913808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050709)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.149.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050709/; classtype:trojan-activity;sid:83913809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.241.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050704/; classtype:trojan-activity;sid:83913804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050703)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.152.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050703/; classtype:trojan-activity;sid:83913803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050702/; classtype:trojan-activity;sid:83913802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.8.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050701/; classtype:trojan-activity;sid:83913801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.196.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050700/; classtype:trojan-activity;sid:83913800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.49.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050697/; classtype:trojan-activity;sid:83913797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.29.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050698/; classtype:trojan-activity;sid:83913798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.23.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050699/; classtype:trojan-activity;sid:83913799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.102.1.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050696/; classtype:trojan-activity;sid:83913796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.242.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050695/; classtype:trojan-activity;sid:83913795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.187.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050694/; classtype:trojan-activity;sid:83913794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.11.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050693/; classtype:trojan-activity;sid:83913793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.84.214.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050692/; classtype:trojan-activity;sid:83913792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.204.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050691/; classtype:trojan-activity;sid:83913791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.251.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050690/; classtype:trojan-activity;sid:83913790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.214.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050689/; classtype:trojan-activity;sid:83913789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.174.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050688/; classtype:trojan-activity;sid:83913788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.125.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050687/; classtype:trojan-activity;sid:83913787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050686)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.255.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050686/; classtype:trojan-activity;sid:83913786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.177.28.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050685/; classtype:trojan-activity;sid:83913785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050684)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.115.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050684/; classtype:trojan-activity;sid:83913784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050682)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050682/; classtype:trojan-activity;sid:83913782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050683)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.0.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050683/; classtype:trojan-activity;sid:83913783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.103.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050681/; classtype:trojan-activity;sid:83913781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.189.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050680/; classtype:trojan-activity;sid:83913780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.47.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050679/; classtype:trojan-activity;sid:83913779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.120.132.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050678/; classtype:trojan-activity;sid:83913778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.43.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050677/; classtype:trojan-activity;sid:83913777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.16.9"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050675/; classtype:trojan-activity;sid:83913775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.100.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050676/; classtype:trojan-activity;sid:83913776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.209.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050674/; classtype:trojan-activity;sid:83913774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.8.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050673/; classtype:trojan-activity;sid:83913773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.13.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050672/; classtype:trojan-activity;sid:83913772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.82.240.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050671/; classtype:trojan-activity;sid:83913771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.161.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050670/; classtype:trojan-activity;sid:83913770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.102.1.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050669/; classtype:trojan-activity;sid:83913769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.140.189.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050668/; classtype:trojan-activity;sid:83913768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.116.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050667/; classtype:trojan-activity;sid:83913767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.2.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050666/; classtype:trojan-activity;sid:83913766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.242.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050665/; classtype:trojan-activity;sid:83913765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050664)"; flow:established,from_client; content:"GET"; http_method; content:"/windows.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.148.244.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050664/; classtype:trojan-activity;sid:83913764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.218.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050663/; classtype:trojan-activity;sid:83913763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.11.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050662/; classtype:trojan-activity;sid:83913762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050661/; classtype:trojan-activity;sid:83913761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050660)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.180.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050660/; classtype:trojan-activity;sid:83913760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050659)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.213.237.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050659/; classtype:trojan-activity;sid:83913759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050658)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.49.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050658/; classtype:trojan-activity;sid:83913758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050657)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.9.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050657/; classtype:trojan-activity;sid:83913757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050656)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.205.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050656/; classtype:trojan-activity;sid:83913756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.146.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050655/; classtype:trojan-activity;sid:83913755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.36.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050654/; classtype:trojan-activity;sid:83913754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.189.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050653/; classtype:trojan-activity;sid:83913753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.227.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050652/; classtype:trojan-activity;sid:83913752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.211.46.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050651/; classtype:trojan-activity;sid:83913751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.190.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050650/; classtype:trojan-activity;sid:83913750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.236.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050649/; classtype:trojan-activity;sid:83913749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.92.199.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050647/; classtype:trojan-activity;sid:83913747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.89.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050648/; classtype:trojan-activity;sid:83913748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.163.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050646/; classtype:trojan-activity;sid:83913746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050645)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.234.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050645/; classtype:trojan-activity;sid:83913745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.76.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050643/; classtype:trojan-activity;sid:83913743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.116.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050644/; classtype:trojan-activity;sid:83913744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.253.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050642/; classtype:trojan-activity;sid:83913742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.139.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050641/; classtype:trojan-activity;sid:83913741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050637)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.244.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050637/; classtype:trojan-activity;sid:83913737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050638)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.250.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050638/; classtype:trojan-activity;sid:83913738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.117.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050639/; classtype:trojan-activity;sid:83913739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.205.231.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050640/; classtype:trojan-activity;sid:83913740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050636)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.117.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050636/; classtype:trojan-activity;sid:83913736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050635)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.186.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050635/; classtype:trojan-activity;sid:83913735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050633)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.177.102.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050633/; classtype:trojan-activity;sid:83913733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050634)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.215.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050634/; classtype:trojan-activity;sid:83913734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050632)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.144.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050632/; classtype:trojan-activity;sid:83913732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.189.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050631/; classtype:trojan-activity;sid:83913731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.169.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050630/; classtype:trojan-activity;sid:83913730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.218.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050629/; classtype:trojan-activity;sid:83913729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.161.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050628/; classtype:trojan-activity;sid:83913728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050627/; classtype:trojan-activity;sid:83913727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.86.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050625/; classtype:trojan-activity;sid:83913725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.218.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050626/; classtype:trojan-activity;sid:83913726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.117.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050624/; classtype:trojan-activity;sid:83913724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.37.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050623/; classtype:trojan-activity;sid:83913723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050622)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.103.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050622/; classtype:trojan-activity;sid:83913722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.225.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050621/; classtype:trojan-activity;sid:83913721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.249.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050618/; classtype:trojan-activity;sid:83913718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.211.46.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050619/; classtype:trojan-activity;sid:83913719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.227.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050620/; classtype:trojan-activity;sid:83913720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.58.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050616/; classtype:trojan-activity;sid:83913716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.1.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050617/; classtype:trojan-activity;sid:83913717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.27.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050615/; classtype:trojan-activity;sid:83913715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.124.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050614/; classtype:trojan-activity;sid:83913714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050612)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.197.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050612/; classtype:trojan-activity;sid:83913712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.141.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050613/; classtype:trojan-activity;sid:83913713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050611)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.229.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050611/; classtype:trojan-activity;sid:83913711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.250.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050610/; classtype:trojan-activity;sid:83913710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.189.173.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050606/; classtype:trojan-activity;sid:83913706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.97.92.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050607/; classtype:trojan-activity;sid:83913707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.89.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050608/; classtype:trojan-activity;sid:83913708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.161.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050609/; classtype:trojan-activity;sid:83913709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050604)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.89.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050604/; classtype:trojan-activity;sid:83913704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.212.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050605/; classtype:trojan-activity;sid:83913705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.107.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050603/; classtype:trojan-activity;sid:83913703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.195.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050602/; classtype:trojan-activity;sid:83913702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.100.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050601/; classtype:trojan-activity;sid:83913701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.89.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050600/; classtype:trojan-activity;sid:83913700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.205.231.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050599/; classtype:trojan-activity;sid:83913699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.117.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050598/; classtype:trojan-activity;sid:83913698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050597)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.92.199.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050597/; classtype:trojan-activity;sid:83913697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.219.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050595/; classtype:trojan-activity;sid:83913695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.46.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050596/; classtype:trojan-activity;sid:83913696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050594)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.194.107.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050594/; classtype:trojan-activity;sid:83913694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050593)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.170.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050593/; classtype:trojan-activity;sid:83913693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050592)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.227.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050592/; classtype:trojan-activity;sid:83913692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.143.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050591/; classtype:trojan-activity;sid:83913691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.37.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050590/; classtype:trojan-activity;sid:83913690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.114.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050589/; classtype:trojan-activity;sid:83913689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.154.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050588/; classtype:trojan-activity;sid:83913688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.74.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050586/; classtype:trojan-activity;sid:83913686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.237.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050587/; classtype:trojan-activity;sid:83913687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.208.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050585/; classtype:trojan-activity;sid:83913685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.239.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050584/; classtype:trojan-activity;sid:83913684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.47.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050583/; classtype:trojan-activity;sid:83913683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.238.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050582/; classtype:trojan-activity;sid:83913682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.163.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050581/; classtype:trojan-activity;sid:83913681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.41.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050580/; classtype:trojan-activity;sid:83913680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.225.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050579/; classtype:trojan-activity;sid:83913679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.169.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050578/; classtype:trojan-activity;sid:83913678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.170.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050577/; classtype:trojan-activity;sid:83913677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.173.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050576/; classtype:trojan-activity;sid:83913676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050575)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.80.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050575/; classtype:trojan-activity;sid:83913675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050574)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.113.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050574/; classtype:trojan-activity;sid:83913674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050573)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.146.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050573/; classtype:trojan-activity;sid:83913673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.161.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050572/; classtype:trojan-activity;sid:83913672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.107.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050571/; classtype:trojan-activity;sid:83913671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.250.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050570/; classtype:trojan-activity;sid:83913670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.25.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050569/; classtype:trojan-activity;sid:83913669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.97.92.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050568/; classtype:trojan-activity;sid:83913668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.186.210.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050567/; classtype:trojan-activity;sid:83913667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.180.227.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050566/; classtype:trojan-activity;sid:83913666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.92.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050565/; classtype:trojan-activity;sid:83913665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.39.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050564/; classtype:trojan-activity;sid:83913664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.27.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050562/; classtype:trojan-activity;sid:83913662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.235.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050563/; classtype:trojan-activity;sid:83913663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.16.9"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050561/; classtype:trojan-activity;sid:83913661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050560)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.166.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050560/; classtype:trojan-activity;sid:83913660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050556)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.6.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050556/; classtype:trojan-activity;sid:83913656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050557)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.178.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050557/; classtype:trojan-activity;sid:83913657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.74.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050558/; classtype:trojan-activity;sid:83913658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.13.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050559/; classtype:trojan-activity;sid:83913659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.166.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050555/; classtype:trojan-activity;sid:83913655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.219.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050552/; classtype:trojan-activity;sid:83913652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050553)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.238.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050553/; classtype:trojan-activity;sid:83913653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050554)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.160.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050554/; classtype:trojan-activity;sid:83913654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050550/; classtype:trojan-activity;sid:83913650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050551)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.80.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050551/; classtype:trojan-activity;sid:83913651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.237.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050547/; classtype:trojan-activity;sid:83913647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.110.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050548/; classtype:trojan-activity;sid:83913648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.46.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050549/; classtype:trojan-activity;sid:83913649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.243.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050546/; classtype:trojan-activity;sid:83913646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.41.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050545/; classtype:trojan-activity;sid:83913645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.225.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050544/; classtype:trojan-activity;sid:83913644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050543)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.213.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050543/; classtype:trojan-activity;sid:83913643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.52.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050541/; classtype:trojan-activity;sid:83913641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.117.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050542/; classtype:trojan-activity;sid:83913642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.165.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050540/; classtype:trojan-activity;sid:83913640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.198.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050539/; classtype:trojan-activity;sid:83913639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.235.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050538/; classtype:trojan-activity;sid:83913638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050537)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.189.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050537/; classtype:trojan-activity;sid:83913637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.180.227.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050536/; classtype:trojan-activity;sid:83913636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.170.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050535/; classtype:trojan-activity;sid:83913635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.1.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050534/; classtype:trojan-activity;sid:83913634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.161.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050533/; classtype:trojan-activity;sid:83913633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.28.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050532/; classtype:trojan-activity;sid:83913632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050531/; classtype:trojan-activity;sid:83913631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.107.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050530/; classtype:trojan-activity;sid:83913630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.100.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050528/; classtype:trojan-activity;sid:83913628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.18.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050529/; classtype:trojan-activity;sid:83913629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.210.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050526/; classtype:trojan-activity;sid:83913626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.92.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050527/; classtype:trojan-activity;sid:83913627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.57.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050525/; classtype:trojan-activity;sid:83913625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.52.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050524/; classtype:trojan-activity;sid:83913624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.189.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050523/; classtype:trojan-activity;sid:83913623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.128.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050522/; classtype:trojan-activity;sid:83913622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.25.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050521/; classtype:trojan-activity;sid:83913621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.158.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050520/; classtype:trojan-activity;sid:83913620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.114.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050519/; classtype:trojan-activity;sid:83913619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.39.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050518/; classtype:trojan-activity;sid:83913618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.166.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050517/; classtype:trojan-activity;sid:83913617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.33.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050516/; classtype:trojan-activity;sid:83913616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.110.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050514/; classtype:trojan-activity;sid:83913614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.114.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050515/; classtype:trojan-activity;sid:83913615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050513/; classtype:trojan-activity;sid:83913613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050512)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.12.148"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050512/; classtype:trojan-activity;sid:83913612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.91.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050511/; classtype:trojan-activity;sid:83913611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050510)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.2.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050510/; classtype:trojan-activity;sid:83913610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.90.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050509/; classtype:trojan-activity;sid:83913609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.254.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050508/; classtype:trojan-activity;sid:83913608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.206.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050507/; classtype:trojan-activity;sid:83913607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.204.194.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050506/; classtype:trojan-activity;sid:83913606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.136.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050505/; classtype:trojan-activity;sid:83913605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.52.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050504/; classtype:trojan-activity;sid:83913604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.28.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050503/; classtype:trojan-activity;sid:83913603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.234.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050502/; classtype:trojan-activity;sid:83913602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.198.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050501/; classtype:trojan-activity;sid:83913601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.236.221.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050500/; classtype:trojan-activity;sid:83913600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.84.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050499/; classtype:trojan-activity;sid:83913599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.91.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050497/; classtype:trojan-activity;sid:83913597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.172.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050498/; classtype:trojan-activity;sid:83913598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.189.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050496/; classtype:trojan-activity;sid:83913596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.38.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050495/; classtype:trojan-activity;sid:83913595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050494)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.246.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050494/; classtype:trojan-activity;sid:83913594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050493)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.98.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050493/; classtype:trojan-activity;sid:83913593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.235.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050492/; classtype:trojan-activity;sid:83913592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050490)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050490/; classtype:trojan-activity;sid:83913590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.46.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050491/; classtype:trojan-activity;sid:83913591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050489)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.118.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050489/; classtype:trojan-activity;sid:83913589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.131.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050488/; classtype:trojan-activity;sid:83913588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.52.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050487/; classtype:trojan-activity;sid:83913587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.127.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050486/; classtype:trojan-activity;sid:83913586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.78.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050485/; classtype:trojan-activity;sid:83913585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.128.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050484/; classtype:trojan-activity;sid:83913584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.36.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050483/; classtype:trojan-activity;sid:83913583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.135.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050482/; classtype:trojan-activity;sid:83913582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.36.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050481/; classtype:trojan-activity;sid:83913581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.194.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050480/; classtype:trojan-activity;sid:83913580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.32.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050479/; classtype:trojan-activity;sid:83913579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.234.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050478/; classtype:trojan-activity;sid:83913578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050477)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.65.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050477/; classtype:trojan-activity;sid:83913577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.158.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050476/; classtype:trojan-activity;sid:83913576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050475)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.153.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050475/; classtype:trojan-activity;sid:83913575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050472)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.16.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050472/; classtype:trojan-activity;sid:83913572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050473)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.214.90.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050473/; classtype:trojan-activity;sid:83913573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050474)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.129.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050474/; classtype:trojan-activity;sid:83913574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050471)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.192.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050471/; classtype:trojan-activity;sid:83913571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.84.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050470/; classtype:trojan-activity;sid:83913570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.124.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050468/; classtype:trojan-activity;sid:83913568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050469)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.233.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050469/; classtype:trojan-activity;sid:83913569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.36.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050467/; classtype:trojan-activity;sid:83913567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.213.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050466/; classtype:trojan-activity;sid:83913566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.236.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050465/; classtype:trojan-activity;sid:83913565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.28.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050463/; classtype:trojan-activity;sid:83913563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.9.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050464/; classtype:trojan-activity;sid:83913564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.250.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050461/; classtype:trojan-activity;sid:83913561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.67.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050462/; classtype:trojan-activity;sid:83913562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.131.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050460/; classtype:trojan-activity;sid:83913560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.21.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050459/; classtype:trojan-activity;sid:83913559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.127.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050458/; classtype:trojan-activity;sid:83913558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.38.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050457/; classtype:trojan-activity;sid:83913557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.78.45"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050456/; classtype:trojan-activity;sid:83913556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.36.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050455/; classtype:trojan-activity;sid:83913555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.78.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050454/; classtype:trojan-activity;sid:83913554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.145.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050453/; classtype:trojan-activity;sid:83913553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.57.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050452/; classtype:trojan-activity;sid:83913552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.40.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050451/; classtype:trojan-activity;sid:83913551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.46.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050450/; classtype:trojan-activity;sid:83913550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.137.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050449/; classtype:trojan-activity;sid:83913549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.162.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050447/; classtype:trojan-activity;sid:83913547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050448)"; flow:established,from_client; content:"GET"; http_method; content:"/prog/66979ab41b05f_crypta.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"79.137.192.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050448/; classtype:trojan-activity;sid:83913548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.253.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050446/; classtype:trojan-activity;sid:83913546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.143.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050445/; classtype:trojan-activity;sid:83913545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050444)"; flow:established,from_client; content:"GET"; http_method; content:"/prog/6697dafdd90a3_crypted.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"79.137.192.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050444/; classtype:trojan-activity;sid:83913544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050443)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.95.61"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050443/; classtype:trojan-activity;sid:83913543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050442)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.184.148.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050442/; classtype:trojan-activity;sid:83913542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.235.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050441/; classtype:trojan-activity;sid:83913541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.111.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050440/; classtype:trojan-activity;sid:83913540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.102.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050439/; classtype:trojan-activity;sid:83913539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.12.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050437/; classtype:trojan-activity;sid:83913537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.12.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050438/; classtype:trojan-activity;sid:83913538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.5.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050436/; classtype:trojan-activity;sid:83913536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.225.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050435/; classtype:trojan-activity;sid:83913535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.180.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050434/; classtype:trojan-activity;sid:83913534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.18.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050433/; classtype:trojan-activity;sid:83913533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.116.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050432/; classtype:trojan-activity;sid:83913532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.250.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050431/; classtype:trojan-activity;sid:83913531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.95.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050430/; classtype:trojan-activity;sid:83913530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.113.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050429/; classtype:trojan-activity;sid:83913529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.159.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050428/; classtype:trojan-activity;sid:83913528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.159.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050427/; classtype:trojan-activity;sid:83913527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.206.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050426/; classtype:trojan-activity;sid:83913526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.17.133.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050425/; classtype:trojan-activity;sid:83913525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050424)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.219.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050424/; classtype:trojan-activity;sid:83913524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.168.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050422/; classtype:trojan-activity;sid:83913522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.145.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050423/; classtype:trojan-activity;sid:83913523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050421)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.213.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050421/; classtype:trojan-activity;sid:83913521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050420)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.216.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050420/; classtype:trojan-activity;sid:83913520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050419)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.170.201.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050419/; classtype:trojan-activity;sid:83913519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050415)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.145.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050415/; classtype:trojan-activity;sid:83913515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050416)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.174.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050416/; classtype:trojan-activity;sid:83913516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050417)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050417/; classtype:trojan-activity;sid:83913517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050418)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.159.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050418/; classtype:trojan-activity;sid:83913518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050414)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.40.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050414/; classtype:trojan-activity;sid:83913514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050413)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.2.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050413/; classtype:trojan-activity;sid:83913513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050411)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.219.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050411/; classtype:trojan-activity;sid:83913511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050412)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.199.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050412/; classtype:trojan-activity;sid:83913512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.66.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050410/; classtype:trojan-activity;sid:83913510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050407)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.57.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050407/; classtype:trojan-activity;sid:83913507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050408)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.209.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050408/; classtype:trojan-activity;sid:83913508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050409)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.202.88.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050409/; classtype:trojan-activity;sid:83913509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.215.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050405/; classtype:trojan-activity;sid:83913505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050406)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.169.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050406/; classtype:trojan-activity;sid:83913506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050404)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.155.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050404/; classtype:trojan-activity;sid:83913504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050403)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.236.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050403/; classtype:trojan-activity;sid:83913503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.101.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050402/; classtype:trojan-activity;sid:83913502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.86.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050401/; classtype:trojan-activity;sid:83913501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.15.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050400/; classtype:trojan-activity;sid:83913500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.2.107.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050399/; classtype:trojan-activity;sid:83913499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.235.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050398/; classtype:trojan-activity;sid:83913498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.49.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050397/; classtype:trojan-activity;sid:83913497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050396/; classtype:trojan-activity;sid:83913496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.162.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050395/; classtype:trojan-activity;sid:83913495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.18.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050394/; classtype:trojan-activity;sid:83913494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.12.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050393/; classtype:trojan-activity;sid:83913493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.38.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050390/; classtype:trojan-activity;sid:83913490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.12.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050391/; classtype:trojan-activity;sid:83913491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.109.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050392/; classtype:trojan-activity;sid:83913492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.86.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050389/; classtype:trojan-activity;sid:83913489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.17.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050388/; classtype:trojan-activity;sid:83913488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050381)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.13.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050381/; classtype:trojan-activity;sid:83913481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050382)"; flow:established,from_client; content:"GET"; http_method; content:"/zfnfafuyurnuncuretoygfokcqz149.bin"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"209.90.237.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050382/; classtype:trojan-activity;sid:83913482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050383)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.31.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050383/; classtype:trojan-activity;sid:83913483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050384)"; flow:established,from_client; content:"GET"; http_method; content:"/tulncenbquouegiq56.bin"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.90.237.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050384/; classtype:trojan-activity;sid:83913484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050385)"; flow:established,from_client; content:"GET"; http_method; content:"/fytid12.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"209.90.237.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050385/; classtype:trojan-activity;sid:83913485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050386)"; flow:established,from_client; content:"GET"; http_method; content:"/otdxakgonatre73.bin"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"209.90.237.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050386/; classtype:trojan-activity;sid:83913486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050387)"; flow:established,from_client; content:"GET"; http_method; content:"/fdayhiz21.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"209.90.237.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050387/; classtype:trojan-activity;sid:83913487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050380)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"60.246.83.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050380/; classtype:trojan-activity;sid:83913480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050379)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.102.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050379/; classtype:trojan-activity;sid:83913479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.10.3.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050377/; classtype:trojan-activity;sid:83913477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.163.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050378/; classtype:trojan-activity;sid:83913478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.116.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050376/; classtype:trojan-activity;sid:83913476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.225.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050375/; classtype:trojan-activity;sid:83913475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.82.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050374/; classtype:trojan-activity;sid:83913474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.17.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050373/; classtype:trojan-activity;sid:83913473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.100.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050372/; classtype:trojan-activity;sid:83913472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.53.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050370/; classtype:trojan-activity;sid:83913470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.62.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050371/; classtype:trojan-activity;sid:83913471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.30.243.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050369/; classtype:trojan-activity;sid:83913469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.242.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050368/; classtype:trojan-activity;sid:83913468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.8.12"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050367/; classtype:trojan-activity;sid:83913467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050362)"; flow:established,from_client; content:"GET"; http_method; content:"/rer/ywyrlb.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.90.58.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050362/; classtype:trojan-activity;sid:83913462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050363)"; flow:established,from_client; content:"GET"; http_method; content:"/rer/fwfkg.pdf"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.90.58.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050363/; classtype:trojan-activity;sid:83913463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050364)"; flow:established,from_client; content:"GET"; http_method; content:"/rer/hqsidsmbk.mp4"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.90.58.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050364/; classtype:trojan-activity;sid:83913464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050365)"; flow:established,from_client; content:"GET"; http_method; content:"/rer/omrmayfg.vdf"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.90.58.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050365/; classtype:trojan-activity;sid:83913465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050366)"; flow:established,from_client; content:"GET"; http_method; content:"/rer/vtvtyuhasfx.pdf"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.90.58.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050366/; classtype:trojan-activity;sid:83913466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.101.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050359/; classtype:trojan-activity;sid:83913459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050360)"; flow:established,from_client; content:"GET"; http_method; content:"/rer/ddsnfl.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.90.58.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050360/; classtype:trojan-activity;sid:83913460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050361)"; flow:established,from_client; content:"GET"; http_method; content:"/rer/sufdwfbqs.dat"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.90.58.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050361/; classtype:trojan-activity;sid:83913461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050346)"; flow:established,from_client; content:"GET"; http_method; content:"/ziw/ipaau.mp4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.90.58.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050346/; classtype:trojan-activity;sid:83913446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050347)"; flow:established,from_client; content:"GET"; http_method; content:"/ziw/juvrnxgwl.pdf"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.90.58.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050347/; classtype:trojan-activity;sid:83913447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050348)"; flow:established,from_client; content:"GET"; http_method; content:"/zw/ynsictahasm.pdf"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.90.58.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050348/; classtype:trojan-activity;sid:83913448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050349)"; flow:established,from_client; content:"GET"; http_method; content:"/ziw/glmooo.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.90.58.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050349/; classtype:trojan-activity;sid:83913449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050350)"; flow:established,from_client; content:"GET"; http_method; content:"/ziw/axcehptl.wav"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.90.58.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050350/; classtype:trojan-activity;sid:83913450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050351)"; flow:established,from_client; content:"GET"; http_method; content:"/zw/qbonl.vdf"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.90.58.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050351/; classtype:trojan-activity;sid:83913451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050352)"; flow:established,from_client; content:"GET"; http_method; content:"/ziw/ofijwugjw.wav"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.90.58.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050352/; classtype:trojan-activity;sid:83913452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050353)"; flow:established,from_client; content:"GET"; http_method; content:"/zw/onxahtmorjv.wav"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.90.58.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050353/; classtype:trojan-activity;sid:83913453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050354)"; flow:established,from_client; content:"GET"; http_method; content:"/zw/trnwenq.vdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.90.58.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050354/; classtype:trojan-activity;sid:83913454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050355)"; flow:established,from_client; content:"GET"; http_method; content:"/zw/rjsrmhqij.pdf"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.90.58.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050355/; classtype:trojan-activity;sid:83913455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050356)"; flow:established,from_client; content:"GET"; http_method; content:"/ziw/dngtex.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.90.58.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050356/; classtype:trojan-activity;sid:83913456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050357)"; flow:established,from_client; content:"GET"; http_method; content:"/ziw/dxrguhpnrwc.wav"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.90.58.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050357/; classtype:trojan-activity;sid:83913457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050358)"; flow:established,from_client; content:"GET"; http_method; content:"/ziw/rudzwiydcy.vdf"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.90.58.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050358/; classtype:trojan-activity;sid:83913458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.163.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050345/; classtype:trojan-activity;sid:83913445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.37.248.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050344/; classtype:trojan-activity;sid:83913444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050343)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.36.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050343/; classtype:trojan-activity;sid:83913443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.221.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050342/; classtype:trojan-activity;sid:83913442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.253.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050341/; classtype:trojan-activity;sid:83913441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.168.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050339/; classtype:trojan-activity;sid:83913439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.107.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050340/; classtype:trojan-activity;sid:83913440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.36.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050337/; classtype:trojan-activity;sid:83913437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.47.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050338/; classtype:trojan-activity;sid:83913438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.68.162.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050336/; classtype:trojan-activity;sid:83913436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050335)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1ydvywxcdyt0xtr6bhehejast9uqv9vjn|7c|26|7c|export=download|7c|26|7c|authuser=0"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050335/; classtype:trojan-activity;sid:83913435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.214.81.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050334/; classtype:trojan-activity;sid:83913434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050333)"; flow:established,from_client; content:"GET"; http_method; content:"/sc2.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"scar77747.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050333/; classtype:trojan-activity;sid:83913433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.230.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050329/; classtype:trojan-activity;sid:83913429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.80.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050330/; classtype:trojan-activity;sid:83913430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.18.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050331/; classtype:trojan-activity;sid:83913431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050332)"; flow:established,from_client; content:"GET"; http_method; content:"/prog/66979a57f071c_otraba.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"79.137.192.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050332/; classtype:trojan-activity;sid:83913432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.215.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050328/; classtype:trojan-activity;sid:83913428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050327)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.213.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050327/; classtype:trojan-activity;sid:83913427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050326)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.163.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050326/; classtype:trojan-activity;sid:83913426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.120.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050325/; classtype:trojan-activity;sid:83913425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.67.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050324/; classtype:trojan-activity;sid:83913424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050323)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.38.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050323/; classtype:trojan-activity;sid:83913423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.52.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050322/; classtype:trojan-activity;sid:83913422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.109.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050321/; classtype:trojan-activity;sid:83913421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.214.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050320/; classtype:trojan-activity;sid:83913420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.63.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050319/; classtype:trojan-activity;sid:83913419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.0.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050318/; classtype:trojan-activity;sid:83913418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.49.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050317/; classtype:trojan-activity;sid:83913417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.50.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050316/; classtype:trojan-activity;sid:83913416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.3.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050314/; classtype:trojan-activity;sid:83913414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.235.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050315/; classtype:trojan-activity;sid:83913415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.163.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050313/; classtype:trojan-activity;sid:83913413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050312)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.157.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050312/; classtype:trojan-activity;sid:83913412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050311)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.142.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050311/; classtype:trojan-activity;sid:83913411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050310)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.36.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050310/; classtype:trojan-activity;sid:83913410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050309)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.92.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050309/; classtype:trojan-activity;sid:83913409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.40.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050308/; classtype:trojan-activity;sid:83913408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050307)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.188.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050307/; classtype:trojan-activity;sid:83913407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.2.30.250"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050306/; classtype:trojan-activity;sid:83913406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.92.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050305/; classtype:trojan-activity;sid:83913405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.36.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050304/; classtype:trojan-activity;sid:83913404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.81.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050303/; classtype:trojan-activity;sid:83913403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.242.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050302/; classtype:trojan-activity;sid:83913402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.180.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050301/; classtype:trojan-activity;sid:83913401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.246.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050300/; classtype:trojan-activity;sid:83913400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.37.248.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050299/; classtype:trojan-activity;sid:83913399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.246.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050298/; classtype:trojan-activity;sid:83913398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.230.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050297/; classtype:trojan-activity;sid:83913397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.60.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050296/; classtype:trojan-activity;sid:83913396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.80.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050295/; classtype:trojan-activity;sid:83913395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.214.8.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050294/; classtype:trojan-activity;sid:83913394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050293)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.187.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050293/; classtype:trojan-activity;sid:83913393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.81.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050292/; classtype:trojan-activity;sid:83913392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.234.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050291/; classtype:trojan-activity;sid:83913391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.10.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050290/; classtype:trojan-activity;sid:83913390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050289)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.199.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050289/; classtype:trojan-activity;sid:83913389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050288)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.155.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050288/; classtype:trojan-activity;sid:83913388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050287)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.88.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050287/; classtype:trojan-activity;sid:83913387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050286)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.107.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050286/; classtype:trojan-activity;sid:83913386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050285)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.126.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050285/; classtype:trojan-activity;sid:83913385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.67.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050284/; classtype:trojan-activity;sid:83913384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050283/; classtype:trojan-activity;sid:83913383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.43.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050282/; classtype:trojan-activity;sid:83913382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.20.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050281/; classtype:trojan-activity;sid:83913381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.98.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050280/; classtype:trojan-activity;sid:83913380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.134.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050279/; classtype:trojan-activity;sid:83913379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.45.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050278/; classtype:trojan-activity;sid:83913378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.91.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050277/; classtype:trojan-activity;sid:83913377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.148.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050276/; classtype:trojan-activity;sid:83913376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.129.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050275/; classtype:trojan-activity;sid:83913375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.153.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050274/; classtype:trojan-activity;sid:83913374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050273/; classtype:trojan-activity;sid:83913373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050272)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.233.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050272/; classtype:trojan-activity;sid:83913372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.92.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050271/; classtype:trojan-activity;sid:83913371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050270)"; flow:established,from_client; content:"GET"; http_method; content:"/80180/cno/cno.cno.cno.cnocnocno.doc"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"103.161.133.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050270/; classtype:trojan-activity;sid:83913370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.38.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050269/; classtype:trojan-activity;sid:83913369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.219.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050268/; classtype:trojan-activity;sid:83913368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.31.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050267/; classtype:trojan-activity;sid:83913367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.233.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050266/; classtype:trojan-activity;sid:83913366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.176.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050265/; classtype:trojan-activity;sid:83913365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.8.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050264/; classtype:trojan-activity;sid:83913364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.208.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050262/; classtype:trojan-activity;sid:83913362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.246.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050263/; classtype:trojan-activity;sid:83913363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.6.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050261/; classtype:trojan-activity;sid:83913361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.255.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050260/; classtype:trojan-activity;sid:83913360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.174.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050259/; classtype:trojan-activity;sid:83913359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.38.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050257/; classtype:trojan-activity;sid:83913357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.248.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050258/; classtype:trojan-activity;sid:83913358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.59.107.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050256/; classtype:trojan-activity;sid:83913356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050255)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.192.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050255/; classtype:trojan-activity;sid:83913355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050254)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.37.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050254/; classtype:trojan-activity;sid:83913354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050252)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.59.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050252/; classtype:trojan-activity;sid:83913352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050253)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.242.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050253/; classtype:trojan-activity;sid:83913353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.48.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050250/; classtype:trojan-activity;sid:83913350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.234.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050251/; classtype:trojan-activity;sid:83913351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.43.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050248/; classtype:trojan-activity;sid:83913348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.176.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050249/; classtype:trojan-activity;sid:83913349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.233.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050247/; classtype:trojan-activity;sid:83913347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.4.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050246/; classtype:trojan-activity;sid:83913346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.207.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050245/; classtype:trojan-activity;sid:83913345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.50.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050243/; classtype:trojan-activity;sid:83913343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.66.48.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050244/; classtype:trojan-activity;sid:83913344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.188.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050240/; classtype:trojan-activity;sid:83913340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.141.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050241/; classtype:trojan-activity;sid:83913341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.227.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050242/; classtype:trojan-activity;sid:83913342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.45.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050239/; classtype:trojan-activity;sid:83913339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.31.72"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050237/; classtype:trojan-activity;sid:83913337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.54.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050238/; classtype:trojan-activity;sid:83913338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050236)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.128.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050236/; classtype:trojan-activity;sid:83913336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050233)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.215.9.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050233/; classtype:trojan-activity;sid:83913333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050234)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.164.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050234/; classtype:trojan-activity;sid:83913334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.174.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050235/; classtype:trojan-activity;sid:83913335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050232)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.90.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050232/; classtype:trojan-activity;sid:83913332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050231)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.158.159.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050231/; classtype:trojan-activity;sid:83913331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050230)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.232.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050230/; classtype:trojan-activity;sid:83913330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.38.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050229/; classtype:trojan-activity;sid:83913329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.162.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050228/; classtype:trojan-activity;sid:83913328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.12.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050227/; classtype:trojan-activity;sid:83913327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.31.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050226/; classtype:trojan-activity;sid:83913326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.68.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050225/; classtype:trojan-activity;sid:83913325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.247.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050224/; classtype:trojan-activity;sid:83913324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.6.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050223/; classtype:trojan-activity;sid:83913323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.47.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050222/; classtype:trojan-activity;sid:83913322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.104.104.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050221/; classtype:trojan-activity;sid:83913321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.255.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050220/; classtype:trojan-activity;sid:83913320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.208.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050219/; classtype:trojan-activity;sid:83913319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.17.133.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050218/; classtype:trojan-activity;sid:83913318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.174.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050217/; classtype:trojan-activity;sid:83913317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.59.107.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050216/; classtype:trojan-activity;sid:83913316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.38.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050215/; classtype:trojan-activity;sid:83913315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050211)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.175.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050211/; classtype:trojan-activity;sid:83913311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.189.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050212/; classtype:trojan-activity;sid:83913312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050213)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.163.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050213/; classtype:trojan-activity;sid:83913313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050214)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.220.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050214/; classtype:trojan-activity;sid:83913314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050210)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.62.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050210/; classtype:trojan-activity;sid:83913310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.4.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050209/; classtype:trojan-activity;sid:83913309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.98.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050208/; classtype:trojan-activity;sid:83913308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.19.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050207/; classtype:trojan-activity;sid:83913307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.2.46.7"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050206/; classtype:trojan-activity;sid:83913306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.160.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050205/; classtype:trojan-activity;sid:83913305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.28.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050204/; classtype:trojan-activity;sid:83913304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.239.77.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050202/; classtype:trojan-activity;sid:83913302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.79.213.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050203/; classtype:trojan-activity;sid:83913303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050201)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.66.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050201/; classtype:trojan-activity;sid:83913301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.249.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050200/; classtype:trojan-activity;sid:83913300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.138.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050199/; classtype:trojan-activity;sid:83913299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.31.72"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050198/; classtype:trojan-activity;sid:83913298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.151.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050197/; classtype:trojan-activity;sid:83913297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.227.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050196/; classtype:trojan-activity;sid:83913296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050194/; classtype:trojan-activity;sid:83913294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.35.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050195/; classtype:trojan-activity;sid:83913295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.141.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050192/; classtype:trojan-activity;sid:83913292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050193)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.3.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050193/; classtype:trojan-activity;sid:83913293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050191)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.253.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050191/; classtype:trojan-activity;sid:83913291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050190)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.6.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050190/; classtype:trojan-activity;sid:83913290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050189)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050189/; classtype:trojan-activity;sid:83913289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050188/; classtype:trojan-activity;sid:83913288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.100.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050187/; classtype:trojan-activity;sid:83913287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.162.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050186/; classtype:trojan-activity;sid:83913286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.20.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050185/; classtype:trojan-activity;sid:83913285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.23.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050183/; classtype:trojan-activity;sid:83913283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.66.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050184/; classtype:trojan-activity;sid:83913284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.104.104.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050182/; classtype:trojan-activity;sid:83913282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.219.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050181/; classtype:trojan-activity;sid:83913281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.47.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050180/; classtype:trojan-activity;sid:83913280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.203.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050178/; classtype:trojan-activity;sid:83913278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050179/; classtype:trojan-activity;sid:83913279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.189.239.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050177/; classtype:trojan-activity;sid:83913277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050176)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.236.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050176/; classtype:trojan-activity;sid:83913276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.35.160.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050174/; classtype:trojan-activity;sid:83913274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.34.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050175/; classtype:trojan-activity;sid:83913275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.129.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050172/; classtype:trojan-activity;sid:83913272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050173)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.141.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050173/; classtype:trojan-activity;sid:83913273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.171.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050171/; classtype:trojan-activity;sid:83913271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.239.77.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050170/; classtype:trojan-activity;sid:83913270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.170.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050169/; classtype:trojan-activity;sid:83913269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.16.114.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050167/; classtype:trojan-activity;sid:83913267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.46.7"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050168/; classtype:trojan-activity;sid:83913268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.79.213.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050166/; classtype:trojan-activity;sid:83913266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.174.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050165/; classtype:trojan-activity;sid:83913265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.244.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050163/; classtype:trojan-activity;sid:83913263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.207.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050164/; classtype:trojan-activity;sid:83913264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.28.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050162/; classtype:trojan-activity;sid:83913262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.197.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050161/; classtype:trojan-activity;sid:83913261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.35.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050160/; classtype:trojan-activity;sid:83913260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.187.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050159/; classtype:trojan-activity;sid:83913259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.249.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050158/; classtype:trojan-activity;sid:83913258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.68.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050157/; classtype:trojan-activity;sid:83913257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050156)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.110.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050156/; classtype:trojan-activity;sid:83913256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.118.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050155/; classtype:trojan-activity;sid:83913255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.244.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050154/; classtype:trojan-activity;sid:83913254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.23.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050153/; classtype:trojan-activity;sid:83913253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050152/; classtype:trojan-activity;sid:83913252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.225.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050151/; classtype:trojan-activity;sid:83913251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.22.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050150/; classtype:trojan-activity;sid:83913250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.35.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050148/; classtype:trojan-activity;sid:83913248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.15.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050149/; classtype:trojan-activity;sid:83913249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.120.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050147/; classtype:trojan-activity;sid:83913247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.236.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050146/; classtype:trojan-activity;sid:83913246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.203.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050145/; classtype:trojan-activity;sid:83913245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050144)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.33.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050144/; classtype:trojan-activity;sid:83913244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.83.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050143/; classtype:trojan-activity;sid:83913243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.63.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050142/; classtype:trojan-activity;sid:83913242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.204.126.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050141/; classtype:trojan-activity;sid:83913241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.162.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050140/; classtype:trojan-activity;sid:83913240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.129.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050139/; classtype:trojan-activity;sid:83913239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.199.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050138/; classtype:trojan-activity;sid:83913238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050137)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.108.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050137/; classtype:trojan-activity;sid:83913237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.202.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050136/; classtype:trojan-activity;sid:83913236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.81.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050135/; classtype:trojan-activity;sid:83913235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050134)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.182.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050134/; classtype:trojan-activity;sid:83913234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050133)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.120.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050133/; classtype:trojan-activity;sid:83913233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050132)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.243.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050132/; classtype:trojan-activity;sid:83913232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.119.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050131/; classtype:trojan-activity;sid:83913231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050130)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.41.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050130/; classtype:trojan-activity;sid:83913230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.171.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050129/; classtype:trojan-activity;sid:83913229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.117.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050128/; classtype:trojan-activity;sid:83913228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.0.121.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050126/; classtype:trojan-activity;sid:83913226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.90.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050127/; classtype:trojan-activity;sid:83913227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.196.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050125/; classtype:trojan-activity;sid:83913225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.113.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050124/; classtype:trojan-activity;sid:83913224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.1.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050123/; classtype:trojan-activity;sid:83913223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.118.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050122/; classtype:trojan-activity;sid:83913222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050121)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.61.169.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050121/; classtype:trojan-activity;sid:83913221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050120)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.236.58.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050120/; classtype:trojan-activity;sid:83913220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.20.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050118/; classtype:trojan-activity;sid:83913218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050119)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.114.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050119/; classtype:trojan-activity;sid:83913219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.197.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050117/; classtype:trojan-activity;sid:83913217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.79.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050116/; classtype:trojan-activity;sid:83913216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.35.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050115/; classtype:trojan-activity;sid:83913215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.89.155"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050114/; classtype:trojan-activity;sid:83913214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.119.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050112/; classtype:trojan-activity;sid:83913212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.199.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050113/; classtype:trojan-activity;sid:83913213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.117.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050111/; classtype:trojan-activity;sid:83913211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.22.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050109/; classtype:trojan-activity;sid:83913209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.174.202.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050110/; classtype:trojan-activity;sid:83913210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.214.205.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050108/; classtype:trojan-activity;sid:83913208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.18.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050107/; classtype:trojan-activity;sid:83913207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050106)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.129.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050106/; classtype:trojan-activity;sid:83913206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.74.18.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050105/; classtype:trojan-activity;sid:83913205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050103)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.117.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050103/; classtype:trojan-activity;sid:83913203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.232.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050104/; classtype:trojan-activity;sid:83913204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.95.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050102/; classtype:trojan-activity;sid:83913202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.162.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050101/; classtype:trojan-activity;sid:83913201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.241.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050099/; classtype:trojan-activity;sid:83913199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.173.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050100/; classtype:trojan-activity;sid:83913200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.250.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050098/; classtype:trojan-activity;sid:83913198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.68.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050097/; classtype:trojan-activity;sid:83913197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050096)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.93.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050096/; classtype:trojan-activity;sid:83913196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050093)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.35.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050093/; classtype:trojan-activity;sid:83913193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050094)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.237.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050094/; classtype:trojan-activity;sid:83913194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050095)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.58.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050095/; classtype:trojan-activity;sid:83913195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050092)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.244.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050092/; classtype:trojan-activity;sid:83913192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.58.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050090/; classtype:trojan-activity;sid:83913190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.90.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050091/; classtype:trojan-activity;sid:83913191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.141.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050088/; classtype:trojan-activity;sid:83913188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.54.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050089/; classtype:trojan-activity;sid:83913189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.117.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050087/; classtype:trojan-activity;sid:83913187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.175.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050086/; classtype:trojan-activity;sid:83913186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.79.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050085/; classtype:trojan-activity;sid:83913185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.1.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050084/; classtype:trojan-activity;sid:83913184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.44.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050083/; classtype:trojan-activity;sid:83913183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.4.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050082/; classtype:trojan-activity;sid:83913182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.229.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050081/; classtype:trojan-activity;sid:83913181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.200.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050079/; classtype:trojan-activity;sid:83913179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050080)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.128.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050080/; classtype:trojan-activity;sid:83913180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.217.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050078/; classtype:trojan-activity;sid:83913178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.66.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050077/; classtype:trojan-activity;sid:83913177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.163.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050076/; classtype:trojan-activity;sid:83913176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050075)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.250.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050075/; classtype:trojan-activity;sid:83913175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050074)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.25.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050074/; classtype:trojan-activity;sid:83913174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050073)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.107.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050073/; classtype:trojan-activity;sid:83913173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050072)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.189.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050072/; classtype:trojan-activity;sid:83913172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.252.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050071/; classtype:trojan-activity;sid:83913171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.89.155"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050070/; classtype:trojan-activity;sid:83913170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.214.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050069/; classtype:trojan-activity;sid:83913169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.119.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050068/; classtype:trojan-activity;sid:83913168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050066)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.18.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050066/; classtype:trojan-activity;sid:83913166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.180.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050067/; classtype:trojan-activity;sid:83913167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.117.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050065/; classtype:trojan-activity;sid:83913165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050064)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.74.18.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050064/; classtype:trojan-activity;sid:83913164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.26.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050063/; classtype:trojan-activity;sid:83913163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.182.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050062/; classtype:trojan-activity;sid:83913162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.173.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050061/; classtype:trojan-activity;sid:83913161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.175.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050060/; classtype:trojan-activity;sid:83913160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.19.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050059/; classtype:trojan-activity;sid:83913159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.0.121.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050058/; classtype:trojan-activity;sid:83913158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.236.220.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050057/; classtype:trojan-activity;sid:83913157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.241.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050056/; classtype:trojan-activity;sid:83913156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.122.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050055/; classtype:trojan-activity;sid:83913155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.57.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050054/; classtype:trojan-activity;sid:83913154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.230.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050053/; classtype:trojan-activity;sid:83913153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050051)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.93.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050051/; classtype:trojan-activity;sid:83913151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050052)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.254.103.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050052/; classtype:trojan-activity;sid:83913152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050050)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.55.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050050/; classtype:trojan-activity;sid:83913150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050049)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.192.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050049/; classtype:trojan-activity;sid:83913149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050048)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.117.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050048/; classtype:trojan-activity;sid:83913148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050047)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.206.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050047/; classtype:trojan-activity;sid:83913147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.175.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050046/; classtype:trojan-activity;sid:83913146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.229.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050044/; classtype:trojan-activity;sid:83913144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.54.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050045/; classtype:trojan-activity;sid:83913145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.110.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050043/; classtype:trojan-activity;sid:83913143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050042)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.235.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050042/; classtype:trojan-activity;sid:83913142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.200.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050041/; classtype:trojan-activity;sid:83913141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.114.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050040/; classtype:trojan-activity;sid:83913140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.4.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050039/; classtype:trojan-activity;sid:83913139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.156.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050038/; classtype:trojan-activity;sid:83913138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.252.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050037/; classtype:trojan-activity;sid:83913137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.89.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050036/; classtype:trojan-activity;sid:83913136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.202.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050035/; classtype:trojan-activity;sid:83913135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.180.159.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050034/; classtype:trojan-activity;sid:83913134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050033)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.4.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050033/; classtype:trojan-activity;sid:83913133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.89.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050032/; classtype:trojan-activity;sid:83913132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.0.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050031/; classtype:trojan-activity;sid:83913131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.51.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050030/; classtype:trojan-activity;sid:83913130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.112.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050029/; classtype:trojan-activity;sid:83913129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.236.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050027/; classtype:trojan-activity;sid:83913127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.175.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050028/; classtype:trojan-activity;sid:83913128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.126.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050026/; classtype:trojan-activity;sid:83913126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.19.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050025/; classtype:trojan-activity;sid:83913125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.222.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050024/; classtype:trojan-activity;sid:83913124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.126.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050023/; classtype:trojan-activity;sid:83913123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.193.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050021/; classtype:trojan-activity;sid:83913121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.230.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050022/; classtype:trojan-activity;sid:83913122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.122.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050020/; classtype:trojan-activity;sid:83913120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.42.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050019/; classtype:trojan-activity;sid:83913119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.220.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050018/; classtype:trojan-activity;sid:83913118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050017)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"111.70.37.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050017/; classtype:trojan-activity;sid:83913117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050016/; classtype:trojan-activity;sid:83913116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050012)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.235.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050012/; classtype:trojan-activity;sid:83913112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050013)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.117.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050013/; classtype:trojan-activity;sid:83913113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050014)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.119.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050014/; classtype:trojan-activity;sid:83913114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050015)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.12.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050015/; classtype:trojan-activity;sid:83913115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050011)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.240.47.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050011/; classtype:trojan-activity;sid:83913111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050010)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.113.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050010/; classtype:trojan-activity;sid:83913110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.141.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050009/; classtype:trojan-activity;sid:83913109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.163.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050007/; classtype:trojan-activity;sid:83913107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.114.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050008/; classtype:trojan-activity;sid:83913108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.101.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050006/; classtype:trojan-activity;sid:83913106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.193.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050005/; classtype:trojan-activity;sid:83913105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.89.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050004/; classtype:trojan-activity;sid:83913104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.56.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050003/; classtype:trojan-activity;sid:83913103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.133.213.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050002/; classtype:trojan-activity;sid:83913102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.0.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050001/; classtype:trojan-activity;sid:83913101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3050000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.161.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3050000/; classtype:trojan-activity;sid:83913100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.180.159.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049998/; classtype:trojan-activity;sid:83913098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.112.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049999/; classtype:trojan-activity;sid:83913099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.248.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049997/; classtype:trojan-activity;sid:83913097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049995)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.108.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049995/; classtype:trojan-activity;sid:83913095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049996)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.171.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049996/; classtype:trojan-activity;sid:83913096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.121.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049994/; classtype:trojan-activity;sid:83913094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049992)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.155.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049992/; classtype:trojan-activity;sid:83913092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049993)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.172.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049993/; classtype:trojan-activity;sid:83913093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.126.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049991/; classtype:trojan-activity;sid:83913091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.126.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049990/; classtype:trojan-activity;sid:83913090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.119.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049989/; classtype:trojan-activity;sid:83913089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.213.228.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049988/; classtype:trojan-activity;sid:83913088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.252.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049987/; classtype:trojan-activity;sid:83913087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049986)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.113.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049986/; classtype:trojan-activity;sid:83913086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049985)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.10.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049985/; classtype:trojan-activity;sid:83913085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.101.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049984/; classtype:trojan-activity;sid:83913084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.230.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049983/; classtype:trojan-activity;sid:83913083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.56.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049982/; classtype:trojan-activity;sid:83913082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049981)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.28.44.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049981/; classtype:trojan-activity;sid:83913081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049980)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.161.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049980/; classtype:trojan-activity;sid:83913080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.121.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049979/; classtype:trojan-activity;sid:83913079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.217.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049978/; classtype:trojan-activity;sid:83913078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.120.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049977/; classtype:trojan-activity;sid:83913077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049976)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.44.107.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049976/; classtype:trojan-activity;sid:83913076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.15.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049975/; classtype:trojan-activity;sid:83913075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.77.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049974/; classtype:trojan-activity;sid:83913074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.182.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049973/; classtype:trojan-activity;sid:83913073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049972)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.57.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049972/; classtype:trojan-activity;sid:83913072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.118.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049971/; classtype:trojan-activity;sid:83913071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.36.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049970/; classtype:trojan-activity;sid:83913070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.119.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049969/; classtype:trojan-activity;sid:83913069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.169.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049967/; classtype:trojan-activity;sid:83913067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.168.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049968/; classtype:trojan-activity;sid:83913068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.152.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049966/; classtype:trojan-activity;sid:83913066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.224.75.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049965/; classtype:trojan-activity;sid:83913065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.94.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049964/; classtype:trojan-activity;sid:83913064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.40.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049962/; classtype:trojan-activity;sid:83913062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049963)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.204.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049963/; classtype:trojan-activity;sid:83913063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.189.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049961/; classtype:trojan-activity;sid:83913061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049960)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.168.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049960/; classtype:trojan-activity;sid:83913060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049959)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.37.1"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049959/; classtype:trojan-activity;sid:83913059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.1.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049958/; classtype:trojan-activity;sid:83913058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.226.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049957/; classtype:trojan-activity;sid:83913057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049956)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.15.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049956/; classtype:trojan-activity;sid:83913056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.147.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049954/; classtype:trojan-activity;sid:83913054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.100.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049955/; classtype:trojan-activity;sid:83913055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.253.104.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049953/; classtype:trojan-activity;sid:83913053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.147.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049952/; classtype:trojan-activity;sid:83913052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.90.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049951/; classtype:trojan-activity;sid:83913051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.130.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049950/; classtype:trojan-activity;sid:83913050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.250.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049949/; classtype:trojan-activity;sid:83913049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049947)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.209.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049947/; classtype:trojan-activity;sid:83913047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.141.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049948/; classtype:trojan-activity;sid:83913048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049944)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.233.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049944/; classtype:trojan-activity;sid:83913044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.11.101.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049945/; classtype:trojan-activity;sid:83913045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.166.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049946/; classtype:trojan-activity;sid:83913046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049943)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.37.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049943/; classtype:trojan-activity;sid:83913043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049942)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.251.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049942/; classtype:trojan-activity;sid:83913042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049941)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.41.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049941/; classtype:trojan-activity;sid:83913041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049939)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.9.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049939/; classtype:trojan-activity;sid:83913039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049940)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.32.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049940/; classtype:trojan-activity;sid:83913040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.169.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049938/; classtype:trojan-activity;sid:83913038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.36.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049937/; classtype:trojan-activity;sid:83913037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.118.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049936/; classtype:trojan-activity;sid:83913036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.116.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049935/; classtype:trojan-activity;sid:83913035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.152.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049934/; classtype:trojan-activity;sid:83913034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.154.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049933/; classtype:trojan-activity;sid:83913033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.214.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049932/; classtype:trojan-activity;sid:83913032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.94.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049931/; classtype:trojan-activity;sid:83913031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.130.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049930/; classtype:trojan-activity;sid:83913030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049929)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.76.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049929/; classtype:trojan-activity;sid:83913029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.166.115.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049928/; classtype:trojan-activity;sid:83913028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049927)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.175.250.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049927/; classtype:trojan-activity;sid:83913027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049926)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.8.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049926/; classtype:trojan-activity;sid:83913026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049925)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.191.145.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049925/; classtype:trojan-activity;sid:83913025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049924)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.144.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049924/; classtype:trojan-activity;sid:83913024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.99.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049923/; classtype:trojan-activity;sid:83913023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049922)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.80.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049922/; classtype:trojan-activity;sid:83913022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049921)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.95.126.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049921/; classtype:trojan-activity;sid:83913021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049920)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.210.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049920/; classtype:trojan-activity;sid:83913020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049919)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.97.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049919/; classtype:trojan-activity;sid:83913019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.19.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049918/; classtype:trojan-activity;sid:83913018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049917)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.161.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049917/; classtype:trojan-activity;sid:83913017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.92.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049916/; classtype:trojan-activity;sid:83913016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.219.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_18; reference:url, urlhaus.abuse.ch/url/3049915/; classtype:trojan-activity;sid:83913015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.61.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049914/; classtype:trojan-activity;sid:83913014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.147.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049912/; classtype:trojan-activity;sid:83913012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.116.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049913/; classtype:trojan-activity;sid:83913013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.235.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049911/; classtype:trojan-activity;sid:83913011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.169.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049909/; classtype:trojan-activity;sid:83913009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.141.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049910/; classtype:trojan-activity;sid:83913010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049908)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.203.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049908/; classtype:trojan-activity;sid:83913008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049905)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.249.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049905/; classtype:trojan-activity;sid:83913005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049906)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.22.177.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049906/; classtype:trojan-activity;sid:83913006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.154.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049907/; classtype:trojan-activity;sid:83913007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.251.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049904/; classtype:trojan-activity;sid:83913004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.10.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049903/; classtype:trojan-activity;sid:83913003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.130.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049901/; classtype:trojan-activity;sid:83913001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.105.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049902/; classtype:trojan-activity;sid:83913002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.184.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049900/; classtype:trojan-activity;sid:83913000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.197.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049899/; classtype:trojan-activity;sid:83912999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.173.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049898/; classtype:trojan-activity;sid:83912998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.214.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049897/; classtype:trojan-activity;sid:83912997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.226.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049896/; classtype:trojan-activity;sid:83912996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.42.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049895/; classtype:trojan-activity;sid:83912995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049894)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.65.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049894/; classtype:trojan-activity;sid:83912994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049891)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.156.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049891/; classtype:trojan-activity;sid:83912991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049892)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.214.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049892/; classtype:trojan-activity;sid:83912992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049893)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.86.246.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049893/; classtype:trojan-activity;sid:83912993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049890)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.14.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049890/; classtype:trojan-activity;sid:83912990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049889)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.206.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049889/; classtype:trojan-activity;sid:83912989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049888)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.240.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049888/; classtype:trojan-activity;sid:83912988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.116.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049887/; classtype:trojan-activity;sid:83912987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.40.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049886/; classtype:trojan-activity;sid:83912986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.219.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049885/; classtype:trojan-activity;sid:83912985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.61.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049884/; classtype:trojan-activity;sid:83912984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.214.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049883/; classtype:trojan-activity;sid:83912983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.121.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049882/; classtype:trojan-activity;sid:83912982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.170.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049879/; classtype:trojan-activity;sid:83912979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.125.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049880/; classtype:trojan-activity;sid:83912980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.203.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049881/; classtype:trojan-activity;sid:83912981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.54.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049878/; classtype:trojan-activity;sid:83912978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.45.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049877/; classtype:trojan-activity;sid:83912977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049876)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.88.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049876/; classtype:trojan-activity;sid:83912976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.8.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049874/; classtype:trojan-activity;sid:83912974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.215.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049875/; classtype:trojan-activity;sid:83912975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049873)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.246.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049873/; classtype:trojan-activity;sid:83912973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.184.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049872/; classtype:trojan-activity;sid:83912972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.10.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049871/; classtype:trojan-activity;sid:83912971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.40.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049870/; classtype:trojan-activity;sid:83912970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.88.55.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049869/; classtype:trojan-activity;sid:83912969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.178.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049868/; classtype:trojan-activity;sid:83912968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.42.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049867/; classtype:trojan-activity;sid:83912967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.160.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049866/; classtype:trojan-activity;sid:83912966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.127.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049865/; classtype:trojan-activity;sid:83912965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049864)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.188.80.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049864/; classtype:trojan-activity;sid:83912964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.167.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049863/; classtype:trojan-activity;sid:83912963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.124.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049862/; classtype:trojan-activity;sid:83912962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.173.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049860/; classtype:trojan-activity;sid:83912960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.215.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049861/; classtype:trojan-activity;sid:83912961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.214.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049859/; classtype:trojan-activity;sid:83912959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.245.152.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049858/; classtype:trojan-activity;sid:83912958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.54.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049856/; classtype:trojan-activity;sid:83912956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.170.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049857/; classtype:trojan-activity;sid:83912957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.45.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049855/; classtype:trojan-activity;sid:83912955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049853)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.125.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049853/; classtype:trojan-activity;sid:83912953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.65.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049854/; classtype:trojan-activity;sid:83912954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.8.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049852/; classtype:trojan-activity;sid:83912952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.126.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049851/; classtype:trojan-activity;sid:83912951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049850)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.6.134.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049850/; classtype:trojan-activity;sid:83912950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049849)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.241.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049849/; classtype:trojan-activity;sid:83912949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.88.55.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049848/; classtype:trojan-activity;sid:83912948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049847)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.31.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049847/; classtype:trojan-activity;sid:83912947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049846)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.211.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049846/; classtype:trojan-activity;sid:83912946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049845)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.35.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049845/; classtype:trojan-activity;sid:83912945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.200.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049844/; classtype:trojan-activity;sid:83912944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.112.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049843/; classtype:trojan-activity;sid:83912943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.56.255.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049841/; classtype:trojan-activity;sid:83912941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.96.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049842/; classtype:trojan-activity;sid:83912942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.224.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049840/; classtype:trojan-activity;sid:83912940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.104.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049839/; classtype:trojan-activity;sid:83912939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.164.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049838/; classtype:trojan-activity;sid:83912938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.238.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049837/; classtype:trojan-activity;sid:83912937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049836)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.100.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049836/; classtype:trojan-activity;sid:83912936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049835)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.36.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049835/; classtype:trojan-activity;sid:83912935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049831)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.57.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049831/; classtype:trojan-activity;sid:83912931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049832)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.43.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049832/; classtype:trojan-activity;sid:83912932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049833)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.163.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049833/; classtype:trojan-activity;sid:83912933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.129.213.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049834/; classtype:trojan-activity;sid:83912934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049830)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.163.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049830/; classtype:trojan-activity;sid:83912930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.8.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049828/; classtype:trojan-activity;sid:83912928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.30.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049829/; classtype:trojan-activity;sid:83912929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.86.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049827/; classtype:trojan-activity;sid:83912927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.179.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049825/; classtype:trojan-activity;sid:83912925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.173.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049826/; classtype:trojan-activity;sid:83912926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.27.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049824/; classtype:trojan-activity;sid:83912924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049823)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.35.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049823/; classtype:trojan-activity;sid:83912923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.245.152.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049822/; classtype:trojan-activity;sid:83912922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.65.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049821/; classtype:trojan-activity;sid:83912921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.160.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049820/; classtype:trojan-activity;sid:83912920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.37.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049819/; classtype:trojan-activity;sid:83912919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049818)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.10.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049818/; classtype:trojan-activity;sid:83912918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049817)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.219.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049817/; classtype:trojan-activity;sid:83912917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049816)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.35.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049816/; classtype:trojan-activity;sid:83912916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049814)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.180.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049814/; classtype:trojan-activity;sid:83912914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049815)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.170.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049815/; classtype:trojan-activity;sid:83912915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049813)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.173.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049813/; classtype:trojan-activity;sid:83912913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.193.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049812/; classtype:trojan-activity;sid:83912912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.124.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049811/; classtype:trojan-activity;sid:83912911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.248.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049810/; classtype:trojan-activity;sid:83912910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.224.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049809/; classtype:trojan-activity;sid:83912909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.140.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049808/; classtype:trojan-activity;sid:83912908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.186.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049807/; classtype:trojan-activity;sid:83912907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.26.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049806/; classtype:trojan-activity;sid:83912906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.119.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049805/; classtype:trojan-activity;sid:83912905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.44.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049804/; classtype:trojan-activity;sid:83912904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.89.209"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049803/; classtype:trojan-activity;sid:83912903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049802)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.116.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049802/; classtype:trojan-activity;sid:83912902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.86.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049801/; classtype:trojan-activity;sid:83912901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.172.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049800/; classtype:trojan-activity;sid:83912900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.76.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049799/; classtype:trojan-activity;sid:83912899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.171.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049798/; classtype:trojan-activity;sid:83912898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.160.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049797/; classtype:trojan-activity;sid:83912897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.179.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049796/; classtype:trojan-activity;sid:83912896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.220.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049795/; classtype:trojan-activity;sid:83912895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.203.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049794/; classtype:trojan-activity;sid:83912894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.71.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049793/; classtype:trojan-activity;sid:83912893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.219.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049792/; classtype:trojan-activity;sid:83912892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049791)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.215.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049791/; classtype:trojan-activity;sid:83912891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049790)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.254.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049790/; classtype:trojan-activity;sid:83912890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.193.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049789/; classtype:trojan-activity;sid:83912889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049788)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.120.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049788/; classtype:trojan-activity;sid:83912888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049787)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.234.219.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049787/; classtype:trojan-activity;sid:83912887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.162.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049785/; classtype:trojan-activity;sid:83912885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049786)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.171.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049786/; classtype:trojan-activity;sid:83912886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.248.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049784/; classtype:trojan-activity;sid:83912884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.104.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049783/; classtype:trojan-activity;sid:83912883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.95.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049780/; classtype:trojan-activity;sid:83912880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.160.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049781/; classtype:trojan-activity;sid:83912881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.129.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049782/; classtype:trojan-activity;sid:83912882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.126.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049779/; classtype:trojan-activity;sid:83912879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.169.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049778/; classtype:trojan-activity;sid:83912878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.228.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049777/; classtype:trojan-activity;sid:83912877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.244.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049776/; classtype:trojan-activity;sid:83912876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049775)"; flow:established,from_client; content:"GET"; http_method; content:"/d.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"206.119.117.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049775/; classtype:trojan-activity;sid:83912875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049774)"; flow:established,from_client; content:"GET"; http_method; content:"/b.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"206.119.117.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049774/; classtype:trojan-activity;sid:83912874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.162.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049773/; classtype:trojan-activity;sid:83912873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.103.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049772/; classtype:trojan-activity;sid:83912872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.129.219.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049769/; classtype:trojan-activity;sid:83912869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049770)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.102.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049770/; classtype:trojan-activity;sid:83912870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049771)"; flow:established,from_client; content:"GET"; http_method; content:"/a.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"206.119.117.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049771/; classtype:trojan-activity;sid:83912871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.172.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049768/; classtype:trojan-activity;sid:83912868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049766)"; flow:established,from_client; content:"GET"; http_method; content:"/c.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"206.119.117.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049766/; classtype:trojan-activity;sid:83912866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049767)"; flow:established,from_client; content:"GET"; http_method; content:"/pepe.ai"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"206.119.117.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049767/; classtype:trojan-activity;sid:83912867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.225.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049765/; classtype:trojan-activity;sid:83912865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.37.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049764/; classtype:trojan-activity;sid:83912864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.177.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049762/; classtype:trojan-activity;sid:83912862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.203.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049763/; classtype:trojan-activity;sid:83912863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.33.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049761/; classtype:trojan-activity;sid:83912861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.43.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049760/; classtype:trojan-activity;sid:83912860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049759)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.179.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049759/; classtype:trojan-activity;sid:83912859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049758/; classtype:trojan-activity;sid:83912858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.172.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049757/; classtype:trojan-activity;sid:83912857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049756)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.148.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049756/; classtype:trojan-activity;sid:83912856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.95.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049755/; classtype:trojan-activity;sid:83912855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.180.47.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049754/; classtype:trojan-activity;sid:83912854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.43.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049753/; classtype:trojan-activity;sid:83912853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.177.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049752/; classtype:trojan-activity;sid:83912852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.129.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049751/; classtype:trojan-activity;sid:83912851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.101.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049750/; classtype:trojan-activity;sid:83912850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.172.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049749/; classtype:trojan-activity;sid:83912849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.126.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049748/; classtype:trojan-activity;sid:83912848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.177.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049747/; classtype:trojan-activity;sid:83912847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.225.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049746/; classtype:trojan-activity;sid:83912846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049745)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.208.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049745/; classtype:trojan-activity;sid:83912845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049744)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.37.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049744/; classtype:trojan-activity;sid:83912844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049743)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.83.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049743/; classtype:trojan-activity;sid:83912843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049742)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049742/; classtype:trojan-activity;sid:83912842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049741)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.51.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049741/; classtype:trojan-activity;sid:83912841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049740)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.112.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049740/; classtype:trojan-activity;sid:83912840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049738)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.174.12.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049738/; classtype:trojan-activity;sid:83912838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.43.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049739/; classtype:trojan-activity;sid:83912839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049736)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.113.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049736/; classtype:trojan-activity;sid:83912836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049737)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.74.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049737/; classtype:trojan-activity;sid:83912837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049735)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.99.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049735/; classtype:trojan-activity;sid:83912835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049734)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.54.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049734/; classtype:trojan-activity;sid:83912834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049733)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.181.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049733/; classtype:trojan-activity;sid:83912833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.203.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049732/; classtype:trojan-activity;sid:83912832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.160.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049731/; classtype:trojan-activity;sid:83912831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.22.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049730/; classtype:trojan-activity;sid:83912830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.179.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049729/; classtype:trojan-activity;sid:83912829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.37.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049728/; classtype:trojan-activity;sid:83912828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.85.153"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049727/; classtype:trojan-activity;sid:83912827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.209.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049725/; classtype:trojan-activity;sid:83912825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.33.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049726/; classtype:trojan-activity;sid:83912826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049724)"; flow:established,from_client; content:"GET"; http_method; content:"/orderreview"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"vaj.parish.chuathuongxot.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049724/; classtype:trojan-activity;sid:83912824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.44.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049723/; classtype:trojan-activity;sid:83912823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.225.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049722/; classtype:trojan-activity;sid:83912822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.126.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049721/; classtype:trojan-activity;sid:83912821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.9.173"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049720/; classtype:trojan-activity;sid:83912820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.111.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049718/; classtype:trojan-activity;sid:83912818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049719)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.244.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049719/; classtype:trojan-activity;sid:83912819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049717)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.102.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049717/; classtype:trojan-activity;sid:83912817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049716)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.30.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049716/; classtype:trojan-activity;sid:83912816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.36.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049715/; classtype:trojan-activity;sid:83912815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049714)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.101.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049714/; classtype:trojan-activity;sid:83912814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.48.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049713/; classtype:trojan-activity;sid:83912813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.81.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049712/; classtype:trojan-activity;sid:83912812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.43.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049711/; classtype:trojan-activity;sid:83912811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.194.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049710/; classtype:trojan-activity;sid:83912810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.230.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049709/; classtype:trojan-activity;sid:83912809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.56.195.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049708/; classtype:trojan-activity;sid:83912808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.56.99"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049705/; classtype:trojan-activity;sid:83912805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.107.92.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049706/; classtype:trojan-activity;sid:83912806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.28.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049707/; classtype:trojan-activity;sid:83912807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.177.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049704/; classtype:trojan-activity;sid:83912804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049703)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.117.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049703/; classtype:trojan-activity;sid:83912803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.85.153"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049702/; classtype:trojan-activity;sid:83912802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.9.173"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049701/; classtype:trojan-activity;sid:83912801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.194.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049700/; classtype:trojan-activity;sid:83912800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049699)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.22.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049699/; classtype:trojan-activity;sid:83912799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.126.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049697/; classtype:trojan-activity;sid:83912797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.225.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049698/; classtype:trojan-activity;sid:83912798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.250.50.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049696/; classtype:trojan-activity;sid:83912796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.107.92.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049695/; classtype:trojan-activity;sid:83912795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.141.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049694/; classtype:trojan-activity;sid:83912794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.82.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049693/; classtype:trojan-activity;sid:83912793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.81.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049692/; classtype:trojan-activity;sid:83912792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.56.195.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049691/; classtype:trojan-activity;sid:83912791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.22.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049689/; classtype:trojan-activity;sid:83912789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049690)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.57.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049690/; classtype:trojan-activity;sid:83912790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.207.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049688/; classtype:trojan-activity;sid:83912788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.185.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049687/; classtype:trojan-activity;sid:83912787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.100.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049686/; classtype:trojan-activity;sid:83912786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.11.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049685/; classtype:trojan-activity;sid:83912785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.230.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049684/; classtype:trojan-activity;sid:83912784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.28.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049683/; classtype:trojan-activity;sid:83912783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.123.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049682/; classtype:trojan-activity;sid:83912782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049680)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.224.111.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049680/; classtype:trojan-activity;sid:83912780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049681)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.80.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049681/; classtype:trojan-activity;sid:83912781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049679)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.190.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049679/; classtype:trojan-activity;sid:83912779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049678)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.223.142.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049678/; classtype:trojan-activity;sid:83912778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.194.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049677/; classtype:trojan-activity;sid:83912777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.22.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049676/; classtype:trojan-activity;sid:83912776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.168.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049675/; classtype:trojan-activity;sid:83912775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.24.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049674/; classtype:trojan-activity;sid:83912774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.150.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049673/; classtype:trojan-activity;sid:83912773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.89.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049672/; classtype:trojan-activity;sid:83912772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.198.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049671/; classtype:trojan-activity;sid:83912771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.109.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049670/; classtype:trojan-activity;sid:83912770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.254.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049669/; classtype:trojan-activity;sid:83912769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049668)"; flow:established,from_client; content:"GET"; http_method; content:"/prog/66979a57f071c_otraba.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"79.137.192.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049668/; classtype:trojan-activity;sid:83912768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049667/; classtype:trojan-activity;sid:83912767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.229.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049666/; classtype:trojan-activity;sid:83912766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.44.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049665/; classtype:trojan-activity;sid:83912765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.65.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049664/; classtype:trojan-activity;sid:83912764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049663)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.208.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049663/; classtype:trojan-activity;sid:83912763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049662)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.163.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049662/; classtype:trojan-activity;sid:83912762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.25.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049659/; classtype:trojan-activity;sid:83912759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049660)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.83.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049660/; classtype:trojan-activity;sid:83912760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.171.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049661/; classtype:trojan-activity;sid:83912761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.100.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049658/; classtype:trojan-activity;sid:83912758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.56.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049656/; classtype:trojan-activity;sid:83912756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.81.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049657/; classtype:trojan-activity;sid:83912757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.207.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049655/; classtype:trojan-activity;sid:83912755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.185.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049654/; classtype:trojan-activity;sid:83912754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.220.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049653/; classtype:trojan-activity;sid:83912753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.24.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049652/; classtype:trojan-activity;sid:83912752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049651)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.254.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049651/; classtype:trojan-activity;sid:83912751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.231.168.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049599/; classtype:trojan-activity;sid:83912699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.140.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049598/; classtype:trojan-activity;sid:83912698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049597)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.149.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049597/; classtype:trojan-activity;sid:83912697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.230.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049596/; classtype:trojan-activity;sid:83912696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.85.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049595/; classtype:trojan-activity;sid:83912695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.150.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049594/; classtype:trojan-activity;sid:83912694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.56.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049593/; classtype:trojan-activity;sid:83912693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.46.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049592/; classtype:trojan-activity;sid:83912692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.84.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049591/; classtype:trojan-activity;sid:83912691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049590)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.186.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049590/; classtype:trojan-activity;sid:83912690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049587)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.237.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049587/; classtype:trojan-activity;sid:83912687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.229.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049588/; classtype:trojan-activity;sid:83912688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049589)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.29.90"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049589/; classtype:trojan-activity;sid:83912689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.25.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049586/; classtype:trojan-activity;sid:83912686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.81.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049585/; classtype:trojan-activity;sid:83912685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.232.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049583/; classtype:trojan-activity;sid:83912683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.213.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049584/; classtype:trojan-activity;sid:83912684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.194.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049582/; classtype:trojan-activity;sid:83912682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.6.56.99"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049581/; classtype:trojan-activity;sid:83912681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.140.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049580/; classtype:trojan-activity;sid:83912680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.168.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049579/; classtype:trojan-activity;sid:83912679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.133.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049578/; classtype:trojan-activity;sid:83912678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.31.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049577/; classtype:trojan-activity;sid:83912677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.231.168.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049576/; classtype:trojan-activity;sid:83912676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.33.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049575/; classtype:trojan-activity;sid:83912675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.159.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049574/; classtype:trojan-activity;sid:83912674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049573)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.237.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049573/; classtype:trojan-activity;sid:83912673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.52.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049572/; classtype:trojan-activity;sid:83912672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049570)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.154.31.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049570/; classtype:trojan-activity;sid:83912670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049571)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.101.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049571/; classtype:trojan-activity;sid:83912671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.150.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049569/; classtype:trojan-activity;sid:83912669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.46.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049568/; classtype:trojan-activity;sid:83912668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.187.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049567/; classtype:trojan-activity;sid:83912667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.156.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049566/; classtype:trojan-activity;sid:83912666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.151.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049565/; classtype:trojan-activity;sid:83912665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.222.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049563/; classtype:trojan-activity;sid:83912663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.231.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049564/; classtype:trojan-activity;sid:83912664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049562)"; flow:established,from_client; content:"GET"; http_method; content:"/ujuax.iso"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vmi1886624.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049562/; classtype:trojan-activity;sid:83912662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049561)"; flow:established,from_client; content:"GET"; http_method; content:"/scar2.hta"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vmi1886624.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049561/; classtype:trojan-activity;sid:83912661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.2.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049560/; classtype:trojan-activity;sid:83912660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.100.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049559/; classtype:trojan-activity;sid:83912659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049558)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.252.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049558/; classtype:trojan-activity;sid:83912658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049555)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.68.162.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049555/; classtype:trojan-activity;sid:83912655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049556)"; flow:established,from_client; content:"GET"; http_method; content:"/sc2.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vmi1886624.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049556/; classtype:trojan-activity;sid:83912656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.84.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049557/; classtype:trojan-activity;sid:83912657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.169.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049554/; classtype:trojan-activity;sid:83912654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049553)"; flow:established,from_client; content:"GET"; http_method; content:"/sc2.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"2.58.80.130"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049553/; classtype:trojan-activity;sid:83912653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049552)"; flow:established,from_client; content:"GET"; http_method; content:"/ujuax.iso"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.58.80.130"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049552/; classtype:trojan-activity;sid:83912652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049551)"; flow:established,from_client; content:"GET"; http_method; content:"/scar2.hta"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.58.80.130"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049551/; classtype:trojan-activity;sid:83912651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.230.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049550/; classtype:trojan-activity;sid:83912650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.255.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049549/; classtype:trojan-activity;sid:83912649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.184.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049548/; classtype:trojan-activity;sid:83912648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.129.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049547/; classtype:trojan-activity;sid:83912647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.133.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049546/; classtype:trojan-activity;sid:83912646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.92.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049545/; classtype:trojan-activity;sid:83912645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.159.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049544/; classtype:trojan-activity;sid:83912644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049543)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1da5k7bzywtuvhcms8_xqy0nwlhnmiqaq"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049543/; classtype:trojan-activity;sid:83912643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049542)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.248.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049542/; classtype:trojan-activity;sid:83912642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049541)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.54.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049541/; classtype:trojan-activity;sid:83912641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.216.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049540/; classtype:trojan-activity;sid:83912640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049539)"; flow:established,from_client; content:"GET"; http_method; content:"/base64newrdp.txt"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.3.101.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049539/; classtype:trojan-activity;sid:83912639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.244.234.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049538/; classtype:trojan-activity;sid:83912638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.20.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049537/; classtype:trojan-activity;sid:83912637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049536)"; flow:established,from_client; content:"GET"; http_method; content:"/wdeigthseven.vbs"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.3.101.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049536/; classtype:trojan-activity;sid:83912636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.187.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049535/; classtype:trojan-activity;sid:83912635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.165.79.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049534/; classtype:trojan-activity;sid:83912634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.231.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049532/; classtype:trojan-activity;sid:83912632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.222.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049533/; classtype:trojan-activity;sid:83912633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.134.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049531/; classtype:trojan-activity;sid:83912631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.249.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049530/; classtype:trojan-activity;sid:83912630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.180.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049529/; classtype:trojan-activity;sid:83912629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.232.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049528/; classtype:trojan-activity;sid:83912628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.153.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049527/; classtype:trojan-activity;sid:83912627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049526)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.38.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049526/; classtype:trojan-activity;sid:83912626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049525)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.242.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049525/; classtype:trojan-activity;sid:83912625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.254.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049524/; classtype:trojan-activity;sid:83912624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.120.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049523/; classtype:trojan-activity;sid:83912623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.206.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049522/; classtype:trojan-activity;sid:83912622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049521)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|id=1da5k7bzywtuvhcms8_xqy0nwlhnmiqaq|7c|26|7c|export=download"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"drive.usercontent.google.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049521/; classtype:trojan-activity;sid:83912621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.244.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049520/; classtype:trojan-activity;sid:83912620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.113.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049519/; classtype:trojan-activity;sid:83912619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.26.10"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049518/; classtype:trojan-activity;sid:83912618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.239.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049517/; classtype:trojan-activity;sid:83912617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.52.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049516/; classtype:trojan-activity;sid:83912616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.124.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049515/; classtype:trojan-activity;sid:83912615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049513)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.98.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049513/; classtype:trojan-activity;sid:83912613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.113.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049514/; classtype:trojan-activity;sid:83912614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049512)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.11.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049512/; classtype:trojan-activity;sid:83912612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049510)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.44.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049510/; classtype:trojan-activity;sid:83912610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.90.90.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049511/; classtype:trojan-activity;sid:83912611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049506)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.116.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049506/; classtype:trojan-activity;sid:83912606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049507)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.174.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049507/; classtype:trojan-activity;sid:83912607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049508)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.7.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049508/; classtype:trojan-activity;sid:83912608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.229.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049509/; classtype:trojan-activity;sid:83912609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049505)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.141.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049505/; classtype:trojan-activity;sid:83912605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049504)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.196.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049504/; classtype:trojan-activity;sid:83912604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.247.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049503/; classtype:trojan-activity;sid:83912603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.213.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049502/; classtype:trojan-activity;sid:83912602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.134.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049501/; classtype:trojan-activity;sid:83912601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.176.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049500/; classtype:trojan-activity;sid:83912600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.78.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049499/; classtype:trojan-activity;sid:83912599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.193.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049498/; classtype:trojan-activity;sid:83912598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.231.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049497/; classtype:trojan-activity;sid:83912597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.249.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049496/; classtype:trojan-activity;sid:83912596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.173.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049495/; classtype:trojan-activity;sid:83912595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.124.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049494/; classtype:trojan-activity;sid:83912594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.151.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049493/; classtype:trojan-activity;sid:83912593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.130.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049492/; classtype:trojan-activity;sid:83912592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049491)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.32.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049491/; classtype:trojan-activity;sid:83912591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049490)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.162.215.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049490/; classtype:trojan-activity;sid:83912590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049489)"; flow:established,from_client; content:"GET"; http_method; content:"/luckysetup.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"85.203.4.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049489/; classtype:trojan-activity;sid:83912589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.241.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049486/; classtype:trojan-activity;sid:83912586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049487)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.237.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049487/; classtype:trojan-activity;sid:83912587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.133.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049488/; classtype:trojan-activity;sid:83912588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049480)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"147.78.103.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049480/; classtype:trojan-activity;sid:83912580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049481)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"147.78.103.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049481/; classtype:trojan-activity;sid:83912581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049482)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"147.78.103.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049482/; classtype:trojan-activity;sid:83912582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049483)"; flow:established,from_client; content:"GET"; http_method; content:"/ihttktngzmpw163.bin"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"147.78.103.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049483/; classtype:trojan-activity;sid:83912583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049484)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"147.78.103.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049484/; classtype:trojan-activity;sid:83912584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049485)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"147.78.103.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049485/; classtype:trojan-activity;sid:83912585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.22.222"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049479/; classtype:trojan-activity;sid:83912579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.254.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049478/; classtype:trojan-activity;sid:83912578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049477)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.34.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049477/; classtype:trojan-activity;sid:83912577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.175.161.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049476/; classtype:trojan-activity;sid:83912576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.152.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049475/; classtype:trojan-activity;sid:83912575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.101.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049474/; classtype:trojan-activity;sid:83912574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.120.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049473/; classtype:trojan-activity;sid:83912573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.235.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049472/; classtype:trojan-activity;sid:83912572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.155.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049471/; classtype:trojan-activity;sid:83912571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.52.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049470/; classtype:trojan-activity;sid:83912570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.213.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049469/; classtype:trojan-activity;sid:83912569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.26.10"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049468/; classtype:trojan-activity;sid:83912568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.193.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049464/; classtype:trojan-activity;sid:83912564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049465)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.10.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049465/; classtype:trojan-activity;sid:83912565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049466)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.17.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049466/; classtype:trojan-activity;sid:83912566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049467)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.144.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049467/; classtype:trojan-activity;sid:83912567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049463)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.236.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049463/; classtype:trojan-activity;sid:83912563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049462)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.62.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049462/; classtype:trojan-activity;sid:83912562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.176.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049461/; classtype:trojan-activity;sid:83912561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.170.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049460/; classtype:trojan-activity;sid:83912560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.231.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049459/; classtype:trojan-activity;sid:83912559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.155.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049457/; classtype:trojan-activity;sid:83912557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.89.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049458/; classtype:trojan-activity;sid:83912558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.241.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049456/; classtype:trojan-activity;sid:83912556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.139.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049455/; classtype:trojan-activity;sid:83912555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.173.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049454/; classtype:trojan-activity;sid:83912554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.4.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049453/; classtype:trojan-activity;sid:83912553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049452)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.206.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049452/; classtype:trojan-activity;sid:83912552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049451)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.106.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049451/; classtype:trojan-activity;sid:83912551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049450)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.252.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049450/; classtype:trojan-activity;sid:83912550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.235.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049449/; classtype:trojan-activity;sid:83912549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.15.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049448/; classtype:trojan-activity;sid:83912548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.65.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049447/; classtype:trojan-activity;sid:83912547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.129.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049446/; classtype:trojan-activity;sid:83912546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.40.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049445/; classtype:trojan-activity;sid:83912545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.89.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049444/; classtype:trojan-activity;sid:83912544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.165.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049443/; classtype:trojan-activity;sid:83912543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049442)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.180.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049442/; classtype:trojan-activity;sid:83912542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049441)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.46.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049441/; classtype:trojan-activity;sid:83912541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.58.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049440/; classtype:trojan-activity;sid:83912540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049439)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.43.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049439/; classtype:trojan-activity;sid:83912539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.7.61"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049438/; classtype:trojan-activity;sid:83912538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.182.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049437/; classtype:trojan-activity;sid:83912537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.170.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049436/; classtype:trojan-activity;sid:83912536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.0.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049435/; classtype:trojan-activity;sid:83912535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.165.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049434/; classtype:trojan-activity;sid:83912534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.78.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049433/; classtype:trojan-activity;sid:83912533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.133.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049432/; classtype:trojan-activity;sid:83912532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.112.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049431/; classtype:trojan-activity;sid:83912531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.8.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049430/; classtype:trojan-activity;sid:83912530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.82.191.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049429/; classtype:trojan-activity;sid:83912529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.79.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049428/; classtype:trojan-activity;sid:83912528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.4.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049427/; classtype:trojan-activity;sid:83912527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.95.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049426/; classtype:trojan-activity;sid:83912526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049425)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.124.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049425/; classtype:trojan-activity;sid:83912525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.190.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049423/; classtype:trojan-activity;sid:83912523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.252.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049424/; classtype:trojan-activity;sid:83912524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049395)"; flow:established,from_client; content:"GET"; http_method; content:"/11971114317060.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049395/; classtype:trojan-activity;sid:83912495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049396)"; flow:established,from_client; content:"GET"; http_method; content:"/116963157065.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049396/; classtype:trojan-activity;sid:83912496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049397)"; flow:established,from_client; content:"GET"; http_method; content:"/269270317692.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049397/; classtype:trojan-activity;sid:83912497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049398)"; flow:established,from_client; content:"GET"; http_method; content:"/7662560923358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049398/; classtype:trojan-activity;sid:83912498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049399)"; flow:established,from_client; content:"GET"; http_method; content:"/195151343324643.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049399/; classtype:trojan-activity;sid:83912499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049400)"; flow:established,from_client; content:"GET"; http_method; content:"/303632922821244.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049400/; classtype:trojan-activity;sid:83912500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049401)"; flow:established,from_client; content:"GET"; http_method; content:"/78102414516540.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049401/; classtype:trojan-activity;sid:83912501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049402)"; flow:established,from_client; content:"GET"; http_method; content:"/31933320695402.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049402/; classtype:trojan-activity;sid:83912502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049403)"; flow:established,from_client; content:"GET"; http_method; content:"/21791436929945.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049403/; classtype:trojan-activity;sid:83912503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049404)"; flow:established,from_client; content:"GET"; http_method; content:"/261082872331996.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049404/; classtype:trojan-activity;sid:83912504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049405)"; flow:established,from_client; content:"GET"; http_method; content:"/8578413221070.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049405/; classtype:trojan-activity;sid:83912505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049406)"; flow:established,from_client; content:"GET"; http_method; content:"/3144435225931.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049406/; classtype:trojan-activity;sid:83912506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049407)"; flow:established,from_client; content:"GET"; http_method; content:"/23602228684844.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049407/; classtype:trojan-activity;sid:83912507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049408)"; flow:established,from_client; content:"GET"; http_method; content:"/160672328012973.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049408/; classtype:trojan-activity;sid:83912508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049409)"; flow:established,from_client; content:"GET"; http_method; content:"/3099531828214.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049409/; classtype:trojan-activity;sid:83912509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049410)"; flow:established,from_client; content:"GET"; http_method; content:"/28208068589.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049410/; classtype:trojan-activity;sid:83912510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049411)"; flow:established,from_client; content:"GET"; http_method; content:"/7570552717192.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049411/; classtype:trojan-activity;sid:83912511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049412)"; flow:established,from_client; content:"GET"; http_method; content:"/21526169013219.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049412/; classtype:trojan-activity;sid:83912512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049413)"; flow:established,from_client; content:"GET"; http_method; content:"/100382520127498.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049413/; classtype:trojan-activity;sid:83912513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049414)"; flow:established,from_client; content:"GET"; http_method; content:"/3714240625358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049414/; classtype:trojan-activity;sid:83912514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049415)"; flow:established,from_client; content:"GET"; http_method; content:"/116963157065.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049415/; classtype:trojan-activity;sid:83912515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049416)"; flow:established,from_client; content:"GET"; http_method; content:"/196371523423251.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049416/; classtype:trojan-activity;sid:83912516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049417)"; flow:established,from_client; content:"GET"; http_method; content:"/31933320695402.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049417/; classtype:trojan-activity;sid:83912517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049418)"; flow:established,from_client; content:"GET"; http_method; content:"/2442990412424.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049418/; classtype:trojan-activity;sid:83912518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049419)"; flow:established,from_client; content:"GET"; http_method; content:"/271422574128375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049419/; classtype:trojan-activity;sid:83912519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049420)"; flow:established,from_client; content:"GET"; http_method; content:"/303632922821244.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049420/; classtype:trojan-activity;sid:83912520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049421)"; flow:established,from_client; content:"GET"; http_method; content:"/11971114317060.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049421/; classtype:trojan-activity;sid:83912521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049422)"; flow:established,from_client; content:"GET"; http_method; content:"/23602228684844.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049422/; classtype:trojan-activity;sid:83912522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049394)"; flow:established,from_client; content:"GET"; http_method; content:"/49201342017208.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049394/; classtype:trojan-activity;sid:83912494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049391)"; flow:established,from_client; content:"GET"; http_method; content:"/78102414516540.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049391/; classtype:trojan-activity;sid:83912491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049392)"; flow:established,from_client; content:"GET"; http_method; content:"/183222740917008.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049392/; classtype:trojan-activity;sid:83912492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049393)"; flow:established,from_client; content:"GET"; http_method; content:"/23602228684844.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049393/; classtype:trojan-activity;sid:83912493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049357)"; flow:established,from_client; content:"GET"; http_method; content:"/2425236266541.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049357/; classtype:trojan-activity;sid:83912457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049358)"; flow:established,from_client; content:"GET"; http_method; content:"/710162113845.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049358/; classtype:trojan-activity;sid:83912458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049359)"; flow:established,from_client; content:"GET"; http_method; content:"/2442990412424.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049359/; classtype:trojan-activity;sid:83912459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049360)"; flow:established,from_client; content:"GET"; http_method; content:"/1494025679229.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049360/; classtype:trojan-activity;sid:83912460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049361)"; flow:established,from_client; content:"GET"; http_method; content:"/3144435225931.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049361/; classtype:trojan-activity;sid:83912461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049362)"; flow:established,from_client; content:"GET"; http_method; content:"/18291699432196.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049362/; classtype:trojan-activity;sid:83912462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049363)"; flow:established,from_client; content:"GET"; http_method; content:"/2442990412424.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049363/; classtype:trojan-activity;sid:83912463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049364)"; flow:established,from_client; content:"GET"; http_method; content:"/25123256582352.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049364/; classtype:trojan-activity;sid:83912464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049365)"; flow:established,from_client; content:"GET"; http_method; content:"/112762799311874.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049365/; classtype:trojan-activity;sid:83912465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049366)"; flow:established,from_client; content:"GET"; http_method; content:"/1301325520379.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049366/; classtype:trojan-activity;sid:83912466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049367)"; flow:established,from_client; content:"GET"; http_method; content:"/65192552717977.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049367/; classtype:trojan-activity;sid:83912467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049368)"; flow:established,from_client; content:"GET"; http_method; content:"/242191824627282.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049368/; classtype:trojan-activity;sid:83912468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049369)"; flow:established,from_client; content:"GET"; http_method; content:"/1494025679229.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049369/; classtype:trojan-activity;sid:83912469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049370)"; flow:established,from_client; content:"GET"; http_method; content:"/16407240006521.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049370/; classtype:trojan-activity;sid:83912470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049371)"; flow:established,from_client; content:"GET"; http_method; content:"/7662560923358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049371/; classtype:trojan-activity;sid:83912471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049372)"; flow:established,from_client; content:"GET"; http_method; content:"/303632922821244.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049372/; classtype:trojan-activity;sid:83912472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049373)"; flow:established,from_client; content:"GET"; http_method; content:"/303632922821244.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049373/; classtype:trojan-activity;sid:83912473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049374)"; flow:established,from_client; content:"GET"; http_method; content:"/65192552717977.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049374/; classtype:trojan-activity;sid:83912474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049375)"; flow:established,from_client; content:"GET"; http_method; content:"/242191824627282.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049375/; classtype:trojan-activity;sid:83912475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049376)"; flow:established,from_client; content:"GET"; http_method; content:"/1301325520379.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049376/; classtype:trojan-activity;sid:83912476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049377)"; flow:established,from_client; content:"GET"; http_method; content:"/1493680295905.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049377/; classtype:trojan-activity;sid:83912477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049378)"; flow:established,from_client; content:"GET"; http_method; content:"/248221549524710.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049378/; classtype:trojan-activity;sid:83912478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049379)"; flow:established,from_client; content:"GET"; http_method; content:"/3144435225931.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049379/; classtype:trojan-activity;sid:83912479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049380)"; flow:established,from_client; content:"GET"; http_method; content:"/3173488889198.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049380/; classtype:trojan-activity;sid:83912480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049381)"; flow:established,from_client; content:"GET"; http_method; content:"/21210513926246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049381/; classtype:trojan-activity;sid:83912481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049382)"; flow:established,from_client; content:"GET"; http_method; content:"/31933320695402.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049382/; classtype:trojan-activity;sid:83912482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049383)"; flow:established,from_client; content:"GET"; http_method; content:"/1493680295905.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049383/; classtype:trojan-activity;sid:83912483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049384)"; flow:established,from_client; content:"GET"; http_method; content:"/183222740917008.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049384/; classtype:trojan-activity;sid:83912484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049385)"; flow:established,from_client; content:"GET"; http_method; content:"/271422574128375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049385/; classtype:trojan-activity;sid:83912485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049386)"; flow:established,from_client; content:"GET"; http_method; content:"/247102099110965.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049386/; classtype:trojan-activity;sid:83912486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049387)"; flow:established,from_client; content:"GET"; http_method; content:"/49201342017208.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049387/; classtype:trojan-activity;sid:83912487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049388)"; flow:established,from_client; content:"GET"; http_method; content:"/2425236266541.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049388/; classtype:trojan-activity;sid:83912488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049389)"; flow:established,from_client; content:"GET"; http_method; content:"/1494025679229.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049389/; classtype:trojan-activity;sid:83912489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049390)"; flow:established,from_client; content:"GET"; http_method; content:"/100382520127498.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049390/; classtype:trojan-activity;sid:83912490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049352)"; flow:established,from_client; content:"GET"; http_method; content:"/1493680295905.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049352/; classtype:trojan-activity;sid:83912452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049353)"; flow:established,from_client; content:"GET"; http_method; content:"/183222740917008.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049353/; classtype:trojan-activity;sid:83912453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049354)"; flow:established,from_client; content:"GET"; http_method; content:"/28622300615912.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049354/; classtype:trojan-activity;sid:83912454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049355)"; flow:established,from_client; content:"GET"; http_method; content:"/20371580615655.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049355/; classtype:trojan-activity;sid:83912455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049356)"; flow:established,from_client; content:"GET"; http_method; content:"/235713873942.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049356/; classtype:trojan-activity;sid:83912456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049312)"; flow:established,from_client; content:"GET"; http_method; content:"/241082772725462.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049312/; classtype:trojan-activity;sid:83912412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049313)"; flow:established,from_client; content:"GET"; http_method; content:"/78102414516540.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049313/; classtype:trojan-activity;sid:83912413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049314)"; flow:established,from_client; content:"GET"; http_method; content:"/3714240625358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049314/; classtype:trojan-activity;sid:83912414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049315)"; flow:established,from_client; content:"GET"; http_method; content:"/195151343324643.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049315/; classtype:trojan-activity;sid:83912415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049316)"; flow:established,from_client; content:"GET"; http_method; content:"/242191824627282.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049316/; classtype:trojan-activity;sid:83912416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049317)"; flow:established,from_client; content:"GET"; http_method; content:"/303632922821244.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049317/; classtype:trojan-activity;sid:83912417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049318)"; flow:established,from_client; content:"GET"; http_method; content:"/11971114317060.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049318/; classtype:trojan-activity;sid:83912418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049319)"; flow:established,from_client; content:"GET"; http_method; content:"/710162113845.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049319/; classtype:trojan-activity;sid:83912419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049320)"; flow:established,from_client; content:"GET"; http_method; content:"/235713873942.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049320/; classtype:trojan-activity;sid:83912420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049321)"; flow:established,from_client; content:"GET"; http_method; content:"/11279194465698.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049321/; classtype:trojan-activity;sid:83912421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049322)"; flow:established,from_client; content:"GET"; http_method; content:"/271422574128375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049322/; classtype:trojan-activity;sid:83912422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049323)"; flow:established,from_client; content:"GET"; http_method; content:"/1301325520379.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049323/; classtype:trojan-activity;sid:83912423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049324)"; flow:established,from_client; content:"GET"; http_method; content:"/242191824627282.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049324/; classtype:trojan-activity;sid:83912424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049325)"; flow:established,from_client; content:"GET"; http_method; content:"/28258172047292.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049325/; classtype:trojan-activity;sid:83912425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049326)"; flow:established,from_client; content:"GET"; http_method; content:"/160191646713871.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049326/; classtype:trojan-activity;sid:83912426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049327)"; flow:established,from_client; content:"GET"; http_method; content:"/2442990412424.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049327/; classtype:trojan-activity;sid:83912427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049328)"; flow:established,from_client; content:"GET"; http_method; content:"/2442990412424.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049328/; classtype:trojan-activity;sid:83912428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049329)"; flow:established,from_client; content:"GET"; http_method; content:"/196371523423251.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049329/; classtype:trojan-activity;sid:83912429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049330)"; flow:established,from_client; content:"GET"; http_method; content:"/1493680295905.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049330/; classtype:trojan-activity;sid:83912430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049331)"; flow:established,from_client; content:"GET"; http_method; content:"/247102099110965.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049331/; classtype:trojan-activity;sid:83912431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049332)"; flow:established,from_client; content:"GET"; http_method; content:"/242191824627282.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049332/; classtype:trojan-activity;sid:83912432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049333)"; flow:established,from_client; content:"GET"; http_method; content:"/28208068589.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049333/; classtype:trojan-activity;sid:83912433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049334)"; flow:established,from_client; content:"GET"; http_method; content:"/235713873942.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049334/; classtype:trojan-activity;sid:83912434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049335)"; flow:established,from_client; content:"GET"; http_method; content:"/2425236266541.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049335/; classtype:trojan-activity;sid:83912435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049336)"; flow:established,from_client; content:"GET"; http_method; content:"/303632922821244.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049336/; classtype:trojan-activity;sid:83912436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049337)"; flow:established,from_client; content:"GET"; http_method; content:"/8578413221070.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049337/; classtype:trojan-activity;sid:83912437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049338)"; flow:established,from_client; content:"GET"; http_method; content:"/28258172047292.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049338/; classtype:trojan-activity;sid:83912438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049339)"; flow:established,from_client; content:"GET"; http_method; content:"/710162113845.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049339/; classtype:trojan-activity;sid:83912439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049340)"; flow:established,from_client; content:"GET"; http_method; content:"/29044870917193.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049340/; classtype:trojan-activity;sid:83912440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049341)"; flow:established,from_client; content:"GET"; http_method; content:"/143163224613766.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049341/; classtype:trojan-activity;sid:83912441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049342)"; flow:established,from_client; content:"GET"; http_method; content:"/20371580615655.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049342/; classtype:trojan-activity;sid:83912442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049343)"; flow:established,from_client; content:"GET"; http_method; content:"/247102099110965.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049343/; classtype:trojan-activity;sid:83912443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049344)"; flow:established,from_client; content:"GET"; http_method; content:"/1494025679229.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049344/; classtype:trojan-activity;sid:83912444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049345)"; flow:established,from_client; content:"GET"; http_method; content:"/2442990412424.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049345/; classtype:trojan-activity;sid:83912445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049346)"; flow:established,from_client; content:"GET"; http_method; content:"/3144435225931.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049346/; classtype:trojan-activity;sid:83912446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049347)"; flow:established,from_client; content:"GET"; http_method; content:"/1527830137078.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049347/; classtype:trojan-activity;sid:83912447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049348)"; flow:established,from_client; content:"GET"; http_method; content:"/18291699432196.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049348/; classtype:trojan-activity;sid:83912448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049349)"; flow:established,from_client; content:"GET"; http_method; content:"/160672328012973.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049349/; classtype:trojan-activity;sid:83912449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049350)"; flow:established,from_client; content:"GET"; http_method; content:"/247102099110965.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049350/; classtype:trojan-activity;sid:83912450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049351)"; flow:established,from_client; content:"GET"; http_method; content:"/16407240006521.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049351/; classtype:trojan-activity;sid:83912451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049297)"; flow:established,from_client; content:"GET"; http_method; content:"/16407240006521.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049297/; classtype:trojan-activity;sid:83912397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049298)"; flow:established,from_client; content:"GET"; http_method; content:"/261082872331996.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049298/; classtype:trojan-activity;sid:83912398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049299)"; flow:established,from_client; content:"GET"; http_method; content:"/247102099110965.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049299/; classtype:trojan-activity;sid:83912399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049300)"; flow:established,from_client; content:"GET"; http_method; content:"/14117938220213.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049300/; classtype:trojan-activity;sid:83912400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049301)"; flow:established,from_client; content:"GET"; http_method; content:"/710162113845.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049301/; classtype:trojan-activity;sid:83912401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049302)"; flow:established,from_client; content:"GET"; http_method; content:"/116963157065.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049302/; classtype:trojan-activity;sid:83912402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049303)"; flow:established,from_client; content:"GET"; http_method; content:"/1047698831771.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049303/; classtype:trojan-activity;sid:83912403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049304)"; flow:established,from_client; content:"GET"; http_method; content:"/195151343324643.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049304/; classtype:trojan-activity;sid:83912404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049305)"; flow:established,from_client; content:"GET"; http_method; content:"/2425236266541.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049305/; classtype:trojan-activity;sid:83912405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049306)"; flow:established,from_client; content:"GET"; http_method; content:"/183222740917008.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049306/; classtype:trojan-activity;sid:83912406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049307)"; flow:established,from_client; content:"GET"; http_method; content:"/31933320695402.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049307/; classtype:trojan-activity;sid:83912407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049308)"; flow:established,from_client; content:"GET"; http_method; content:"/28258172047292.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049308/; classtype:trojan-activity;sid:83912408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049309)"; flow:established,from_client; content:"GET"; http_method; content:"/1494025679229.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049309/; classtype:trojan-activity;sid:83912409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049310)"; flow:established,from_client; content:"GET"; http_method; content:"/270253008428631.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049310/; classtype:trojan-activity;sid:83912410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049311)"; flow:established,from_client; content:"GET"; http_method; content:"/7570552717192.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049311/; classtype:trojan-activity;sid:83912411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049284)"; flow:established,from_client; content:"GET"; http_method; content:"/3173488889198.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049284/; classtype:trojan-activity;sid:83912384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049285)"; flow:established,from_client; content:"GET"; http_method; content:"/25123256582352.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049285/; classtype:trojan-activity;sid:83912385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049286)"; flow:established,from_client; content:"GET"; http_method; content:"/143163224613766.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049286/; classtype:trojan-activity;sid:83912386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049287)"; flow:established,from_client; content:"GET"; http_method; content:"/3099531828214.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049287/; classtype:trojan-activity;sid:83912387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049288)"; flow:established,from_client; content:"GET"; http_method; content:"/100382520127498.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049288/; classtype:trojan-activity;sid:83912388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049289)"; flow:established,from_client; content:"GET"; http_method; content:"/271422574128375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049289/; classtype:trojan-activity;sid:83912389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049290)"; flow:established,from_client; content:"GET"; http_method; content:"/29044870917193.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049290/; classtype:trojan-activity;sid:83912390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049291)"; flow:established,from_client; content:"GET"; http_method; content:"/1301325520379.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049291/; classtype:trojan-activity;sid:83912391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049292)"; flow:established,from_client; content:"GET"; http_method; content:"/49201342017208.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049292/; classtype:trojan-activity;sid:83912392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049293)"; flow:established,from_client; content:"GET"; http_method; content:"/65192552717977.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049293/; classtype:trojan-activity;sid:83912393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049294)"; flow:established,from_client; content:"GET"; http_method; content:"/18291699432196.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049294/; classtype:trojan-activity;sid:83912394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049295)"; flow:established,from_client; content:"GET"; http_method; content:"/15582296527056.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049295/; classtype:trojan-activity;sid:83912395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049296)"; flow:established,from_client; content:"GET"; http_method; content:"/26334159312437.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049296/; classtype:trojan-activity;sid:83912396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049259)"; flow:established,from_client; content:"GET"; http_method; content:"/1527830137078.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049259/; classtype:trojan-activity;sid:83912359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049260)"; flow:established,from_client; content:"GET"; http_method; content:"/49201342017208.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049260/; classtype:trojan-activity;sid:83912360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049261)"; flow:established,from_client; content:"GET"; http_method; content:"/320312909623919.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049261/; classtype:trojan-activity;sid:83912361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049262)"; flow:established,from_client; content:"GET"; http_method; content:"/247102099110965.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049262/; classtype:trojan-activity;sid:83912362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049263)"; flow:established,from_client; content:"GET"; http_method; content:"/2425236266541.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049263/; classtype:trojan-activity;sid:83912363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049264)"; flow:established,from_client; content:"GET"; http_method; content:"/24036109961094.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049264/; classtype:trojan-activity;sid:83912364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049265)"; flow:established,from_client; content:"GET"; http_method; content:"/23602228684844.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049265/; classtype:trojan-activity;sid:83912365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049266)"; flow:established,from_client; content:"GET"; http_method; content:"/271422574128375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049266/; classtype:trojan-activity;sid:83912366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049267)"; flow:established,from_client; content:"GET"; http_method; content:"/100382520127498.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049267/; classtype:trojan-activity;sid:83912367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049268)"; flow:established,from_client; content:"GET"; http_method; content:"/14117938220213.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049268/; classtype:trojan-activity;sid:83912368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049269)"; flow:established,from_client; content:"GET"; http_method; content:"/112762799311874.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049269/; classtype:trojan-activity;sid:83912369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049270)"; flow:established,from_client; content:"GET"; http_method; content:"/78102414516540.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049270/; classtype:trojan-activity;sid:83912370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049271)"; flow:established,from_client; content:"GET"; http_method; content:"/7570552717192.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049271/; classtype:trojan-activity;sid:83912371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049272)"; flow:established,from_client; content:"GET"; http_method; content:"/183222740917008.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049272/; classtype:trojan-activity;sid:83912372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049273)"; flow:established,from_client; content:"GET"; http_method; content:"/21526169013219.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049273/; classtype:trojan-activity;sid:83912373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049274)"; flow:established,from_client; content:"GET"; http_method; content:"/195151343324643.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049274/; classtype:trojan-activity;sid:83912374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049275)"; flow:established,from_client; content:"GET"; http_method; content:"/24036109961094.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049275/; classtype:trojan-activity;sid:83912375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049276)"; flow:established,from_client; content:"GET"; http_method; content:"/196371523423251.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049276/; classtype:trojan-activity;sid:83912376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049277)"; flow:established,from_client; content:"GET"; http_method; content:"/320312909623919.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049277/; classtype:trojan-activity;sid:83912377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049278)"; flow:established,from_client; content:"GET"; http_method; content:"/15582296527056.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049278/; classtype:trojan-activity;sid:83912378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049279)"; flow:established,from_client; content:"GET"; http_method; content:"/160672328012973.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049279/; classtype:trojan-activity;sid:83912379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049280)"; flow:established,from_client; content:"GET"; http_method; content:"/270253008428631.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049280/; classtype:trojan-activity;sid:83912380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049281)"; flow:established,from_client; content:"GET"; http_method; content:"/31933320695402.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049281/; classtype:trojan-activity;sid:83912381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049282)"; flow:established,from_client; content:"GET"; http_method; content:"/320312909623919.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049282/; classtype:trojan-activity;sid:83912382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049283)"; flow:established,from_client; content:"GET"; http_method; content:"/21791436929945.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049283/; classtype:trojan-activity;sid:83912383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049241)"; flow:established,from_client; content:"GET"; http_method; content:"/271422574128375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049241/; classtype:trojan-activity;sid:83912341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049242)"; flow:established,from_client; content:"GET"; http_method; content:"/1047698831771.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049242/; classtype:trojan-activity;sid:83912342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049243)"; flow:established,from_client; content:"GET"; http_method; content:"/235713873942.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049243/; classtype:trojan-activity;sid:83912343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049244)"; flow:established,from_client; content:"GET"; http_method; content:"/116963157065.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049244/; classtype:trojan-activity;sid:83912344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049245)"; flow:established,from_client; content:"GET"; http_method; content:"/7570552717192.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049245/; classtype:trojan-activity;sid:83912345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049246)"; flow:established,from_client; content:"GET"; http_method; content:"/3144435225931.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049246/; classtype:trojan-activity;sid:83912346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049247)"; flow:established,from_client; content:"GET"; http_method; content:"/248221549524710.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049247/; classtype:trojan-activity;sid:83912347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049248)"; flow:established,from_client; content:"GET"; http_method; content:"/261082872331996.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049248/; classtype:trojan-activity;sid:83912348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049249)"; flow:established,from_client; content:"GET"; http_method; content:"/710162113845.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049249/; classtype:trojan-activity;sid:83912349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049250)"; flow:established,from_client; content:"GET"; http_method; content:"/270253008428631.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049250/; classtype:trojan-activity;sid:83912350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049251)"; flow:established,from_client; content:"GET"; http_method; content:"/242191824627282.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049251/; classtype:trojan-activity;sid:83912351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049252)"; flow:established,from_client; content:"GET"; http_method; content:"/29044870917193.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049252/; classtype:trojan-activity;sid:83912352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049253)"; flow:established,from_client; content:"GET"; http_method; content:"/143163224613766.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049253/; classtype:trojan-activity;sid:83912353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049254)"; flow:established,from_client; content:"GET"; http_method; content:"/14117938220213.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049254/; classtype:trojan-activity;sid:83912354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049255)"; flow:established,from_client; content:"GET"; http_method; content:"/3099531828214.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049255/; classtype:trojan-activity;sid:83912355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049256)"; flow:established,from_client; content:"GET"; http_method; content:"/3144435225931.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049256/; classtype:trojan-activity;sid:83912356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049257)"; flow:established,from_client; content:"GET"; http_method; content:"/7570552717192.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049257/; classtype:trojan-activity;sid:83912357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049258)"; flow:established,from_client; content:"GET"; http_method; content:"/18010673024546.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049258/; classtype:trojan-activity;sid:83912358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049212)"; flow:established,from_client; content:"GET"; http_method; content:"/15582296527056.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049212/; classtype:trojan-activity;sid:83912312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049213)"; flow:established,from_client; content:"GET"; http_method; content:"/21526169013219.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049213/; classtype:trojan-activity;sid:83912313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049214)"; flow:established,from_client; content:"GET"; http_method; content:"/112762799311874.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049214/; classtype:trojan-activity;sid:83912314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049215)"; flow:established,from_client; content:"GET"; http_method; content:"/20371580615655.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049215/; classtype:trojan-activity;sid:83912315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049216)"; flow:established,from_client; content:"GET"; http_method; content:"/242191824627282.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049216/; classtype:trojan-activity;sid:83912316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049217)"; flow:established,from_client; content:"GET"; http_method; content:"/270253008428631.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049217/; classtype:trojan-activity;sid:83912317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049218)"; flow:established,from_client; content:"GET"; http_method; content:"/195151343324643.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049218/; classtype:trojan-activity;sid:83912318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049219)"; flow:established,from_client; content:"GET"; http_method; content:"/15582296527056.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049219/; classtype:trojan-activity;sid:83912319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049220)"; flow:established,from_client; content:"GET"; http_method; content:"/269270317692.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049220/; classtype:trojan-activity;sid:83912320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049221)"; flow:established,from_client; content:"GET"; http_method; content:"/11279194465698.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049221/; classtype:trojan-activity;sid:83912321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049222)"; flow:established,from_client; content:"GET"; http_method; content:"/1527830137078.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049222/; classtype:trojan-activity;sid:83912322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049223)"; flow:established,from_client; content:"GET"; http_method; content:"/320312909623919.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049223/; classtype:trojan-activity;sid:83912323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049224)"; flow:established,from_client; content:"GET"; http_method; content:"/29044870917193.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049224/; classtype:trojan-activity;sid:83912324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049225)"; flow:established,from_client; content:"GET"; http_method; content:"/78102414516540.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049225/; classtype:trojan-activity;sid:83912325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049226)"; flow:established,from_client; content:"GET"; http_method; content:"/21210513926246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049226/; classtype:trojan-activity;sid:83912326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049227)"; flow:established,from_client; content:"GET"; http_method; content:"/49201342017208.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049227/; classtype:trojan-activity;sid:83912327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049228)"; flow:established,from_client; content:"GET"; http_method; content:"/2425236266541.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049228/; classtype:trojan-activity;sid:83912328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049229)"; flow:established,from_client; content:"GET"; http_method; content:"/31933320695402.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049229/; classtype:trojan-activity;sid:83912329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049230)"; flow:established,from_client; content:"GET"; http_method; content:"/270253008428631.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049230/; classtype:trojan-activity;sid:83912330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049231)"; flow:established,from_client; content:"GET"; http_method; content:"/247102099110965.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049231/; classtype:trojan-activity;sid:83912331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049232)"; flow:established,from_client; content:"GET"; http_method; content:"/16407240006521.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049232/; classtype:trojan-activity;sid:83912332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049233)"; flow:established,from_client; content:"GET"; http_method; content:"/241082772725462.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049233/; classtype:trojan-activity;sid:83912333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049234)"; flow:established,from_client; content:"GET"; http_method; content:"/2442990412424.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049234/; classtype:trojan-activity;sid:83912334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049235)"; flow:established,from_client; content:"GET"; http_method; content:"/248221549524710.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049235/; classtype:trojan-activity;sid:83912335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049236)"; flow:established,from_client; content:"GET"; http_method; content:"/160191646713871.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049236/; classtype:trojan-activity;sid:83912336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049237)"; flow:established,from_client; content:"GET"; http_method; content:"/20371580615655.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049237/; classtype:trojan-activity;sid:83912337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049238)"; flow:established,from_client; content:"GET"; http_method; content:"/7570552717192.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049238/; classtype:trojan-activity;sid:83912338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049239)"; flow:established,from_client; content:"GET"; http_method; content:"/1527830137078.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049239/; classtype:trojan-activity;sid:83912339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049240)"; flow:established,from_client; content:"GET"; http_method; content:"/1047698831771.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049240/; classtype:trojan-activity;sid:83912340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049197)"; flow:established,from_client; content:"GET"; http_method; content:"/3144435225931.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049197/; classtype:trojan-activity;sid:83912297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049198)"; flow:established,from_client; content:"GET"; http_method; content:"/78102414516540.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049198/; classtype:trojan-activity;sid:83912298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049199)"; flow:established,from_client; content:"GET"; http_method; content:"/160191646713871.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049199/; classtype:trojan-activity;sid:83912299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049200)"; flow:established,from_client; content:"GET"; http_method; content:"/29044870917193.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049200/; classtype:trojan-activity;sid:83912300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049201)"; flow:established,from_client; content:"GET"; http_method; content:"/7570552717192.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049201/; classtype:trojan-activity;sid:83912301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049202)"; flow:established,from_client; content:"GET"; http_method; content:"/195151343324643.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049202/; classtype:trojan-activity;sid:83912302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049203)"; flow:established,from_client; content:"GET"; http_method; content:"/1527830137078.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049203/; classtype:trojan-activity;sid:83912303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049204)"; flow:established,from_client; content:"GET"; http_method; content:"/23602228684844.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049204/; classtype:trojan-activity;sid:83912304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049205)"; flow:established,from_client; content:"GET"; http_method; content:"/11971114317060.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049205/; classtype:trojan-activity;sid:83912305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049206)"; flow:established,from_client; content:"GET"; http_method; content:"/14117938220213.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049206/; classtype:trojan-activity;sid:83912306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049207)"; flow:established,from_client; content:"GET"; http_method; content:"/3714240625358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049207/; classtype:trojan-activity;sid:83912307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049208)"; flow:established,from_client; content:"GET"; http_method; content:"/8578413221070.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049208/; classtype:trojan-activity;sid:83912308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049209)"; flow:established,from_client; content:"GET"; http_method; content:"/2442990412424.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049209/; classtype:trojan-activity;sid:83912309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049210)"; flow:established,from_client; content:"GET"; http_method; content:"/269270317692.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049210/; classtype:trojan-activity;sid:83912310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049211)"; flow:established,from_client; content:"GET"; http_method; content:"/14117938220213.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049211/; classtype:trojan-activity;sid:83912311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049175)"; flow:established,from_client; content:"GET"; http_method; content:"/16407240006521.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049175/; classtype:trojan-activity;sid:83912275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049176)"; flow:established,from_client; content:"GET"; http_method; content:"/3099531828214.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049176/; classtype:trojan-activity;sid:83912276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049177)"; flow:established,from_client; content:"GET"; http_method; content:"/270253008428631.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049177/; classtype:trojan-activity;sid:83912277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049178)"; flow:established,from_client; content:"GET"; http_method; content:"/21210513926246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049178/; classtype:trojan-activity;sid:83912278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049179)"; flow:established,from_client; content:"GET"; http_method; content:"/8578413221070.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049179/; classtype:trojan-activity;sid:83912279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049180)"; flow:established,from_client; content:"GET"; http_method; content:"/320312909623919.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049180/; classtype:trojan-activity;sid:83912280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049181)"; flow:established,from_client; content:"GET"; http_method; content:"/28208068589.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049181/; classtype:trojan-activity;sid:83912281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049182)"; flow:established,from_client; content:"GET"; http_method; content:"/183222740917008.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049182/; classtype:trojan-activity;sid:83912282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049183)"; flow:established,from_client; content:"GET"; http_method; content:"/160191646713871.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049183/; classtype:trojan-activity;sid:83912283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049184)"; flow:established,from_client; content:"GET"; http_method; content:"/3173488889198.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049184/; classtype:trojan-activity;sid:83912284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049185)"; flow:established,from_client; content:"GET"; http_method; content:"/183222740917008.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049185/; classtype:trojan-activity;sid:83912285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049186)"; flow:established,from_client; content:"GET"; http_method; content:"/26334159312437.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049186/; classtype:trojan-activity;sid:83912286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049187)"; flow:established,from_client; content:"GET"; http_method; content:"/20371580615655.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049187/; classtype:trojan-activity;sid:83912287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049188)"; flow:established,from_client; content:"GET"; http_method; content:"/320312909623919.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049188/; classtype:trojan-activity;sid:83912288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049189)"; flow:established,from_client; content:"GET"; http_method; content:"/112762799311874.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049189/; classtype:trojan-activity;sid:83912289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049190)"; flow:established,from_client; content:"GET"; http_method; content:"/195151343324643.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049190/; classtype:trojan-activity;sid:83912290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049191)"; flow:established,from_client; content:"GET"; http_method; content:"/31933320695402.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049191/; classtype:trojan-activity;sid:83912291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049192)"; flow:established,from_client; content:"GET"; http_method; content:"/11971114317060.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049192/; classtype:trojan-activity;sid:83912292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049193)"; flow:established,from_client; content:"GET"; http_method; content:"/235713873942.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049193/; classtype:trojan-activity;sid:83912293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049194)"; flow:established,from_client; content:"GET"; http_method; content:"/26334159312437.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049194/; classtype:trojan-activity;sid:83912294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049195)"; flow:established,from_client; content:"GET"; http_method; content:"/100382520127498.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049195/; classtype:trojan-activity;sid:83912295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049196)"; flow:established,from_client; content:"GET"; http_method; content:"/1301325520379.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049196/; classtype:trojan-activity;sid:83912296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049154)"; flow:established,from_client; content:"GET"; http_method; content:"/15582296527056.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049154/; classtype:trojan-activity;sid:83912254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049155)"; flow:established,from_client; content:"GET"; http_method; content:"/1047698831771.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049155/; classtype:trojan-activity;sid:83912255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049156)"; flow:established,from_client; content:"GET"; http_method; content:"/15582296527056.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049156/; classtype:trojan-activity;sid:83912256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049157)"; flow:established,from_client; content:"GET"; http_method; content:"/1527830137078.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049157/; classtype:trojan-activity;sid:83912257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049158)"; flow:established,from_client; content:"GET"; http_method; content:"/100382520127498.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049158/; classtype:trojan-activity;sid:83912258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049159)"; flow:established,from_client; content:"GET"; http_method; content:"/65192552717977.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049159/; classtype:trojan-activity;sid:83912259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049160)"; flow:established,from_client; content:"GET"; http_method; content:"/18291699432196.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049160/; classtype:trojan-activity;sid:83912260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049161)"; flow:established,from_client; content:"GET"; http_method; content:"/183222740917008.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049161/; classtype:trojan-activity;sid:83912261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049162)"; flow:established,from_client; content:"GET"; http_method; content:"/21210513926246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049162/; classtype:trojan-activity;sid:83912262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049163)"; flow:established,from_client; content:"GET"; http_method; content:"/235713873942.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049163/; classtype:trojan-activity;sid:83912263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049164)"; flow:established,from_client; content:"GET"; http_method; content:"/160672328012973.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049164/; classtype:trojan-activity;sid:83912264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049165)"; flow:established,from_client; content:"GET"; http_method; content:"/1047698831771.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049165/; classtype:trojan-activity;sid:83912265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049166)"; flow:established,from_client; content:"GET"; http_method; content:"/261082872331996.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049166/; classtype:trojan-activity;sid:83912266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049167)"; flow:established,from_client; content:"GET"; http_method; content:"/1494025679229.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049167/; classtype:trojan-activity;sid:83912267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049168)"; flow:established,from_client; content:"GET"; http_method; content:"/196371523423251.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049168/; classtype:trojan-activity;sid:83912268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049169)"; flow:established,from_client; content:"GET"; http_method; content:"/8578413221070.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049169/; classtype:trojan-activity;sid:83912269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049170)"; flow:established,from_client; content:"GET"; http_method; content:"/1047698831771.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049170/; classtype:trojan-activity;sid:83912270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049171)"; flow:established,from_client; content:"GET"; http_method; content:"/21210513926246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049171/; classtype:trojan-activity;sid:83912271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049172)"; flow:established,from_client; content:"GET"; http_method; content:"/14117938220213.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049172/; classtype:trojan-activity;sid:83912272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049173)"; flow:established,from_client; content:"GET"; http_method; content:"/31933320695402.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049173/; classtype:trojan-activity;sid:83912273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049174)"; flow:established,from_client; content:"GET"; http_method; content:"/116963157065.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049174/; classtype:trojan-activity;sid:83912274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049133)"; flow:established,from_client; content:"GET"; http_method; content:"/7662560923358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049133/; classtype:trojan-activity;sid:83912233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049134)"; flow:established,from_client; content:"GET"; http_method; content:"/116963157065.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049134/; classtype:trojan-activity;sid:83912234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049135)"; flow:established,from_client; content:"GET"; http_method; content:"/1047698831771.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049135/; classtype:trojan-activity;sid:83912235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049136)"; flow:established,from_client; content:"GET"; http_method; content:"/3714240625358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049136/; classtype:trojan-activity;sid:83912236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049137)"; flow:established,from_client; content:"GET"; http_method; content:"/26334159312437.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049137/; classtype:trojan-activity;sid:83912237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049138)"; flow:established,from_client; content:"GET"; http_method; content:"/196371523423251.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049138/; classtype:trojan-activity;sid:83912238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049139)"; flow:established,from_client; content:"GET"; http_method; content:"/23602228684844.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049139/; classtype:trojan-activity;sid:83912239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049140)"; flow:established,from_client; content:"GET"; http_method; content:"/183222740917008.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049140/; classtype:trojan-activity;sid:83912240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049141)"; flow:established,from_client; content:"GET"; http_method; content:"/3099531828214.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049141/; classtype:trojan-activity;sid:83912241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049142)"; flow:established,from_client; content:"GET"; http_method; content:"/271422574128375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049142/; classtype:trojan-activity;sid:83912242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049143)"; flow:established,from_client; content:"GET"; http_method; content:"/18291699432196.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049143/; classtype:trojan-activity;sid:83912243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049144)"; flow:established,from_client; content:"GET"; http_method; content:"/112762799311874.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049144/; classtype:trojan-activity;sid:83912244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049145)"; flow:established,from_client; content:"GET"; http_method; content:"/78102414516540.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049145/; classtype:trojan-activity;sid:83912245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049146)"; flow:established,from_client; content:"GET"; http_method; content:"/303632922821244.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049146/; classtype:trojan-activity;sid:83912246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049147)"; flow:established,from_client; content:"GET"; http_method; content:"/78102414516540.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049147/; classtype:trojan-activity;sid:83912247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049148)"; flow:established,from_client; content:"GET"; http_method; content:"/14117938220213.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049148/; classtype:trojan-activity;sid:83912248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049149)"; flow:established,from_client; content:"GET"; http_method; content:"/24036109961094.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049149/; classtype:trojan-activity;sid:83912249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049150)"; flow:established,from_client; content:"GET"; http_method; content:"/21210513926246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049150/; classtype:trojan-activity;sid:83912250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049151)"; flow:established,from_client; content:"GET"; http_method; content:"/320312909623919.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049151/; classtype:trojan-activity;sid:83912251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049152)"; flow:established,from_client; content:"GET"; http_method; content:"/78102414516540.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049152/; classtype:trojan-activity;sid:83912252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049153)"; flow:established,from_client; content:"GET"; http_method; content:"/320312909623919.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049153/; classtype:trojan-activity;sid:83912253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049116)"; flow:established,from_client; content:"GET"; http_method; content:"/195151343324643.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049116/; classtype:trojan-activity;sid:83912216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049117)"; flow:established,from_client; content:"GET"; http_method; content:"/21526169013219.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049117/; classtype:trojan-activity;sid:83912217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049118)"; flow:established,from_client; content:"GET"; http_method; content:"/1493680295905.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049118/; classtype:trojan-activity;sid:83912218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049119)"; flow:established,from_client; content:"GET"; http_method; content:"/320312909623919.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049119/; classtype:trojan-activity;sid:83912219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049120)"; flow:established,from_client; content:"GET"; http_method; content:"/195151343324643.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049120/; classtype:trojan-activity;sid:83912220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049121)"; flow:established,from_client; content:"GET"; http_method; content:"/242191824627282.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049121/; classtype:trojan-activity;sid:83912221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049122)"; flow:established,from_client; content:"GET"; http_method; content:"/160672328012973.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049122/; classtype:trojan-activity;sid:83912222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049123)"; flow:established,from_client; content:"GET"; http_method; content:"/24036109961094.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049123/; classtype:trojan-activity;sid:83912223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049124)"; flow:established,from_client; content:"GET"; http_method; content:"/196371523423251.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049124/; classtype:trojan-activity;sid:83912224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049125)"; flow:established,from_client; content:"GET"; http_method; content:"/1301325520379.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049125/; classtype:trojan-activity;sid:83912225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049126)"; flow:established,from_client; content:"GET"; http_method; content:"/21791436929945.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049126/; classtype:trojan-activity;sid:83912226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049127)"; flow:established,from_client; content:"GET"; http_method; content:"/195151343324643.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049127/; classtype:trojan-activity;sid:83912227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049128)"; flow:established,from_client; content:"GET"; http_method; content:"/23602228684844.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049128/; classtype:trojan-activity;sid:83912228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049129)"; flow:established,from_client; content:"GET"; http_method; content:"/1301325520379.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049129/; classtype:trojan-activity;sid:83912229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049130)"; flow:established,from_client; content:"GET"; http_method; content:"/28622300615912.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049130/; classtype:trojan-activity;sid:83912230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049131)"; flow:established,from_client; content:"GET"; http_method; content:"/11279194465698.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049131/; classtype:trojan-activity;sid:83912231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049132)"; flow:established,from_client; content:"GET"; http_method; content:"/31933320695402.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049132/; classtype:trojan-activity;sid:83912232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049101)"; flow:established,from_client; content:"GET"; http_method; content:"/23602228684844.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049101/; classtype:trojan-activity;sid:83912201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049102)"; flow:established,from_client; content:"GET"; http_method; content:"/21526169013219.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049102/; classtype:trojan-activity;sid:83912202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049103)"; flow:established,from_client; content:"GET"; http_method; content:"/14117938220213.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049103/; classtype:trojan-activity;sid:83912203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049104)"; flow:established,from_client; content:"GET"; http_method; content:"/261082872331996.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049104/; classtype:trojan-activity;sid:83912204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049105)"; flow:established,from_client; content:"GET"; http_method; content:"/183222740917008.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049105/; classtype:trojan-activity;sid:83912205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049106)"; flow:established,from_client; content:"GET"; http_method; content:"/269270317692.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049106/; classtype:trojan-activity;sid:83912206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049107)"; flow:established,from_client; content:"GET"; http_method; content:"/3714240625358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049107/; classtype:trojan-activity;sid:83912207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049108)"; flow:established,from_client; content:"GET"; http_method; content:"/18010673024546.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049108/; classtype:trojan-activity;sid:83912208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049109)"; flow:established,from_client; content:"GET"; http_method; content:"/160191646713871.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049109/; classtype:trojan-activity;sid:83912209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049110)"; flow:established,from_client; content:"GET"; http_method; content:"/23602228684844.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049110/; classtype:trojan-activity;sid:83912210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049111)"; flow:established,from_client; content:"GET"; http_method; content:"/1527830137078.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049111/; classtype:trojan-activity;sid:83912211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049112)"; flow:established,from_client; content:"GET"; http_method; content:"/183222740917008.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049112/; classtype:trojan-activity;sid:83912212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049113)"; flow:established,from_client; content:"GET"; http_method; content:"/29044870917193.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049113/; classtype:trojan-activity;sid:83912213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049114)"; flow:established,from_client; content:"GET"; http_method; content:"/18010673024546.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049114/; classtype:trojan-activity;sid:83912214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049115)"; flow:established,from_client; content:"GET"; http_method; content:"/28622300615912.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049115/; classtype:trojan-activity;sid:83912215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049089)"; flow:established,from_client; content:"GET"; http_method; content:"/11971114317060.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049089/; classtype:trojan-activity;sid:83912189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049090)"; flow:established,from_client; content:"GET"; http_method; content:"/183222740917008.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049090/; classtype:trojan-activity;sid:83912190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049091)"; flow:established,from_client; content:"GET"; http_method; content:"/160191646713871.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049091/; classtype:trojan-activity;sid:83912191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049092)"; flow:established,from_client; content:"GET"; http_method; content:"/21791436929945.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049092/; classtype:trojan-activity;sid:83912192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049093)"; flow:established,from_client; content:"GET"; http_method; content:"/270253008428631.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049093/; classtype:trojan-activity;sid:83912193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049094)"; flow:established,from_client; content:"GET"; http_method; content:"/112762799311874.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049094/; classtype:trojan-activity;sid:83912194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049095)"; flow:established,from_client; content:"GET"; http_method; content:"/65192552717977.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049095/; classtype:trojan-activity;sid:83912195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049096)"; flow:established,from_client; content:"GET"; http_method; content:"/11971114317060.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049096/; classtype:trojan-activity;sid:83912196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049097)"; flow:established,from_client; content:"GET"; http_method; content:"/26334159312437.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049097/; classtype:trojan-activity;sid:83912197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049098)"; flow:established,from_client; content:"GET"; http_method; content:"/18010673024546.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049098/; classtype:trojan-activity;sid:83912198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049099)"; flow:established,from_client; content:"GET"; http_method; content:"/21526169013219.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049099/; classtype:trojan-activity;sid:83912199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049100)"; flow:established,from_client; content:"GET"; http_method; content:"/242191824627282.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049100/; classtype:trojan-activity;sid:83912200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049087)"; flow:established,from_client; content:"GET"; http_method; content:"/241082772725462.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049087/; classtype:trojan-activity;sid:83912187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049088)"; flow:established,from_client; content:"GET"; http_method; content:"/24036109961094.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049088/; classtype:trojan-activity;sid:83912188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049086)"; flow:established,from_client; content:"GET"; http_method; content:"/710162113845.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049086/; classtype:trojan-activity;sid:83912186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049074)"; flow:established,from_client; content:"GET"; http_method; content:"/28622300615912.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049074/; classtype:trojan-activity;sid:83912174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049075)"; flow:established,from_client; content:"GET"; http_method; content:"/242191824627282.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049075/; classtype:trojan-activity;sid:83912175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049076)"; flow:established,from_client; content:"GET"; http_method; content:"/1527830137078.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049076/; classtype:trojan-activity;sid:83912176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049077)"; flow:established,from_client; content:"GET"; http_method; content:"/28208068589.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049077/; classtype:trojan-activity;sid:83912177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049078)"; flow:established,from_client; content:"GET"; http_method; content:"/65192552717977.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049078/; classtype:trojan-activity;sid:83912178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049079)"; flow:established,from_client; content:"GET"; http_method; content:"/21526169013219.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049079/; classtype:trojan-activity;sid:83912179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049080)"; flow:established,from_client; content:"GET"; http_method; content:"/8578413221070.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049080/; classtype:trojan-activity;sid:83912180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049081)"; flow:established,from_client; content:"GET"; http_method; content:"/25123256582352.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049081/; classtype:trojan-activity;sid:83912181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049082)"; flow:established,from_client; content:"GET"; http_method; content:"/2442990412424.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049082/; classtype:trojan-activity;sid:83912182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049083)"; flow:established,from_client; content:"GET"; http_method; content:"/248221549524710.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049083/; classtype:trojan-activity;sid:83912183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049084)"; flow:established,from_client; content:"GET"; http_method; content:"/143163224613766.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049084/; classtype:trojan-activity;sid:83912184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049085)"; flow:established,from_client; content:"GET"; http_method; content:"/7662560923358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049085/; classtype:trojan-activity;sid:83912185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049073)"; flow:established,from_client; content:"GET"; http_method; content:"/1527830137078.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049073/; classtype:trojan-activity;sid:83912173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049071)"; flow:established,from_client; content:"GET"; http_method; content:"/11279194465698.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049071/; classtype:trojan-activity;sid:83912171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049072)"; flow:established,from_client; content:"GET"; http_method; content:"/248221549524710.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049072/; classtype:trojan-activity;sid:83912172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049065)"; flow:established,from_client; content:"GET"; http_method; content:"/20371580615655.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049065/; classtype:trojan-activity;sid:83912165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049066)"; flow:established,from_client; content:"GET"; http_method; content:"/28622300615912.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049066/; classtype:trojan-activity;sid:83912166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049067)"; flow:established,from_client; content:"GET"; http_method; content:"/710162113845.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049067/; classtype:trojan-activity;sid:83912167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049068)"; flow:established,from_client; content:"GET"; http_method; content:"/241082772725462.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049068/; classtype:trojan-activity;sid:83912168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049069)"; flow:established,from_client; content:"GET"; http_method; content:"/49201342017208.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049069/; classtype:trojan-activity;sid:83912169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049070)"; flow:established,from_client; content:"GET"; http_method; content:"/26334159312437.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049070/; classtype:trojan-activity;sid:83912170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049060)"; flow:established,from_client; content:"GET"; http_method; content:"/29044870917193.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049060/; classtype:trojan-activity;sid:83912160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049061)"; flow:established,from_client; content:"GET"; http_method; content:"/23602228684844.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049061/; classtype:trojan-activity;sid:83912161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049062)"; flow:established,from_client; content:"GET"; http_method; content:"/271422574128375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049062/; classtype:trojan-activity;sid:83912162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049063)"; flow:established,from_client; content:"GET"; http_method; content:"/8578413221070.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049063/; classtype:trojan-activity;sid:83912163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049064)"; flow:established,from_client; content:"GET"; http_method; content:"/242191824627282.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049064/; classtype:trojan-activity;sid:83912164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049052)"; flow:established,from_client; content:"GET"; http_method; content:"/18010673024546.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049052/; classtype:trojan-activity;sid:83912152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049053)"; flow:established,from_client; content:"GET"; http_method; content:"/112762799311874.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049053/; classtype:trojan-activity;sid:83912153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049054)"; flow:established,from_client; content:"GET"; http_method; content:"/49201342017208.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049054/; classtype:trojan-activity;sid:83912154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049055)"; flow:established,from_client; content:"GET"; http_method; content:"/15582296527056.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049055/; classtype:trojan-activity;sid:83912155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049056)"; flow:established,from_client; content:"GET"; http_method; content:"/25123256582352.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049056/; classtype:trojan-activity;sid:83912156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049057)"; flow:established,from_client; content:"GET"; http_method; content:"/3173488889198.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049057/; classtype:trojan-activity;sid:83912157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049058)"; flow:established,from_client; content:"GET"; http_method; content:"/3173488889198.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049058/; classtype:trojan-activity;sid:83912158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049059)"; flow:established,from_client; content:"GET"; http_method; content:"/116963157065.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049059/; classtype:trojan-activity;sid:83912159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049043)"; flow:established,from_client; content:"GET"; http_method; content:"/14117938220213.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049043/; classtype:trojan-activity;sid:83912143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049044)"; flow:established,from_client; content:"GET"; http_method; content:"/100382520127498.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049044/; classtype:trojan-activity;sid:83912144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049045)"; flow:established,from_client; content:"GET"; http_method; content:"/18291699432196.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049045/; classtype:trojan-activity;sid:83912145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049046)"; flow:established,from_client; content:"GET"; http_method; content:"/100382520127498.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049046/; classtype:trojan-activity;sid:83912146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049047)"; flow:established,from_client; content:"GET"; http_method; content:"/20371580615655.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049047/; classtype:trojan-activity;sid:83912147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049048)"; flow:established,from_client; content:"GET"; http_method; content:"/320312909623919.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049048/; classtype:trojan-activity;sid:83912148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049049)"; flow:established,from_client; content:"GET"; http_method; content:"/28208068589.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049049/; classtype:trojan-activity;sid:83912149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049050)"; flow:established,from_client; content:"GET"; http_method; content:"/3714240625358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049050/; classtype:trojan-activity;sid:83912150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049051)"; flow:established,from_client; content:"GET"; http_method; content:"/11971114317060.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049051/; classtype:trojan-activity;sid:83912151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049029)"; flow:established,from_client; content:"GET"; http_method; content:"/2425236266541.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049029/; classtype:trojan-activity;sid:83912129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049030)"; flow:established,from_client; content:"GET"; http_method; content:"/269270317692.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049030/; classtype:trojan-activity;sid:83912130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049031)"; flow:established,from_client; content:"GET"; http_method; content:"/1527830137078.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049031/; classtype:trojan-activity;sid:83912131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049032)"; flow:established,from_client; content:"GET"; http_method; content:"/78102414516540.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049032/; classtype:trojan-activity;sid:83912132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049033)"; flow:established,from_client; content:"GET"; http_method; content:"/21791436929945.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049033/; classtype:trojan-activity;sid:83912133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049034)"; flow:established,from_client; content:"GET"; http_method; content:"/2425236266541.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049034/; classtype:trojan-activity;sid:83912134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049035)"; flow:established,from_client; content:"GET"; http_method; content:"/24036109961094.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049035/; classtype:trojan-activity;sid:83912135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049036)"; flow:established,from_client; content:"GET"; http_method; content:"/270253008428631.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049036/; classtype:trojan-activity;sid:83912136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049037)"; flow:established,from_client; content:"GET"; http_method; content:"/21526169013219.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049037/; classtype:trojan-activity;sid:83912137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049038)"; flow:established,from_client; content:"GET"; http_method; content:"/3099531828214.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049038/; classtype:trojan-activity;sid:83912138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049039)"; flow:established,from_client; content:"GET"; http_method; content:"/78102414516540.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049039/; classtype:trojan-activity;sid:83912139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049040)"; flow:established,from_client; content:"GET"; http_method; content:"/2425236266541.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049040/; classtype:trojan-activity;sid:83912140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049041)"; flow:established,from_client; content:"GET"; http_method; content:"/25123256582352.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049041/; classtype:trojan-activity;sid:83912141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049042)"; flow:established,from_client; content:"GET"; http_method; content:"/18010673024546.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049042/; classtype:trojan-activity;sid:83912142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049022)"; flow:established,from_client; content:"GET"; http_method; content:"/1047698831771.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049022/; classtype:trojan-activity;sid:83912122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049023)"; flow:established,from_client; content:"GET"; http_method; content:"/29044870917193.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049023/; classtype:trojan-activity;sid:83912123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049024)"; flow:established,from_client; content:"GET"; http_method; content:"/1527830137078.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049024/; classtype:trojan-activity;sid:83912124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049025)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.82.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049025/; classtype:trojan-activity;sid:83912125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049026)"; flow:established,from_client; content:"GET"; http_method; content:"/11279194465698.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049026/; classtype:trojan-activity;sid:83912126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049027)"; flow:established,from_client; content:"GET"; http_method; content:"/11279194465698.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049027/; classtype:trojan-activity;sid:83912127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049028)"; flow:established,from_client; content:"GET"; http_method; content:"/24036109961094.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049028/; classtype:trojan-activity;sid:83912128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048985)"; flow:established,from_client; content:"GET"; http_method; content:"/303632922821244.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048985/; classtype:trojan-activity;sid:83912085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048986)"; flow:established,from_client; content:"GET"; http_method; content:"/24036109961094.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048986/; classtype:trojan-activity;sid:83912086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048987)"; flow:established,from_client; content:"GET"; http_method; content:"/24036109961094.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048987/; classtype:trojan-activity;sid:83912087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048988)"; flow:established,from_client; content:"GET"; http_method; content:"/710162113845.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048988/; classtype:trojan-activity;sid:83912088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048989)"; flow:established,from_client; content:"GET"; http_method; content:"/3144435225931.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048989/; classtype:trojan-activity;sid:83912089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048990)"; flow:established,from_client; content:"GET"; http_method; content:"/143163224613766.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048990/; classtype:trojan-activity;sid:83912090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048991)"; flow:established,from_client; content:"GET"; http_method; content:"/21791436929945.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048991/; classtype:trojan-activity;sid:83912091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048992)"; flow:established,from_client; content:"GET"; http_method; content:"/3099531828214.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048992/; classtype:trojan-activity;sid:83912092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048993)"; flow:established,from_client; content:"GET"; http_method; content:"/3173488889198.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048993/; classtype:trojan-activity;sid:83912093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048994)"; flow:established,from_client; content:"GET"; http_method; content:"/196371523423251.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048994/; classtype:trojan-activity;sid:83912094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048995)"; flow:established,from_client; content:"GET"; http_method; content:"/18291699432196.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048995/; classtype:trojan-activity;sid:83912095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048996)"; flow:established,from_client; content:"GET"; http_method; content:"/242191824627282.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048996/; classtype:trojan-activity;sid:83912096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048997)"; flow:established,from_client; content:"GET"; http_method; content:"/28622300615912.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048997/; classtype:trojan-activity;sid:83912097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048998)"; flow:established,from_client; content:"GET"; http_method; content:"/100382520127498.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048998/; classtype:trojan-activity;sid:83912098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048999)"; flow:established,from_client; content:"GET"; http_method; content:"/2442990412424.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048999/; classtype:trojan-activity;sid:83912099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049000)"; flow:established,from_client; content:"GET"; http_method; content:"/235713873942.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049000/; classtype:trojan-activity;sid:83912100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049001)"; flow:established,from_client; content:"GET"; http_method; content:"/24036109961094.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049001/; classtype:trojan-activity;sid:83912101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049002)"; flow:established,from_client; content:"GET"; http_method; content:"/18291699432196.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049002/; classtype:trojan-activity;sid:83912102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049003)"; flow:established,from_client; content:"GET"; http_method; content:"/28208068589.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049003/; classtype:trojan-activity;sid:83912103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049004)"; flow:established,from_client; content:"GET"; http_method; content:"/143163224613766.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049004/; classtype:trojan-activity;sid:83912104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049005)"; flow:established,from_client; content:"GET"; http_method; content:"/3714240625358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049005/; classtype:trojan-activity;sid:83912105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049006)"; flow:established,from_client; content:"GET"; http_method; content:"/11971114317060.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049006/; classtype:trojan-activity;sid:83912106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049007)"; flow:established,from_client; content:"GET"; http_method; content:"/1301325520379.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049007/; classtype:trojan-activity;sid:83912107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049008)"; flow:established,from_client; content:"GET"; http_method; content:"/25123256582352.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049008/; classtype:trojan-activity;sid:83912108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049009)"; flow:established,from_client; content:"GET"; http_method; content:"/116963157065.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049009/; classtype:trojan-activity;sid:83912109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049010)"; flow:established,from_client; content:"GET"; http_method; content:"/1301325520379.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049010/; classtype:trojan-activity;sid:83912110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049011)"; flow:established,from_client; content:"GET"; http_method; content:"/271422574128375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049011/; classtype:trojan-activity;sid:83912111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049012)"; flow:established,from_client; content:"GET"; http_method; content:"/28622300615912.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049012/; classtype:trojan-activity;sid:83912112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049013)"; flow:established,from_client; content:"GET"; http_method; content:"/247102099110965.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049013/; classtype:trojan-activity;sid:83912113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049014)"; flow:established,from_client; content:"GET"; http_method; content:"/25123256582352.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049014/; classtype:trojan-activity;sid:83912114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049015)"; flow:established,from_client; content:"GET"; http_method; content:"/65192552717977.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049015/; classtype:trojan-activity;sid:83912115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049016)"; flow:established,from_client; content:"GET"; http_method; content:"/28258172047292.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049016/; classtype:trojan-activity;sid:83912116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049017)"; flow:established,from_client; content:"GET"; http_method; content:"/28258172047292.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049017/; classtype:trojan-activity;sid:83912117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049018)"; flow:established,from_client; content:"GET"; http_method; content:"/100382520127498.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049018/; classtype:trojan-activity;sid:83912118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049019)"; flow:established,from_client; content:"GET"; http_method; content:"/28208068589.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049019/; classtype:trojan-activity;sid:83912119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049020)"; flow:established,from_client; content:"GET"; http_method; content:"/65192552717977.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049020/; classtype:trojan-activity;sid:83912120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3049021)"; flow:established,from_client; content:"GET"; http_method; content:"/7570552717192.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3049021/; classtype:trojan-activity;sid:83912121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048984)"; flow:established,from_client; content:"GET"; http_method; content:"/26334159312437.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048984/; classtype:trojan-activity;sid:83912084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048945)"; flow:established,from_client; content:"GET"; http_method; content:"/28622300615912.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048945/; classtype:trojan-activity;sid:83912045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048946)"; flow:established,from_client; content:"GET"; http_method; content:"/3144435225931.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048946/; classtype:trojan-activity;sid:83912046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048947)"; flow:established,from_client; content:"GET"; http_method; content:"/3144435225931.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048947/; classtype:trojan-activity;sid:83912047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048948)"; flow:established,from_client; content:"GET"; http_method; content:"/31933320695402.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048948/; classtype:trojan-activity;sid:83912048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048949)"; flow:established,from_client; content:"GET"; http_method; content:"/28622300615912.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048949/; classtype:trojan-activity;sid:83912049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048950)"; flow:established,from_client; content:"GET"; http_method; content:"/269270317692.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048950/; classtype:trojan-activity;sid:83912050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048951)"; flow:established,from_client; content:"GET"; http_method; content:"/16407240006521.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048951/; classtype:trojan-activity;sid:83912051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048952)"; flow:established,from_client; content:"GET"; http_method; content:"/1527830137078.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048952/; classtype:trojan-activity;sid:83912052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048953)"; flow:established,from_client; content:"GET"; http_method; content:"/15582296527056.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048953/; classtype:trojan-activity;sid:83912053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048954)"; flow:established,from_client; content:"GET"; http_method; content:"/15582296527056.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048954/; classtype:trojan-activity;sid:83912054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048955)"; flow:established,from_client; content:"GET"; http_method; content:"/270253008428631.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048955/; classtype:trojan-activity;sid:83912055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048956)"; flow:established,from_client; content:"GET"; http_method; content:"/261082872331996.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048956/; classtype:trojan-activity;sid:83912056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048957)"; flow:established,from_client; content:"GET"; http_method; content:"/303632922821244.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048957/; classtype:trojan-activity;sid:83912057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048958)"; flow:established,from_client; content:"GET"; http_method; content:"/11279194465698.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048958/; classtype:trojan-activity;sid:83912058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048959)"; flow:established,from_client; content:"GET"; http_method; content:"/160191646713871.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048959/; classtype:trojan-activity;sid:83912059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048960)"; flow:established,from_client; content:"GET"; http_method; content:"/248221549524710.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048960/; classtype:trojan-activity;sid:83912060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048961)"; flow:established,from_client; content:"GET"; http_method; content:"/15582296527056.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048961/; classtype:trojan-activity;sid:83912061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048962)"; flow:established,from_client; content:"GET"; http_method; content:"/11279194465698.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048962/; classtype:trojan-activity;sid:83912062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048963)"; flow:established,from_client; content:"GET"; http_method; content:"/710162113845.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048963/; classtype:trojan-activity;sid:83912063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048964)"; flow:established,from_client; content:"GET"; http_method; content:"/1494025679229.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048964/; classtype:trojan-activity;sid:83912064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048965)"; flow:established,from_client; content:"GET"; http_method; content:"/28258172047292.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048965/; classtype:trojan-activity;sid:83912065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048966)"; flow:established,from_client; content:"GET"; http_method; content:"/14117938220213.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048966/; classtype:trojan-activity;sid:83912066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048967)"; flow:established,from_client; content:"GET"; http_method; content:"/20371580615655.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048967/; classtype:trojan-activity;sid:83912067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048968)"; flow:established,from_client; content:"GET"; http_method; content:"/1047698831771.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048968/; classtype:trojan-activity;sid:83912068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048969)"; flow:established,from_client; content:"GET"; http_method; content:"/1494025679229.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048969/; classtype:trojan-activity;sid:83912069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048970)"; flow:established,from_client; content:"GET"; http_method; content:"/1494025679229.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048970/; classtype:trojan-activity;sid:83912070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048971)"; flow:established,from_client; content:"GET"; http_method; content:"/21526169013219.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048971/; classtype:trojan-activity;sid:83912071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048972)"; flow:established,from_client; content:"GET"; http_method; content:"/271422574128375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048972/; classtype:trojan-activity;sid:83912072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048973)"; flow:established,from_client; content:"GET"; http_method; content:"/241082772725462.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048973/; classtype:trojan-activity;sid:83912073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048974)"; flow:established,from_client; content:"GET"; http_method; content:"/2442990412424.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048974/; classtype:trojan-activity;sid:83912074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048975)"; flow:established,from_client; content:"GET"; http_method; content:"/28208068589.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048975/; classtype:trojan-activity;sid:83912075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048976)"; flow:established,from_client; content:"GET"; http_method; content:"/3173488889198.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048976/; classtype:trojan-activity;sid:83912076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048977)"; flow:established,from_client; content:"GET"; http_method; content:"/1047698831771.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048977/; classtype:trojan-activity;sid:83912077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048978)"; flow:established,from_client; content:"GET"; http_method; content:"/160672328012973.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048978/; classtype:trojan-activity;sid:83912078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048979)"; flow:established,from_client; content:"GET"; http_method; content:"/29044870917193.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048979/; classtype:trojan-activity;sid:83912079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048980)"; flow:established,from_client; content:"GET"; http_method; content:"/3099531828214.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048980/; classtype:trojan-activity;sid:83912080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048981)"; flow:established,from_client; content:"GET"; http_method; content:"/28258172047292.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048981/; classtype:trojan-activity;sid:83912081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048982)"; flow:established,from_client; content:"GET"; http_method; content:"/2442990412424.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048982/; classtype:trojan-activity;sid:83912082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048983)"; flow:established,from_client; content:"GET"; http_method; content:"/31933320695402.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048983/; classtype:trojan-activity;sid:83912083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048944)"; flow:established,from_client; content:"GET"; http_method; content:"/116963157065.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048944/; classtype:trojan-activity;sid:83912044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.130.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048943/; classtype:trojan-activity;sid:83912043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048938)"; flow:established,from_client; content:"GET"; http_method; content:"/269270317692.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048938/; classtype:trojan-activity;sid:83912038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048939)"; flow:established,from_client; content:"GET"; http_method; content:"/18291699432196.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048939/; classtype:trojan-activity;sid:83912039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048940)"; flow:established,from_client; content:"GET"; http_method; content:"/1493680295905.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048940/; classtype:trojan-activity;sid:83912040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048941)"; flow:established,from_client; content:"GET"; http_method; content:"/710162113845.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048941/; classtype:trojan-activity;sid:83912041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048942)"; flow:established,from_client; content:"GET"; http_method; content:"/1493680295905.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048942/; classtype:trojan-activity;sid:83912042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048923)"; flow:established,from_client; content:"GET"; http_method; content:"/18010673024546.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048923/; classtype:trojan-activity;sid:83912023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048924)"; flow:established,from_client; content:"GET"; http_method; content:"/11971114317060.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048924/; classtype:trojan-activity;sid:83912024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048925)"; flow:established,from_client; content:"GET"; http_method; content:"/1494025679229.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048925/; classtype:trojan-activity;sid:83912025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048926)"; flow:established,from_client; content:"GET"; http_method; content:"/7662560923358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048926/; classtype:trojan-activity;sid:83912026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048927)"; flow:established,from_client; content:"GET"; http_method; content:"/21791436929945.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048927/; classtype:trojan-activity;sid:83912027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048928)"; flow:established,from_client; content:"GET"; http_method; content:"/20371580615655.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048928/; classtype:trojan-activity;sid:83912028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048929)"; flow:established,from_client; content:"GET"; http_method; content:"/25123256582352.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048929/; classtype:trojan-activity;sid:83912029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048930)"; flow:established,from_client; content:"GET"; http_method; content:"/7662560923358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048930/; classtype:trojan-activity;sid:83912030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048931)"; flow:established,from_client; content:"GET"; http_method; content:"/8578413221070.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048931/; classtype:trojan-activity;sid:83912031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048932)"; flow:established,from_client; content:"GET"; http_method; content:"/26334159312437.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048932/; classtype:trojan-activity;sid:83912032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048933)"; flow:established,from_client; content:"GET"; http_method; content:"/3714240625358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048933/; classtype:trojan-activity;sid:83912033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048934)"; flow:established,from_client; content:"GET"; http_method; content:"/21791436929945.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048934/; classtype:trojan-activity;sid:83912034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048935)"; flow:established,from_client; content:"GET"; http_method; content:"/24036109961094.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048935/; classtype:trojan-activity;sid:83912035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048936)"; flow:established,from_client; content:"GET"; http_method; content:"/100382520127498.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048936/; classtype:trojan-activity;sid:83912036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048937)"; flow:established,from_client; content:"GET"; http_method; content:"/2442990412424.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048937/; classtype:trojan-activity;sid:83912037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048897)"; flow:established,from_client; content:"GET"; http_method; content:"/269270317692.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048897/; classtype:trojan-activity;sid:83911997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048898)"; flow:established,from_client; content:"GET"; http_method; content:"/183222740917008.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048898/; classtype:trojan-activity;sid:83911998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048899)"; flow:established,from_client; content:"GET"; http_method; content:"/3714240625358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048899/; classtype:trojan-activity;sid:83911999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048900)"; flow:established,from_client; content:"GET"; http_method; content:"/7662560923358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048900/; classtype:trojan-activity;sid:83912000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048901)"; flow:established,from_client; content:"GET"; http_method; content:"/7662560923358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048901/; classtype:trojan-activity;sid:83912001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048902)"; flow:established,from_client; content:"GET"; http_method; content:"/21791436929945.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048902/; classtype:trojan-activity;sid:83912002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048903)"; flow:established,from_client; content:"GET"; http_method; content:"/28258172047292.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048903/; classtype:trojan-activity;sid:83912003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048904)"; flow:established,from_client; content:"GET"; http_method; content:"/248221549524710.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048904/; classtype:trojan-activity;sid:83912004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048905)"; flow:established,from_client; content:"GET"; http_method; content:"/1301325520379.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048905/; classtype:trojan-activity;sid:83912005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048906)"; flow:established,from_client; content:"GET"; http_method; content:"/49201342017208.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048906/; classtype:trojan-activity;sid:83912006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048907)"; flow:established,from_client; content:"GET"; http_method; content:"/21210513926246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048907/; classtype:trojan-activity;sid:83912007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048908)"; flow:established,from_client; content:"GET"; http_method; content:"/29044870917193.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048908/; classtype:trojan-activity;sid:83912008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048909)"; flow:established,from_client; content:"GET"; http_method; content:"/261082872331996.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048909/; classtype:trojan-activity;sid:83912009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048910)"; flow:established,from_client; content:"GET"; http_method; content:"/25123256582352.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048910/; classtype:trojan-activity;sid:83912010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048911)"; flow:established,from_client; content:"GET"; http_method; content:"/16407240006521.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048911/; classtype:trojan-activity;sid:83912011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048912)"; flow:established,from_client; content:"GET"; http_method; content:"/3144435225931.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048912/; classtype:trojan-activity;sid:83912012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048913)"; flow:established,from_client; content:"GET"; http_method; content:"/116963157065.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048913/; classtype:trojan-activity;sid:83912013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048914)"; flow:established,from_client; content:"GET"; http_method; content:"/112762799311874.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048914/; classtype:trojan-activity;sid:83912014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048915)"; flow:established,from_client; content:"GET"; http_method; content:"/2425236266541.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048915/; classtype:trojan-activity;sid:83912015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048916)"; flow:established,from_client; content:"GET"; http_method; content:"/100382520127498.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048916/; classtype:trojan-activity;sid:83912016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048917)"; flow:established,from_client; content:"GET"; http_method; content:"/143163224613766.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048917/; classtype:trojan-activity;sid:83912017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048918)"; flow:established,from_client; content:"GET"; http_method; content:"/3144435225931.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048918/; classtype:trojan-activity;sid:83912018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048919)"; flow:established,from_client; content:"GET"; http_method; content:"/21210513926246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048919/; classtype:trojan-activity;sid:83912019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048920)"; flow:established,from_client; content:"GET"; http_method; content:"/241082772725462.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048920/; classtype:trojan-activity;sid:83912020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048921)"; flow:established,from_client; content:"GET"; http_method; content:"/269270317692.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048921/; classtype:trojan-activity;sid:83912021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048922)"; flow:established,from_client; content:"GET"; http_method; content:"/26334159312437.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048922/; classtype:trojan-activity;sid:83912022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048880)"; flow:established,from_client; content:"GET"; http_method; content:"/3099531828214.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048880/; classtype:trojan-activity;sid:83911980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048881)"; flow:established,from_client; content:"GET"; http_method; content:"/8578413221070.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048881/; classtype:trojan-activity;sid:83911981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048882)"; flow:established,from_client; content:"GET"; http_method; content:"/26334159312437.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048882/; classtype:trojan-activity;sid:83911982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048883)"; flow:established,from_client; content:"GET"; http_method; content:"/1047698831771.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048883/; classtype:trojan-activity;sid:83911983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048884)"; flow:established,from_client; content:"GET"; http_method; content:"/196371523423251.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048884/; classtype:trojan-activity;sid:83911984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048885)"; flow:established,from_client; content:"GET"; http_method; content:"/29044870917193.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048885/; classtype:trojan-activity;sid:83911985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048886)"; flow:established,from_client; content:"GET"; http_method; content:"/100382520127498.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048886/; classtype:trojan-activity;sid:83911986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048887)"; flow:established,from_client; content:"GET"; http_method; content:"/1493680295905.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048887/; classtype:trojan-activity;sid:83911987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048888)"; flow:established,from_client; content:"GET"; http_method; content:"/1493680295905.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048888/; classtype:trojan-activity;sid:83911988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048889)"; flow:established,from_client; content:"GET"; http_method; content:"/18010673024546.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048889/; classtype:trojan-activity;sid:83911989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048890)"; flow:established,from_client; content:"GET"; http_method; content:"/24036109961094.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048890/; classtype:trojan-activity;sid:83911990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048891)"; flow:established,from_client; content:"GET"; http_method; content:"/25123256582352.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048891/; classtype:trojan-activity;sid:83911991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048892)"; flow:established,from_client; content:"GET"; http_method; content:"/160191646713871.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048892/; classtype:trojan-activity;sid:83911992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048893)"; flow:established,from_client; content:"GET"; http_method; content:"/3714240625358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048893/; classtype:trojan-activity;sid:83911993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048894)"; flow:established,from_client; content:"GET"; http_method; content:"/269270317692.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048894/; classtype:trojan-activity;sid:83911994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048895)"; flow:established,from_client; content:"GET"; http_method; content:"/21210513926246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048895/; classtype:trojan-activity;sid:83911995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048896)"; flow:established,from_client; content:"GET"; http_method; content:"/160672328012973.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048896/; classtype:trojan-activity;sid:83911996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048859)"; flow:established,from_client; content:"GET"; http_method; content:"/16407240006521.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048859/; classtype:trojan-activity;sid:83911959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048860)"; flow:established,from_client; content:"GET"; http_method; content:"/7570552717192.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048860/; classtype:trojan-activity;sid:83911960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048861)"; flow:established,from_client; content:"GET"; http_method; content:"/8578413221070.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048861/; classtype:trojan-activity;sid:83911961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048862)"; flow:established,from_client; content:"GET"; http_method; content:"/49201342017208.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048862/; classtype:trojan-activity;sid:83911962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048863)"; flow:established,from_client; content:"GET"; http_method; content:"/100382520127498.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048863/; classtype:trojan-activity;sid:83911963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048864)"; flow:established,from_client; content:"GET"; http_method; content:"/269270317692.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048864/; classtype:trojan-activity;sid:83911964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048865)"; flow:established,from_client; content:"GET"; http_method; content:"/26334159312437.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048865/; classtype:trojan-activity;sid:83911965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048866)"; flow:established,from_client; content:"GET"; http_method; content:"/21526169013219.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048866/; classtype:trojan-activity;sid:83911966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048867)"; flow:established,from_client; content:"GET"; http_method; content:"/160191646713871.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048867/; classtype:trojan-activity;sid:83911967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048868)"; flow:established,from_client; content:"GET"; http_method; content:"/143163224613766.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048868/; classtype:trojan-activity;sid:83911968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048869)"; flow:established,from_client; content:"GET"; http_method; content:"/242191824627282.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048869/; classtype:trojan-activity;sid:83911969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048870)"; flow:established,from_client; content:"GET"; http_method; content:"/261082872331996.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048870/; classtype:trojan-activity;sid:83911970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048871)"; flow:established,from_client; content:"GET"; http_method; content:"/160672328012973.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048871/; classtype:trojan-activity;sid:83911971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048872)"; flow:established,from_client; content:"GET"; http_method; content:"/112762799311874.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048872/; classtype:trojan-activity;sid:83911972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048873)"; flow:established,from_client; content:"GET"; http_method; content:"/65192552717977.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048873/; classtype:trojan-activity;sid:83911973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048874)"; flow:established,from_client; content:"GET"; http_method; content:"/18010673024546.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048874/; classtype:trojan-activity;sid:83911974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048875)"; flow:established,from_client; content:"GET"; http_method; content:"/20371580615655.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048875/; classtype:trojan-activity;sid:83911975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048876)"; flow:established,from_client; content:"GET"; http_method; content:"/270253008428631.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048876/; classtype:trojan-activity;sid:83911976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048877)"; flow:established,from_client; content:"GET"; http_method; content:"/65192552717977.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048877/; classtype:trojan-activity;sid:83911977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048878)"; flow:established,from_client; content:"GET"; http_method; content:"/8578413221070.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048878/; classtype:trojan-activity;sid:83911978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048879)"; flow:established,from_client; content:"GET"; http_method; content:"/248221549524710.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048879/; classtype:trojan-activity;sid:83911979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048842)"; flow:established,from_client; content:"GET"; http_method; content:"/28622300615912.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048842/; classtype:trojan-activity;sid:83911942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048843)"; flow:established,from_client; content:"GET"; http_method; content:"/2425236266541.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048843/; classtype:trojan-activity;sid:83911943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048844)"; flow:established,from_client; content:"GET"; http_method; content:"/65192552717977.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048844/; classtype:trojan-activity;sid:83911944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048845)"; flow:established,from_client; content:"GET"; http_method; content:"/28208068589.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048845/; classtype:trojan-activity;sid:83911945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048846)"; flow:established,from_client; content:"GET"; http_method; content:"/31933320695402.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048846/; classtype:trojan-activity;sid:83911946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048847)"; flow:established,from_client; content:"GET"; http_method; content:"/1494025679229.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048847/; classtype:trojan-activity;sid:83911947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048848)"; flow:established,from_client; content:"GET"; http_method; content:"/16407240006521.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048848/; classtype:trojan-activity;sid:83911948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048849)"; flow:established,from_client; content:"GET"; http_method; content:"/710162113845.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048849/; classtype:trojan-activity;sid:83911949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048850)"; flow:established,from_client; content:"GET"; http_method; content:"/116963157065.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048850/; classtype:trojan-activity;sid:83911950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048851)"; flow:established,from_client; content:"GET"; http_method; content:"/3099531828214.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048851/; classtype:trojan-activity;sid:83911951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048852)"; flow:established,from_client; content:"GET"; http_method; content:"/20371580615655.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048852/; classtype:trojan-activity;sid:83911952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048853)"; flow:established,from_client; content:"GET"; http_method; content:"/11279194465698.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048853/; classtype:trojan-activity;sid:83911953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048854)"; flow:established,from_client; content:"GET"; http_method; content:"/3173488889198.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048854/; classtype:trojan-activity;sid:83911954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048855)"; flow:established,from_client; content:"GET"; http_method; content:"/241082772725462.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048855/; classtype:trojan-activity;sid:83911955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048856)"; flow:established,from_client; content:"GET"; http_method; content:"/235713873942.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048856/; classtype:trojan-activity;sid:83911956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048857)"; flow:established,from_client; content:"GET"; http_method; content:"/20371580615655.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048857/; classtype:trojan-activity;sid:83911957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048858)"; flow:established,from_client; content:"GET"; http_method; content:"/14117938220213.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048858/; classtype:trojan-activity;sid:83911958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048828)"; flow:established,from_client; content:"GET"; http_method; content:"/247102099110965.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048828/; classtype:trojan-activity;sid:83911928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048829)"; flow:established,from_client; content:"GET"; http_method; content:"/18291699432196.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048829/; classtype:trojan-activity;sid:83911929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048830)"; flow:established,from_client; content:"GET"; http_method; content:"/303632922821244.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048830/; classtype:trojan-activity;sid:83911930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048831)"; flow:established,from_client; content:"GET"; http_method; content:"/3144435225931.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048831/; classtype:trojan-activity;sid:83911931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048832)"; flow:established,from_client; content:"GET"; http_method; content:"/248221549524710.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048832/; classtype:trojan-activity;sid:83911932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048833)"; flow:established,from_client; content:"GET"; http_method; content:"/710162113845.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048833/; classtype:trojan-activity;sid:83911933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048834)"; flow:established,from_client; content:"GET"; http_method; content:"/1301325520379.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048834/; classtype:trojan-activity;sid:83911934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048835)"; flow:established,from_client; content:"GET"; http_method; content:"/8578413221070.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048835/; classtype:trojan-activity;sid:83911935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048836)"; flow:established,from_client; content:"GET"; http_method; content:"/160672328012973.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048836/; classtype:trojan-activity;sid:83911936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048837)"; flow:established,from_client; content:"GET"; http_method; content:"/28258172047292.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048837/; classtype:trojan-activity;sid:83911937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048838)"; flow:established,from_client; content:"GET"; http_method; content:"/15582296527056.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048838/; classtype:trojan-activity;sid:83911938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048839)"; flow:established,from_client; content:"GET"; http_method; content:"/116963157065.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048839/; classtype:trojan-activity;sid:83911939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048840)"; flow:established,from_client; content:"GET"; http_method; content:"/143163224613766.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048840/; classtype:trojan-activity;sid:83911940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048841)"; flow:established,from_client; content:"GET"; http_method; content:"/160191646713871.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048841/; classtype:trojan-activity;sid:83911941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048807)"; flow:established,from_client; content:"GET"; http_method; content:"/28258172047292.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048807/; classtype:trojan-activity;sid:83911907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048808)"; flow:established,from_client; content:"GET"; http_method; content:"/26334159312437.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048808/; classtype:trojan-activity;sid:83911908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048809)"; flow:established,from_client; content:"GET"; http_method; content:"/160191646713871.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048809/; classtype:trojan-activity;sid:83911909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048810)"; flow:established,from_client; content:"GET"; http_method; content:"/11279194465698.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048810/; classtype:trojan-activity;sid:83911910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048811)"; flow:established,from_client; content:"GET"; http_method; content:"/247102099110965.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048811/; classtype:trojan-activity;sid:83911911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048812)"; flow:established,from_client; content:"GET"; http_method; content:"/21210513926246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048812/; classtype:trojan-activity;sid:83911912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048813)"; flow:established,from_client; content:"GET"; http_method; content:"/100382520127498.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048813/; classtype:trojan-activity;sid:83911913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048814)"; flow:established,from_client; content:"GET"; http_method; content:"/248221549524710.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048814/; classtype:trojan-activity;sid:83911914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048815)"; flow:established,from_client; content:"GET"; http_method; content:"/112762799311874.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048815/; classtype:trojan-activity;sid:83911915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048816)"; flow:established,from_client; content:"GET"; http_method; content:"/11971114317060.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048816/; classtype:trojan-activity;sid:83911916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048817)"; flow:established,from_client; content:"GET"; http_method; content:"/2425236266541.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048817/; classtype:trojan-activity;sid:83911917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048818)"; flow:established,from_client; content:"GET"; http_method; content:"/116963157065.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048818/; classtype:trojan-activity;sid:83911918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048819)"; flow:established,from_client; content:"GET"; http_method; content:"/143163224613766.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048819/; classtype:trojan-activity;sid:83911919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048820)"; flow:established,from_client; content:"GET"; http_method; content:"/710162113845.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048820/; classtype:trojan-activity;sid:83911920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048821)"; flow:established,from_client; content:"GET"; http_method; content:"/14117938220213.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048821/; classtype:trojan-activity;sid:83911921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048822)"; flow:established,from_client; content:"GET"; http_method; content:"/24036109961094.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048822/; classtype:trojan-activity;sid:83911922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048823)"; flow:established,from_client; content:"GET"; http_method; content:"/1494025679229.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048823/; classtype:trojan-activity;sid:83911923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048824)"; flow:established,from_client; content:"GET"; http_method; content:"/18010673024546.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048824/; classtype:trojan-activity;sid:83911924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048825)"; flow:established,from_client; content:"GET"; http_method; content:"/49201342017208.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048825/; classtype:trojan-activity;sid:83911925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048826)"; flow:established,from_client; content:"GET"; http_method; content:"/21791436929945.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048826/; classtype:trojan-activity;sid:83911926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048827)"; flow:established,from_client; content:"GET"; http_method; content:"/196371523423251.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048827/; classtype:trojan-activity;sid:83911927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048795)"; flow:established,from_client; content:"GET"; http_method; content:"/21526169013219.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048795/; classtype:trojan-activity;sid:83911895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048796)"; flow:established,from_client; content:"GET"; http_method; content:"/28208068589.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048796/; classtype:trojan-activity;sid:83911896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048797)"; flow:established,from_client; content:"GET"; http_method; content:"/18291699432196.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048797/; classtype:trojan-activity;sid:83911897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048798)"; flow:established,from_client; content:"GET"; http_method; content:"/21210513926246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048798/; classtype:trojan-activity;sid:83911898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048799)"; flow:established,from_client; content:"GET"; http_method; content:"/7662560923358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048799/; classtype:trojan-activity;sid:83911899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048800)"; flow:established,from_client; content:"GET"; http_method; content:"/248221549524710.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048800/; classtype:trojan-activity;sid:83911900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048801)"; flow:established,from_client; content:"GET"; http_method; content:"/320312909623919.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048801/; classtype:trojan-activity;sid:83911901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048802)"; flow:established,from_client; content:"GET"; http_method; content:"/7662560923358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048802/; classtype:trojan-activity;sid:83911902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048803)"; flow:established,from_client; content:"GET"; http_method; content:"/3173488889198.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048803/; classtype:trojan-activity;sid:83911903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048804)"; flow:established,from_client; content:"GET"; http_method; content:"/269270317692.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048804/; classtype:trojan-activity;sid:83911904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048805)"; flow:established,from_client; content:"GET"; http_method; content:"/261082872331996.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048805/; classtype:trojan-activity;sid:83911905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048806)"; flow:established,from_client; content:"GET"; http_method; content:"/271422574128375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048806/; classtype:trojan-activity;sid:83911906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048770)"; flow:established,from_client; content:"GET"; http_method; content:"/16407240006521.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048770/; classtype:trojan-activity;sid:83911870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048771)"; flow:established,from_client; content:"GET"; http_method; content:"/3099531828214.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048771/; classtype:trojan-activity;sid:83911871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048772)"; flow:established,from_client; content:"GET"; http_method; content:"/112762799311874.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048772/; classtype:trojan-activity;sid:83911872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048773)"; flow:established,from_client; content:"GET"; http_method; content:"/7662560923358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048773/; classtype:trojan-activity;sid:83911873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048774)"; flow:established,from_client; content:"GET"; http_method; content:"/28258172047292.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048774/; classtype:trojan-activity;sid:83911874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048775)"; flow:established,from_client; content:"GET"; http_method; content:"/18010673024546.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048775/; classtype:trojan-activity;sid:83911875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048776)"; flow:established,from_client; content:"GET"; http_method; content:"/31933320695402.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048776/; classtype:trojan-activity;sid:83911876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048777)"; flow:established,from_client; content:"GET"; http_method; content:"/320312909623919.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048777/; classtype:trojan-activity;sid:83911877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048778)"; flow:established,from_client; content:"GET"; http_method; content:"/247102099110965.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048778/; classtype:trojan-activity;sid:83911878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048779)"; flow:established,from_client; content:"GET"; http_method; content:"/261082872331996.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048779/; classtype:trojan-activity;sid:83911879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048780)"; flow:established,from_client; content:"GET"; http_method; content:"/143163224613766.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048780/; classtype:trojan-activity;sid:83911880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048781)"; flow:established,from_client; content:"GET"; http_method; content:"/196371523423251.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048781/; classtype:trojan-activity;sid:83911881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048782)"; flow:established,from_client; content:"GET"; http_method; content:"/270253008428631.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048782/; classtype:trojan-activity;sid:83911882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048783)"; flow:established,from_client; content:"GET"; http_method; content:"/183222740917008.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048783/; classtype:trojan-activity;sid:83911883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048784)"; flow:established,from_client; content:"GET"; http_method; content:"/16407240006521.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048784/; classtype:trojan-activity;sid:83911884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048785)"; flow:established,from_client; content:"GET"; http_method; content:"/26334159312437.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048785/; classtype:trojan-activity;sid:83911885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048786)"; flow:established,from_client; content:"GET"; http_method; content:"/49201342017208.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048786/; classtype:trojan-activity;sid:83911886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048787)"; flow:established,from_client; content:"GET"; http_method; content:"/196371523423251.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048787/; classtype:trojan-activity;sid:83911887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048788)"; flow:established,from_client; content:"GET"; http_method; content:"/2425236266541.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048788/; classtype:trojan-activity;sid:83911888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048789)"; flow:established,from_client; content:"GET"; http_method; content:"/11971114317060.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048789/; classtype:trojan-activity;sid:83911889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048790)"; flow:established,from_client; content:"GET"; http_method; content:"/21791436929945.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048790/; classtype:trojan-activity;sid:83911890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048791)"; flow:established,from_client; content:"GET"; http_method; content:"/160191646713871.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048791/; classtype:trojan-activity;sid:83911891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048792)"; flow:established,from_client; content:"GET"; http_method; content:"/270253008428631.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048792/; classtype:trojan-activity;sid:83911892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048793)"; flow:established,from_client; content:"GET"; http_method; content:"/11279194465698.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048793/; classtype:trojan-activity;sid:83911893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048794)"; flow:established,from_client; content:"GET"; http_method; content:"/2442990412424.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048794/; classtype:trojan-activity;sid:83911894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048755)"; flow:established,from_client; content:"GET"; http_method; content:"/248221549524710.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048755/; classtype:trojan-activity;sid:83911855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048756)"; flow:established,from_client; content:"GET"; http_method; content:"/320312909623919.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048756/; classtype:trojan-activity;sid:83911856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048757)"; flow:established,from_client; content:"GET"; http_method; content:"/270253008428631.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048757/; classtype:trojan-activity;sid:83911857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048758)"; flow:established,from_client; content:"GET"; http_method; content:"/3173488889198.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048758/; classtype:trojan-activity;sid:83911858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048759)"; flow:established,from_client; content:"GET"; http_method; content:"/271422574128375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048759/; classtype:trojan-activity;sid:83911859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048760)"; flow:established,from_client; content:"GET"; http_method; content:"/25123256582352.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048760/; classtype:trojan-activity;sid:83911860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048761)"; flow:established,from_client; content:"GET"; http_method; content:"/261082872331996.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048761/; classtype:trojan-activity;sid:83911861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048762)"; flow:established,from_client; content:"GET"; http_method; content:"/23602228684844.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048762/; classtype:trojan-activity;sid:83911862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048763)"; flow:established,from_client; content:"GET"; http_method; content:"/23602228684844.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048763/; classtype:trojan-activity;sid:83911863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048764)"; flow:established,from_client; content:"GET"; http_method; content:"/196371523423251.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048764/; classtype:trojan-activity;sid:83911864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048765)"; flow:established,from_client; content:"GET"; http_method; content:"/1494025679229.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048765/; classtype:trojan-activity;sid:83911865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048766)"; flow:established,from_client; content:"GET"; http_method; content:"/3173488889198.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048766/; classtype:trojan-activity;sid:83911866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048767)"; flow:established,from_client; content:"GET"; http_method; content:"/320312909623919.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048767/; classtype:trojan-activity;sid:83911867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048768)"; flow:established,from_client; content:"GET"; http_method; content:"/241082772725462.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048768/; classtype:trojan-activity;sid:83911868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048769)"; flow:established,from_client; content:"GET"; http_method; content:"/78102414516540.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048769/; classtype:trojan-activity;sid:83911869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048734)"; flow:established,from_client; content:"GET"; http_method; content:"/25123256582352.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048734/; classtype:trojan-activity;sid:83911834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048735)"; flow:established,from_client; content:"GET"; http_method; content:"/241082772725462.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048735/; classtype:trojan-activity;sid:83911835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048736)"; flow:established,from_client; content:"GET"; http_method; content:"/21210513926246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048736/; classtype:trojan-activity;sid:83911836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048737)"; flow:established,from_client; content:"GET"; http_method; content:"/2425236266541.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048737/; classtype:trojan-activity;sid:83911837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048738)"; flow:established,from_client; content:"GET"; http_method; content:"/241082772725462.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048738/; classtype:trojan-activity;sid:83911838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048739)"; flow:established,from_client; content:"GET"; http_method; content:"/24036109961094.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048739/; classtype:trojan-activity;sid:83911839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048740)"; flow:established,from_client; content:"GET"; http_method; content:"/18010673024546.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048740/; classtype:trojan-activity;sid:83911840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048741)"; flow:established,from_client; content:"GET"; http_method; content:"/31933320695402.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048741/; classtype:trojan-activity;sid:83911841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048742)"; flow:established,from_client; content:"GET"; http_method; content:"/78102414516540.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048742/; classtype:trojan-activity;sid:83911842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048743)"; flow:established,from_client; content:"GET"; http_method; content:"/1047698831771.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048743/; classtype:trojan-activity;sid:83911843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048744)"; flow:established,from_client; content:"GET"; http_method; content:"/8578413221070.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048744/; classtype:trojan-activity;sid:83911844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048745)"; flow:established,from_client; content:"GET"; http_method; content:"/1527830137078.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048745/; classtype:trojan-activity;sid:83911845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048746)"; flow:established,from_client; content:"GET"; http_method; content:"/303632922821244.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048746/; classtype:trojan-activity;sid:83911846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048747)"; flow:established,from_client; content:"GET"; http_method; content:"/235713873942.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048747/; classtype:trojan-activity;sid:83911847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048748)"; flow:established,from_client; content:"GET"; http_method; content:"/303632922821244.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048748/; classtype:trojan-activity;sid:83911848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048749)"; flow:established,from_client; content:"GET"; http_method; content:"/26334159312437.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048749/; classtype:trojan-activity;sid:83911849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048750)"; flow:established,from_client; content:"GET"; http_method; content:"/160672328012973.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048750/; classtype:trojan-activity;sid:83911850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048751)"; flow:established,from_client; content:"GET"; http_method; content:"/143163224613766.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048751/; classtype:trojan-activity;sid:83911851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048752)"; flow:established,from_client; content:"GET"; http_method; content:"/14117938220213.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048752/; classtype:trojan-activity;sid:83911852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048753)"; flow:established,from_client; content:"GET"; http_method; content:"/16407240006521.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048753/; classtype:trojan-activity;sid:83911853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048754)"; flow:established,from_client; content:"GET"; http_method; content:"/160191646713871.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048754/; classtype:trojan-activity;sid:83911854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048720)"; flow:established,from_client; content:"GET"; http_method; content:"/241082772725462.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048720/; classtype:trojan-activity;sid:83911820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048721)"; flow:established,from_client; content:"GET"; http_method; content:"/1494025679229.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048721/; classtype:trojan-activity;sid:83911821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048722)"; flow:established,from_client; content:"GET"; http_method; content:"/143163224613766.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048722/; classtype:trojan-activity;sid:83911822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048723)"; flow:established,from_client; content:"GET"; http_method; content:"/11279194465698.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048723/; classtype:trojan-activity;sid:83911823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048724)"; flow:established,from_client; content:"GET"; http_method; content:"/28208068589.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048724/; classtype:trojan-activity;sid:83911824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048725)"; flow:established,from_client; content:"GET"; http_method; content:"/1527830137078.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048725/; classtype:trojan-activity;sid:83911825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048726)"; flow:established,from_client; content:"GET"; http_method; content:"/7662560923358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048726/; classtype:trojan-activity;sid:83911826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048727)"; flow:established,from_client; content:"GET"; http_method; content:"/18291699432196.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048727/; classtype:trojan-activity;sid:83911827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048728)"; flow:established,from_client; content:"GET"; http_method; content:"/3714240625358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048728/; classtype:trojan-activity;sid:83911828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048729)"; flow:established,from_client; content:"GET"; http_method; content:"/11279194465698.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048729/; classtype:trojan-activity;sid:83911829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048730)"; flow:established,from_client; content:"GET"; http_method; content:"/160672328012973.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048730/; classtype:trojan-activity;sid:83911830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048731)"; flow:established,from_client; content:"GET"; http_method; content:"/269270317692.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048731/; classtype:trojan-activity;sid:83911831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048732)"; flow:established,from_client; content:"GET"; http_method; content:"/25123256582352.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048732/; classtype:trojan-activity;sid:83911832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048733)"; flow:established,from_client; content:"GET"; http_method; content:"/303632922821244.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048733/; classtype:trojan-activity;sid:83911833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048711)"; flow:established,from_client; content:"GET"; http_method; content:"/21526169013219.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048711/; classtype:trojan-activity;sid:83911811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048712)"; flow:established,from_client; content:"GET"; http_method; content:"/247102099110965.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048712/; classtype:trojan-activity;sid:83911812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048713)"; flow:established,from_client; content:"GET"; http_method; content:"/24036109961094.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048713/; classtype:trojan-activity;sid:83911813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048714)"; flow:established,from_client; content:"GET"; http_method; content:"/195151343324643.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048714/; classtype:trojan-activity;sid:83911814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048715)"; flow:established,from_client; content:"GET"; http_method; content:"/3099531828214.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048715/; classtype:trojan-activity;sid:83911815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048716)"; flow:established,from_client; content:"GET"; http_method; content:"/241082772725462.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048716/; classtype:trojan-activity;sid:83911816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048717)"; flow:established,from_client; content:"GET"; http_method; content:"/235713873942.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048717/; classtype:trojan-activity;sid:83911817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048718)"; flow:established,from_client; content:"GET"; http_method; content:"/11279194465698.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048718/; classtype:trojan-activity;sid:83911818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048719)"; flow:established,from_client; content:"GET"; http_method; content:"/3099531828214.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048719/; classtype:trojan-activity;sid:83911819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048687)"; flow:established,from_client; content:"GET"; http_method; content:"/7570552717192.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048687/; classtype:trojan-activity;sid:83911787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048688)"; flow:established,from_client; content:"GET"; http_method; content:"/248221549524710.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048688/; classtype:trojan-activity;sid:83911788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048689)"; flow:established,from_client; content:"GET"; http_method; content:"/112762799311874.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048689/; classtype:trojan-activity;sid:83911789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048690)"; flow:established,from_client; content:"GET"; http_method; content:"/269270317692.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048690/; classtype:trojan-activity;sid:83911790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048691)"; flow:established,from_client; content:"GET"; http_method; content:"/49201342017208.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048691/; classtype:trojan-activity;sid:83911791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048692)"; flow:established,from_client; content:"GET"; http_method; content:"/235713873942.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048692/; classtype:trojan-activity;sid:83911792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048693)"; flow:established,from_client; content:"GET"; http_method; content:"/29044870917193.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048693/; classtype:trojan-activity;sid:83911793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048694)"; flow:established,from_client; content:"GET"; http_method; content:"/1493680295905.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048694/; classtype:trojan-activity;sid:83911794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048695)"; flow:established,from_client; content:"GET"; http_method; content:"/65192552717977.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048695/; classtype:trojan-activity;sid:83911795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048696)"; flow:established,from_client; content:"GET"; http_method; content:"/270253008428631.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048696/; classtype:trojan-activity;sid:83911796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048697)"; flow:established,from_client; content:"GET"; http_method; content:"/23602228684844.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048697/; classtype:trojan-activity;sid:83911797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048698)"; flow:established,from_client; content:"GET"; http_method; content:"/3714240625358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048698/; classtype:trojan-activity;sid:83911798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048699)"; flow:established,from_client; content:"GET"; http_method; content:"/241082772725462.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048699/; classtype:trojan-activity;sid:83911799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048700)"; flow:established,from_client; content:"GET"; http_method; content:"/247102099110965.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048700/; classtype:trojan-activity;sid:83911800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048701)"; flow:established,from_client; content:"GET"; http_method; content:"/195151343324643.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048701/; classtype:trojan-activity;sid:83911801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048702)"; flow:established,from_client; content:"GET"; http_method; content:"/242191824627282.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048702/; classtype:trojan-activity;sid:83911802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048703)"; flow:established,from_client; content:"GET"; http_method; content:"/28258172047292.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048703/; classtype:trojan-activity;sid:83911803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048704)"; flow:established,from_client; content:"GET"; http_method; content:"/271422574128375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048704/; classtype:trojan-activity;sid:83911804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048705)"; flow:established,from_client; content:"GET"; http_method; content:"/3173488889198.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048705/; classtype:trojan-activity;sid:83911805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048706)"; flow:established,from_client; content:"GET"; http_method; content:"/49201342017208.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048706/; classtype:trojan-activity;sid:83911806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048707)"; flow:established,from_client; content:"GET"; http_method; content:"/28622300615912.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048707/; classtype:trojan-activity;sid:83911807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048708)"; flow:established,from_client; content:"GET"; http_method; content:"/1493680295905.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048708/; classtype:trojan-activity;sid:83911808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048709)"; flow:established,from_client; content:"GET"; http_method; content:"/14117938220213.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048709/; classtype:trojan-activity;sid:83911809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048710)"; flow:established,from_client; content:"GET"; http_method; content:"/1301325520379.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048710/; classtype:trojan-activity;sid:83911810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048677)"; flow:established,from_client; content:"GET"; http_method; content:"/18010673024546.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048677/; classtype:trojan-activity;sid:83911777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048678)"; flow:established,from_client; content:"GET"; http_method; content:"/303632922821244.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048678/; classtype:trojan-activity;sid:83911778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048679)"; flow:established,from_client; content:"GET"; http_method; content:"/160672328012973.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048679/; classtype:trojan-activity;sid:83911779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048680)"; flow:established,from_client; content:"GET"; http_method; content:"/65192552717977.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048680/; classtype:trojan-activity;sid:83911780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048681)"; flow:established,from_client; content:"GET"; http_method; content:"/241082772725462.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048681/; classtype:trojan-activity;sid:83911781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048682)"; flow:established,from_client; content:"GET"; http_method; content:"/23602228684844.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048682/; classtype:trojan-activity;sid:83911782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048683)"; flow:established,from_client; content:"GET"; http_method; content:"/3714240625358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048683/; classtype:trojan-activity;sid:83911783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048684)"; flow:established,from_client; content:"GET"; http_method; content:"/18291699432196.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048684/; classtype:trojan-activity;sid:83911784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048685)"; flow:established,from_client; content:"GET"; http_method; content:"/261082872331996.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048685/; classtype:trojan-activity;sid:83911785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048686)"; flow:established,from_client; content:"GET"; http_method; content:"/261082872331996.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048686/; classtype:trojan-activity;sid:83911786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048667)"; flow:established,from_client; content:"GET"; http_method; content:"/1493680295905.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048667/; classtype:trojan-activity;sid:83911767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048668)"; flow:established,from_client; content:"GET"; http_method; content:"/16407240006521.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048668/; classtype:trojan-activity;sid:83911768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048669)"; flow:established,from_client; content:"GET"; http_method; content:"/28622300615912.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048669/; classtype:trojan-activity;sid:83911769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048670)"; flow:established,from_client; content:"GET"; http_method; content:"/31933320695402.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048670/; classtype:trojan-activity;sid:83911770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048671)"; flow:established,from_client; content:"GET"; http_method; content:"/195151343324643.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048671/; classtype:trojan-activity;sid:83911771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048672)"; flow:established,from_client; content:"GET"; http_method; content:"/3173488889198.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048672/; classtype:trojan-activity;sid:83911772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048673)"; flow:established,from_client; content:"GET"; http_method; content:"/20371580615655.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048673/; classtype:trojan-activity;sid:83911773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048674)"; flow:established,from_client; content:"GET"; http_method; content:"/20371580615655.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048674/; classtype:trojan-activity;sid:83911774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048675)"; flow:established,from_client; content:"GET"; http_method; content:"/28208068589.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048675/; classtype:trojan-activity;sid:83911775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048676)"; flow:established,from_client; content:"GET"; http_method; content:"/7570552717192.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048676/; classtype:trojan-activity;sid:83911776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048638)"; flow:established,from_client; content:"GET"; http_method; content:"/25123256582352.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048638/; classtype:trojan-activity;sid:83911738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048639)"; flow:established,from_client; content:"GET"; http_method; content:"/21791436929945.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048639/; classtype:trojan-activity;sid:83911739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048640)"; flow:established,from_client; content:"GET"; http_method; content:"/29044870917193.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048640/; classtype:trojan-activity;sid:83911740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048641)"; flow:established,from_client; content:"GET"; http_method; content:"/235713873942.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048641/; classtype:trojan-activity;sid:83911741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048642)"; flow:established,from_client; content:"GET"; http_method; content:"/21526169013219.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048642/; classtype:trojan-activity;sid:83911742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048643)"; flow:established,from_client; content:"GET"; http_method; content:"/49201342017208.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048643/; classtype:trojan-activity;sid:83911743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048644)"; flow:established,from_client; content:"GET"; http_method; content:"/195151343324643.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048644/; classtype:trojan-activity;sid:83911744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048645)"; flow:established,from_client; content:"GET"; http_method; content:"/3144435225931.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048645/; classtype:trojan-activity;sid:83911745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048646)"; flow:established,from_client; content:"GET"; http_method; content:"/65192552717977.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048646/; classtype:trojan-activity;sid:83911746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048647)"; flow:established,from_client; content:"GET"; http_method; content:"/21210513926246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048647/; classtype:trojan-activity;sid:83911747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048648)"; flow:established,from_client; content:"GET"; http_method; content:"/242191824627282.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048648/; classtype:trojan-activity;sid:83911748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048649)"; flow:established,from_client; content:"GET"; http_method; content:"/28208068589.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048649/; classtype:trojan-activity;sid:83911749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048650)"; flow:established,from_client; content:"GET"; http_method; content:"/710162113845.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048650/; classtype:trojan-activity;sid:83911750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048651)"; flow:established,from_client; content:"GET"; http_method; content:"/20371580615655.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048651/; classtype:trojan-activity;sid:83911751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048652)"; flow:established,from_client; content:"GET"; http_method; content:"/143163224613766.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048652/; classtype:trojan-activity;sid:83911752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048653)"; flow:established,from_client; content:"GET"; http_method; content:"/235713873942.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048653/; classtype:trojan-activity;sid:83911753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048654)"; flow:established,from_client; content:"GET"; http_method; content:"/248221549524710.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048654/; classtype:trojan-activity;sid:83911754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048655)"; flow:established,from_client; content:"GET"; http_method; content:"/1527830137078.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048655/; classtype:trojan-activity;sid:83911755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048656)"; flow:established,from_client; content:"GET"; http_method; content:"/303632922821244.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048656/; classtype:trojan-activity;sid:83911756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048657)"; flow:established,from_client; content:"GET"; http_method; content:"/1493680295905.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048657/; classtype:trojan-activity;sid:83911757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048658)"; flow:established,from_client; content:"GET"; http_method; content:"/21791436929945.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048658/; classtype:trojan-activity;sid:83911758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048659)"; flow:established,from_client; content:"GET"; http_method; content:"/28208068589.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048659/; classtype:trojan-activity;sid:83911759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048660)"; flow:established,from_client; content:"GET"; http_method; content:"/261082872331996.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048660/; classtype:trojan-activity;sid:83911760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048661)"; flow:established,from_client; content:"GET"; http_method; content:"/1301325520379.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048661/; classtype:trojan-activity;sid:83911761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048662)"; flow:established,from_client; content:"GET"; http_method; content:"/11971114317060.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048662/; classtype:trojan-activity;sid:83911762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048663)"; flow:established,from_client; content:"GET"; http_method; content:"/3099531828214.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048663/; classtype:trojan-activity;sid:83911763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048664)"; flow:established,from_client; content:"GET"; http_method; content:"/271422574128375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048664/; classtype:trojan-activity;sid:83911764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048665)"; flow:established,from_client; content:"GET"; http_method; content:"/29044870917193.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048665/; classtype:trojan-activity;sid:83911765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048666)"; flow:established,from_client; content:"GET"; http_method; content:"/15582296527056.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048666/; classtype:trojan-activity;sid:83911766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048631)"; flow:established,from_client; content:"GET"; http_method; content:"/160672328012973.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048631/; classtype:trojan-activity;sid:83911731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048632)"; flow:established,from_client; content:"GET"; http_method; content:"/241082772725462.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048632/; classtype:trojan-activity;sid:83911732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048633)"; flow:established,from_client; content:"GET"; http_method; content:"/196371523423251.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048633/; classtype:trojan-activity;sid:83911733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048634)"; flow:established,from_client; content:"GET"; http_method; content:"/7570552717192.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048634/; classtype:trojan-activity;sid:83911734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048635)"; flow:established,from_client; content:"GET"; http_method; content:"/3144435225931.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048635/; classtype:trojan-activity;sid:83911735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048636)"; flow:established,from_client; content:"GET"; http_method; content:"/1301325520379.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048636/; classtype:trojan-activity;sid:83911736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048637)"; flow:established,from_client; content:"GET"; http_method; content:"/112762799311874.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048637/; classtype:trojan-activity;sid:83911737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048604)"; flow:established,from_client; content:"GET"; http_method; content:"/21210513926246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048604/; classtype:trojan-activity;sid:83911704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048605)"; flow:established,from_client; content:"GET"; http_method; content:"/78102414516540.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048605/; classtype:trojan-activity;sid:83911705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048606)"; flow:established,from_client; content:"GET"; http_method; content:"/160672328012973.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048606/; classtype:trojan-activity;sid:83911706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048607)"; flow:established,from_client; content:"GET"; http_method; content:"/112762799311874.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048607/; classtype:trojan-activity;sid:83911707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048608)"; flow:established,from_client; content:"GET"; http_method; content:"/112762799311874.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048608/; classtype:trojan-activity;sid:83911708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048609)"; flow:established,from_client; content:"GET"; http_method; content:"/21791436929945.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048609/; classtype:trojan-activity;sid:83911709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048610)"; flow:established,from_client; content:"GET"; http_method; content:"/8578413221070.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048610/; classtype:trojan-activity;sid:83911710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048611)"; flow:established,from_client; content:"GET"; http_method; content:"/16407240006521.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048611/; classtype:trojan-activity;sid:83911711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048612)"; flow:established,from_client; content:"GET"; http_method; content:"/15582296527056.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048612/; classtype:trojan-activity;sid:83911712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048613)"; flow:established,from_client; content:"GET"; http_method; content:"/3714240625358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048613/; classtype:trojan-activity;sid:83911713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048614)"; flow:established,from_client; content:"GET"; http_method; content:"/3173488889198.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048614/; classtype:trojan-activity;sid:83911714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048615)"; flow:established,from_client; content:"GET"; http_method; content:"/320312909623919.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048615/; classtype:trojan-activity;sid:83911715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048616)"; flow:established,from_client; content:"GET"; http_method; content:"/7662560923358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048616/; classtype:trojan-activity;sid:83911716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048617)"; flow:established,from_client; content:"GET"; http_method; content:"/2425236266541.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048617/; classtype:trojan-activity;sid:83911717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048618)"; flow:established,from_client; content:"GET"; http_method; content:"/7662560923358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048618/; classtype:trojan-activity;sid:83911718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048619)"; flow:established,from_client; content:"GET"; http_method; content:"/28258172047292.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048619/; classtype:trojan-activity;sid:83911719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048620)"; flow:established,from_client; content:"GET"; http_method; content:"/28258172047292.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048620/; classtype:trojan-activity;sid:83911720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048621)"; flow:established,from_client; content:"GET"; http_method; content:"/78102414516540.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mail.commodityprocess.top"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048621/; classtype:trojan-activity;sid:83911721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048622)"; flow:established,from_client; content:"GET"; http_method; content:"/269270317692.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048622/; classtype:trojan-activity;sid:83911722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048623)"; flow:established,from_client; content:"GET"; http_method; content:"/143163224613766.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048623/; classtype:trojan-activity;sid:83911723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048624)"; flow:established,from_client; content:"GET"; http_method; content:"/23602228684844.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048624/; classtype:trojan-activity;sid:83911724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048625)"; flow:established,from_client; content:"GET"; http_method; content:"/16407240006521.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048625/; classtype:trojan-activity;sid:83911725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048626)"; flow:established,from_client; content:"GET"; http_method; content:"/160672328012973.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048626/; classtype:trojan-activity;sid:83911726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048627)"; flow:established,from_client; content:"GET"; http_method; content:"/28208068589.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048627/; classtype:trojan-activity;sid:83911727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048628)"; flow:established,from_client; content:"GET"; http_method; content:"/3714240625358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048628/; classtype:trojan-activity;sid:83911728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048629)"; flow:established,from_client; content:"GET"; http_method; content:"/14117938220213.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048629/; classtype:trojan-activity;sid:83911729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048630)"; flow:established,from_client; content:"GET"; http_method; content:"/28258172047292.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048630/; classtype:trojan-activity;sid:83911730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048591)"; flow:established,from_client; content:"GET"; http_method; content:"/270253008428631.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048591/; classtype:trojan-activity;sid:83911691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048592)"; flow:established,from_client; content:"GET"; http_method; content:"/160191646713871.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048592/; classtype:trojan-activity;sid:83911692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048593)"; flow:established,from_client; content:"GET"; http_method; content:"/1301325520379.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048593/; classtype:trojan-activity;sid:83911693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048594)"; flow:established,from_client; content:"GET"; http_method; content:"/28622300615912.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048594/; classtype:trojan-activity;sid:83911694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048595)"; flow:established,from_client; content:"GET"; http_method; content:"/21526169013219.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048595/; classtype:trojan-activity;sid:83911695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048596)"; flow:established,from_client; content:"GET"; http_method; content:"/1494025679229.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048596/; classtype:trojan-activity;sid:83911696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048597)"; flow:established,from_client; content:"GET"; http_method; content:"/235713873942.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048597/; classtype:trojan-activity;sid:83911697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048598)"; flow:established,from_client; content:"GET"; http_method; content:"/1047698831771.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048598/; classtype:trojan-activity;sid:83911698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048599)"; flow:established,from_client; content:"GET"; http_method; content:"/7570552717192.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048599/; classtype:trojan-activity;sid:83911699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048600)"; flow:established,from_client; content:"GET"; http_method; content:"/18010673024546.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048600/; classtype:trojan-activity;sid:83911700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048601)"; flow:established,from_client; content:"GET"; http_method; content:"/11279194465698.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048601/; classtype:trojan-activity;sid:83911701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048602)"; flow:established,from_client; content:"GET"; http_method; content:"/271422574128375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048602/; classtype:trojan-activity;sid:83911702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048603)"; flow:established,from_client; content:"GET"; http_method; content:"/248221549524710.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048603/; classtype:trojan-activity;sid:83911703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048583)"; flow:established,from_client; content:"GET"; http_method; content:"/196371523423251.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048583/; classtype:trojan-activity;sid:83911683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048584)"; flow:established,from_client; content:"GET"; http_method; content:"/1493680295905.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048584/; classtype:trojan-activity;sid:83911684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048585)"; flow:established,from_client; content:"GET"; http_method; content:"/18291699432196.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048585/; classtype:trojan-activity;sid:83911685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048586)"; flow:established,from_client; content:"GET"; http_method; content:"/116963157065.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"mail.sitefind.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048586/; classtype:trojan-activity;sid:83911686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048587)"; flow:established,from_client; content:"GET"; http_method; content:"/26334159312437.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048587/; classtype:trojan-activity;sid:83911687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048588)"; flow:established,from_client; content:"GET"; http_method; content:"/11971114317060.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048588/; classtype:trojan-activity;sid:83911688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048589)"; flow:established,from_client; content:"GET"; http_method; content:"/7570552717192.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"insights.today-time.sitefind.top"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048589/; classtype:trojan-activity;sid:83911689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048590)"; flow:established,from_client; content:"GET"; http_method; content:"/183222740917008.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sitefind.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048590/; classtype:trojan-activity;sid:83911690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048551)"; flow:established,from_client; content:"GET"; http_method; content:"/21210513926246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048551/; classtype:trojan-activity;sid:83911651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048552)"; flow:established,from_client; content:"GET"; http_method; content:"/21791436929945.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048552/; classtype:trojan-activity;sid:83911652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048553)"; flow:established,from_client; content:"GET"; http_method; content:"/25123256582352.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048553/; classtype:trojan-activity;sid:83911653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048554)"; flow:established,from_client; content:"GET"; http_method; content:"/29044870917193.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048554/; classtype:trojan-activity;sid:83911654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048555)"; flow:established,from_client; content:"GET"; http_method; content:"/247102099110965.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048555/; classtype:trojan-activity;sid:83911655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048556)"; flow:established,from_client; content:"GET"; http_method; content:"/1047698831771.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048556/; classtype:trojan-activity;sid:83911656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048557)"; flow:established,from_client; content:"GET"; http_method; content:"/116963157065.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048557/; classtype:trojan-activity;sid:83911657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048558)"; flow:established,from_client; content:"GET"; http_method; content:"/3173488889198.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048558/; classtype:trojan-activity;sid:83911658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048559)"; flow:established,from_client; content:"GET"; http_method; content:"/160191646713871.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048559/; classtype:trojan-activity;sid:83911659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048560)"; flow:established,from_client; content:"GET"; http_method; content:"/21526169013219.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048560/; classtype:trojan-activity;sid:83911660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048561)"; flow:established,from_client; content:"GET"; http_method; content:"/261082872331996.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048561/; classtype:trojan-activity;sid:83911661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048562)"; flow:established,from_client; content:"GET"; http_method; content:"/247102099110965.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048562/; classtype:trojan-activity;sid:83911662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048563)"; flow:established,from_client; content:"GET"; http_method; content:"/7570552717192.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hertrud.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048563/; classtype:trojan-activity;sid:83911663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048564)"; flow:established,from_client; content:"GET"; http_method; content:"/15582296527056.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048564/; classtype:trojan-activity;sid:83911664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048565)"; flow:established,from_client; content:"GET"; http_method; content:"/49201342017208.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048565/; classtype:trojan-activity;sid:83911665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048566)"; flow:established,from_client; content:"GET"; http_method; content:"/1493680295905.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"leopolfa.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048566/; classtype:trojan-activity;sid:83911666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048567)"; flow:established,from_client; content:"GET"; http_method; content:"/1047698831771.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048567/; classtype:trojan-activity;sid:83911667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048568)"; flow:established,from_client; content:"GET"; http_method; content:"/7662560923358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048568/; classtype:trojan-activity;sid:83911668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048569)"; flow:established,from_client; content:"GET"; http_method; content:"/235713873942.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hiltrunde.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048569/; classtype:trojan-activity;sid:83911669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048570)"; flow:established,from_client; content:"GET"; http_method; content:"/18291699432196.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"iankian.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048570/; classtype:trojan-activity;sid:83911670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048571)"; flow:established,from_client; content:"GET"; http_method; content:"/196371523423251.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironturner.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048571/; classtype:trojan-activity;sid:83911671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048572)"; flow:established,from_client; content:"GET"; http_method; content:"/65192552717977.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048572/; classtype:trojan-activity;sid:83911672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048573)"; flow:established,from_client; content:"GET"; http_method; content:"/28622300615912.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048573/; classtype:trojan-activity;sid:83911673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048574)"; flow:established,from_client; content:"GET"; http_method; content:"/18010673024546.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"liferacer.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048574/; classtype:trojan-activity;sid:83911674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048575)"; flow:established,from_client; content:"GET"; http_method; content:"/15582296527056.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hexcrippler.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048575/; classtype:trojan-activity;sid:83911675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048576)"; flow:established,from_client; content:"GET"; http_method; content:"/195151343324643.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kloisa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048576/; classtype:trojan-activity;sid:83911676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048577)"; flow:established,from_client; content:"GET"; http_method; content:"/11971114317060.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048577/; classtype:trojan-activity;sid:83911677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048578)"; flow:established,from_client; content:"GET"; http_method; content:"/710162113845.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"helheid.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048578/; classtype:trojan-activity;sid:83911678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048579)"; flow:established,from_client; content:"GET"; http_method; content:"/2442990412424.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048579/; classtype:trojan-activity;sid:83911679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048580)"; flow:established,from_client; content:"GET"; http_method; content:"/8578413221070.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048580/; classtype:trojan-activity;sid:83911680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048581)"; flow:established,from_client; content:"GET"; http_method; content:"/28622300615912.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"commodityprocess.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048581/; classtype:trojan-activity;sid:83911681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048582)"; flow:established,from_client; content:"GET"; http_method; content:"/3099531828214.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"today-time.sitefind.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048582/; classtype:trojan-activity;sid:83911682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.253.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048550/; classtype:trojan-activity;sid:83911650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.241.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048549/; classtype:trojan-activity;sid:83911649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.46.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048548/; classtype:trojan-activity;sid:83911648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.105.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048547/; classtype:trojan-activity;sid:83911647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.133.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048546/; classtype:trojan-activity;sid:83911646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048545)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5|3f|ddos"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.148.120.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048545/; classtype:trojan-activity;sid:83911645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.177.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048544/; classtype:trojan-activity;sid:83911644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048543)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.32.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048543/; classtype:trojan-activity;sid:83911643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048542)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.114.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048542/; classtype:trojan-activity;sid:83911642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048541)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.169.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048541/; classtype:trojan-activity;sid:83911641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048540)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.86.66.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048540/; classtype:trojan-activity;sid:83911640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.0.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048539/; classtype:trojan-activity;sid:83911639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.135.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048538/; classtype:trojan-activity;sid:83911638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.219.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048537/; classtype:trojan-activity;sid:83911637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.5.16.117"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048536/; classtype:trojan-activity;sid:83911636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.181.158.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048535/; classtype:trojan-activity;sid:83911635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.138.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048534/; classtype:trojan-activity;sid:83911634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.109.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048533/; classtype:trojan-activity;sid:83911633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.79.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048532/; classtype:trojan-activity;sid:83911632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048531)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.163.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048531/; classtype:trojan-activity;sid:83911631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.252.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048530/; classtype:trojan-activity;sid:83911630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.183.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048529/; classtype:trojan-activity;sid:83911629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.112.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048528/; classtype:trojan-activity;sid:83911628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.253.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048527/; classtype:trojan-activity;sid:83911627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.241.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048525/; classtype:trojan-activity;sid:83911625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.173.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048526/; classtype:trojan-activity;sid:83911626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.130.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048524/; classtype:trojan-activity;sid:83911624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048523)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.160.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048523/; classtype:trojan-activity;sid:83911623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.15.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048522/; classtype:trojan-activity;sid:83911622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048506)"; flow:established,from_client; content:"GET"; http_method; content:"/160672328012973.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048506/; classtype:trojan-activity;sid:83911606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048507)"; flow:established,from_client; content:"GET"; http_method; content:"/65192552717977.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048507/; classtype:trojan-activity;sid:83911607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048508)"; flow:established,from_client; content:"GET"; http_method; content:"/320312909623919.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048508/; classtype:trojan-activity;sid:83911608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048509)"; flow:established,from_client; content:"GET"; http_method; content:"/7662560923358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048509/; classtype:trojan-activity;sid:83911609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048510)"; flow:established,from_client; content:"GET"; http_method; content:"/49201342017208.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048510/; classtype:trojan-activity;sid:83911610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048511)"; flow:established,from_client; content:"GET"; http_method; content:"/28208068589.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048511/; classtype:trojan-activity;sid:83911611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048512)"; flow:established,from_client; content:"GET"; http_method; content:"/269270317692.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048512/; classtype:trojan-activity;sid:83911612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048513)"; flow:established,from_client; content:"GET"; http_method; content:"/11971114317060.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048513/; classtype:trojan-activity;sid:83911613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048514)"; flow:established,from_client; content:"GET"; http_method; content:"/271422574128375.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048514/; classtype:trojan-activity;sid:83911614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048515)"; flow:established,from_client; content:"GET"; http_method; content:"/24036109961094.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048515/; classtype:trojan-activity;sid:83911615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048516)"; flow:established,from_client; content:"GET"; http_method; content:"/2425236266541.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048516/; classtype:trojan-activity;sid:83911616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048517)"; flow:established,from_client; content:"GET"; http_method; content:"/11279194465698.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048517/; classtype:trojan-activity;sid:83911617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048518)"; flow:established,from_client; content:"GET"; http_method; content:"/29044870917193.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048518/; classtype:trojan-activity;sid:83911618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048519)"; flow:established,from_client; content:"GET"; http_method; content:"/16407240006521.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048519/; classtype:trojan-activity;sid:83911619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048520)"; flow:established,from_client; content:"GET"; http_method; content:"/15582296527056.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048520/; classtype:trojan-activity;sid:83911620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048521)"; flow:established,from_client; content:"GET"; http_method; content:"/112762799311874.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048521/; classtype:trojan-activity;sid:83911621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048466)"; flow:established,from_client; content:"GET"; http_method; content:"/78102414516540.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048466/; classtype:trojan-activity;sid:83911566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048467)"; flow:established,from_client; content:"GET"; http_method; content:"/710162113845.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048467/; classtype:trojan-activity;sid:83911567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048468)"; flow:established,from_client; content:"GET"; http_method; content:"/247102099110965.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048468/; classtype:trojan-activity;sid:83911568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048469)"; flow:established,from_client; content:"GET"; http_method; content:"/3714240625358.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048469/; classtype:trojan-activity;sid:83911569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048470)"; flow:established,from_client; content:"GET"; http_method; content:"/1301325520379.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048470/; classtype:trojan-activity;sid:83911570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048471)"; flow:established,from_client; content:"GET"; http_method; content:"/18010673024546.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048471/; classtype:trojan-activity;sid:83911571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048472)"; flow:established,from_client; content:"GET"; http_method; content:"/270253008428631.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048472/; classtype:trojan-activity;sid:83911572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048473)"; flow:established,from_client; content:"GET"; http_method; content:"/235713873942.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048473/; classtype:trojan-activity;sid:83911573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048474)"; flow:established,from_client; content:"GET"; http_method; content:"/21791436929945.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048474/; classtype:trojan-activity;sid:83911574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048475)"; flow:established,from_client; content:"GET"; http_method; content:"/143163224613766.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048475/; classtype:trojan-activity;sid:83911575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048476)"; flow:established,from_client; content:"GET"; http_method; content:"/21210513926246.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048476/; classtype:trojan-activity;sid:83911576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048477)"; flow:established,from_client; content:"GET"; http_method; content:"/21526169013219.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048477/; classtype:trojan-activity;sid:83911577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048478)"; flow:established,from_client; content:"GET"; http_method; content:"/241082772725462.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048478/; classtype:trojan-activity;sid:83911578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048479)"; flow:established,from_client; content:"GET"; http_method; content:"/8578413221070.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048479/; classtype:trojan-activity;sid:83911579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048480)"; flow:established,from_client; content:"GET"; http_method; content:"/183222740917008.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048480/; classtype:trojan-activity;sid:83911580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048481)"; flow:established,from_client; content:"GET"; http_method; content:"/261082872331996.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048481/; classtype:trojan-activity;sid:83911581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048482)"; flow:established,from_client; content:"GET"; http_method; content:"/20371580615655.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048482/; classtype:trojan-activity;sid:83911582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048483)"; flow:established,from_client; content:"GET"; http_method; content:"/23602228684844.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048483/; classtype:trojan-activity;sid:83911583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048484)"; flow:established,from_client; content:"GET"; http_method; content:"/14117938220213.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048484/; classtype:trojan-activity;sid:83911584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048485)"; flow:established,from_client; content:"GET"; http_method; content:"/2442990412424.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048485/; classtype:trojan-activity;sid:83911585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048486)"; flow:established,from_client; content:"GET"; http_method; content:"/116963157065.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048486/; classtype:trojan-activity;sid:83911586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048487)"; flow:established,from_client; content:"GET"; http_method; content:"/100382520127498.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048487/; classtype:trojan-activity;sid:83911587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048488)"; flow:established,from_client; content:"GET"; http_method; content:"/3099531828214.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048488/; classtype:trojan-activity;sid:83911588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048489)"; flow:established,from_client; content:"GET"; http_method; content:"/28258172047292.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048489/; classtype:trojan-activity;sid:83911589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048490)"; flow:established,from_client; content:"GET"; http_method; content:"/242191824627282.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048490/; classtype:trojan-activity;sid:83911590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048491)"; flow:established,from_client; content:"GET"; http_method; content:"/3173488889198.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048491/; classtype:trojan-activity;sid:83911591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048492)"; flow:established,from_client; content:"GET"; http_method; content:"/195151343324643.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048492/; classtype:trojan-activity;sid:83911592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048493)"; flow:established,from_client; content:"GET"; http_method; content:"/303632922821244.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048493/; classtype:trojan-activity;sid:83911593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048494)"; flow:established,from_client; content:"GET"; http_method; content:"/1527830137078.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048494/; classtype:trojan-activity;sid:83911594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048495)"; flow:established,from_client; content:"GET"; http_method; content:"/18291699432196.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048495/; classtype:trojan-activity;sid:83911595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048496)"; flow:established,from_client; content:"GET"; http_method; content:"/26334159312437.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048496/; classtype:trojan-activity;sid:83911596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048497)"; flow:established,from_client; content:"GET"; http_method; content:"/28622300615912.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048497/; classtype:trojan-activity;sid:83911597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048498)"; flow:established,from_client; content:"GET"; http_method; content:"/1493680295905.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048498/; classtype:trojan-activity;sid:83911598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048499)"; flow:established,from_client; content:"GET"; http_method; content:"/7570552717192.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048499/; classtype:trojan-activity;sid:83911599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048500)"; flow:established,from_client; content:"GET"; http_method; content:"/160191646713871.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048500/; classtype:trojan-activity;sid:83911600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048501)"; flow:established,from_client; content:"GET"; http_method; content:"/31933320695402.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048501/; classtype:trojan-activity;sid:83911601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048502)"; flow:established,from_client; content:"GET"; http_method; content:"/25123256582352.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048502/; classtype:trojan-activity;sid:83911602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048503)"; flow:established,from_client; content:"GET"; http_method; content:"/1494025679229.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048503/; classtype:trojan-activity;sid:83911603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048504)"; flow:established,from_client; content:"GET"; http_method; content:"/1047698831771.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048504/; classtype:trojan-activity;sid:83911604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048505)"; flow:established,from_client; content:"GET"; http_method; content:"/248221549524710.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048505/; classtype:trojan-activity;sid:83911605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.27.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048465/; classtype:trojan-activity;sid:83911565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.46.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048464/; classtype:trojan-activity;sid:83911564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.87.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048463/; classtype:trojan-activity;sid:83911563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.191.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048462/; classtype:trojan-activity;sid:83911562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.221.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048461/; classtype:trojan-activity;sid:83911561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.52.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048460/; classtype:trojan-activity;sid:83911560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.174.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048459/; classtype:trojan-activity;sid:83911559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.176.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048458/; classtype:trojan-activity;sid:83911558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.135.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048457/; classtype:trojan-activity;sid:83911557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.32.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048456/; classtype:trojan-activity;sid:83911556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048455)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.71.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048455/; classtype:trojan-activity;sid:83911555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048454)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.89.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048454/; classtype:trojan-activity;sid:83911554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048453)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.169.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048453/; classtype:trojan-activity;sid:83911553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.183.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048452/; classtype:trojan-activity;sid:83911552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.227.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048451/; classtype:trojan-activity;sid:83911551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.5.16.117"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048450/; classtype:trojan-activity;sid:83911550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.129.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048449/; classtype:trojan-activity;sid:83911549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.84.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048448/; classtype:trojan-activity;sid:83911548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048447/; classtype:trojan-activity;sid:83911547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.103.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048446/; classtype:trojan-activity;sid:83911546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.25.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048445/; classtype:trojan-activity;sid:83911545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.32.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048444/; classtype:trojan-activity;sid:83911544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.154.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048443/; classtype:trojan-activity;sid:83911543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.81.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048442/; classtype:trojan-activity;sid:83911542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048441)"; flow:established,from_client; content:"GET"; http_method; content:"/invoice/%e9%80%be%e6%9c%9f%e5%8f%91%e7%a5%a8%205453909172%20overdue%20invoice.rar"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"staresxports.pro"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048441/; classtype:trojan-activity;sid:83911541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.82.191.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048440/; classtype:trojan-activity;sid:83911540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.36.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048439/; classtype:trojan-activity;sid:83911539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.43.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048438/; classtype:trojan-activity;sid:83911538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.121.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048436/; classtype:trojan-activity;sid:83911536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.208.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048437/; classtype:trojan-activity;sid:83911537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.248.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048435/; classtype:trojan-activity;sid:83911535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048434)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.220.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048434/; classtype:trojan-activity;sid:83911534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048433)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.45.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048433/; classtype:trojan-activity;sid:83911533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048432)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.50.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048432/; classtype:trojan-activity;sid:83911532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048431)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.42.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048431/; classtype:trojan-activity;sid:83911531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.117.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048429/; classtype:trojan-activity;sid:83911529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.163.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048430/; classtype:trojan-activity;sid:83911530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.221.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048428/; classtype:trojan-activity;sid:83911528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048426)"; flow:established,from_client; content:"GET"; http_method; content:"/cbin.doc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hikplc.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048426/; classtype:trojan-activity;sid:83911526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.20.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048427/; classtype:trojan-activity;sid:83911527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.130.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048425/; classtype:trojan-activity;sid:83911525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.52.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048424/; classtype:trojan-activity;sid:83911524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.191.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048423/; classtype:trojan-activity;sid:83911523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.246.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048422/; classtype:trojan-activity;sid:83911522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048421)"; flow:established,from_client; content:"GET"; http_method; content:"/cbin.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hikplc.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048421/; classtype:trojan-activity;sid:83911521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.109.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048420/; classtype:trojan-activity;sid:83911520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.121.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048419/; classtype:trojan-activity;sid:83911519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048418)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.47.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048418/; classtype:trojan-activity;sid:83911518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.203.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048417/; classtype:trojan-activity;sid:83911517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.106.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048415/; classtype:trojan-activity;sid:83911515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.227.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048416/; classtype:trojan-activity;sid:83911516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.123.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048414/; classtype:trojan-activity;sid:83911514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048413)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.116.9.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048413/; classtype:trojan-activity;sid:83911513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.120.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048412/; classtype:trojan-activity;sid:83911512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.25.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048411/; classtype:trojan-activity;sid:83911511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.81.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048410/; classtype:trojan-activity;sid:83911510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.254.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048409/; classtype:trojan-activity;sid:83911509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.88.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048408/; classtype:trojan-activity;sid:83911508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.169.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048407/; classtype:trojan-activity;sid:83911507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.65.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048406/; classtype:trojan-activity;sid:83911506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.248.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048405/; classtype:trojan-activity;sid:83911505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.224.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048403/; classtype:trojan-activity;sid:83911503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.32.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048404/; classtype:trojan-activity;sid:83911504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048402)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.39.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048402/; classtype:trojan-activity;sid:83911502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.65.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048400/; classtype:trojan-activity;sid:83911500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048401)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.214.230.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048401/; classtype:trojan-activity;sid:83911501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.84.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048399/; classtype:trojan-activity;sid:83911499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.184.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048398/; classtype:trojan-activity;sid:83911498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.243.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048397/; classtype:trojan-activity;sid:83911497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.59.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048396/; classtype:trojan-activity;sid:83911496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.117.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048395/; classtype:trojan-activity;sid:83911495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.190.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048394/; classtype:trojan-activity;sid:83911494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048393/; classtype:trojan-activity;sid:83911493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.68.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048392/; classtype:trojan-activity;sid:83911492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.20.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048390/; classtype:trojan-activity;sid:83911490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048391)"; flow:established,from_client; content:"GET"; http_method; content:"/prog/6697dafdd90a3_crypted.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"79.137.192.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048391/; classtype:trojan-activity;sid:83911491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.86.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048389/; classtype:trojan-activity;sid:83911489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.129.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048388/; classtype:trojan-activity;sid:83911488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.106.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048387/; classtype:trojan-activity;sid:83911487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048386)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.93.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048386/; classtype:trojan-activity;sid:83911486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048385)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.107.28.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048385/; classtype:trojan-activity;sid:83911485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048384)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.23.216.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048384/; classtype:trojan-activity;sid:83911484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048383)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.75.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048383/; classtype:trojan-activity;sid:83911483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048382)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.68.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048382/; classtype:trojan-activity;sid:83911482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048381)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.209.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048381/; classtype:trojan-activity;sid:83911481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048379)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.203.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048379/; classtype:trojan-activity;sid:83911479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.224.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048380/; classtype:trojan-activity;sid:83911480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.90.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048378/; classtype:trojan-activity;sid:83911478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.134.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048377/; classtype:trojan-activity;sid:83911477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.34.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048375/; classtype:trojan-activity;sid:83911475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.111.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048376/; classtype:trojan-activity;sid:83911476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.169.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048374/; classtype:trojan-activity;sid:83911474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.175.161.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048373/; classtype:trojan-activity;sid:83911473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.65.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048371/; classtype:trojan-activity;sid:83911471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.8.89"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048372/; classtype:trojan-activity;sid:83911472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.18.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048370/; classtype:trojan-activity;sid:83911470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.65.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048369/; classtype:trojan-activity;sid:83911469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.84.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048368/; classtype:trojan-activity;sid:83911468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048367)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.89.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048367/; classtype:trojan-activity;sid:83911467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048366)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.142.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048366/; classtype:trojan-activity;sid:83911466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.179.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048364/; classtype:trojan-activity;sid:83911464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.250.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048365/; classtype:trojan-activity;sid:83911465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.68.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048363/; classtype:trojan-activity;sid:83911463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048362/; classtype:trojan-activity;sid:83911462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.84.85.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048361/; classtype:trojan-activity;sid:83911461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.160.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048360/; classtype:trojan-activity;sid:83911460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.8.89"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048359/; classtype:trojan-activity;sid:83911459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.148.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048358/; classtype:trojan-activity;sid:83911458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.41.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048357/; classtype:trojan-activity;sid:83911457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.86.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048356/; classtype:trojan-activity;sid:83911456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.230.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048355/; classtype:trojan-activity;sid:83911455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.29.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048354/; classtype:trojan-activity;sid:83911454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.90.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048353/; classtype:trojan-activity;sid:83911453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.134.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048352/; classtype:trojan-activity;sid:83911452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048351)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.175.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048351/; classtype:trojan-activity;sid:83911451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048350)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.231.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048350/; classtype:trojan-activity;sid:83911450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048349)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.71.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048349/; classtype:trojan-activity;sid:83911449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.151.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048348/; classtype:trojan-activity;sid:83911448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.12.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048347/; classtype:trojan-activity;sid:83911447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.34.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048346/; classtype:trojan-activity;sid:83911446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.124.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048345/; classtype:trojan-activity;sid:83911445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.7.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048344/; classtype:trojan-activity;sid:83911444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048337)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"93.123.85.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048337/; classtype:trojan-activity;sid:83911437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048338)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.123.85.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048338/; classtype:trojan-activity;sid:83911438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048339)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"93.123.85.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048339/; classtype:trojan-activity;sid:83911439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048340)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.123.85.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048340/; classtype:trojan-activity;sid:83911440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048341)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"93.123.85.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048341/; classtype:trojan-activity;sid:83911441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048342)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.123.85.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048342/; classtype:trojan-activity;sid:83911442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048343)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.123.85.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048343/; classtype:trojan-activity;sid:83911443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.92.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048335/; classtype:trojan-activity;sid:83911435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.124.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048336/; classtype:trojan-activity;sid:83911436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.6.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048334/; classtype:trojan-activity;sid:83911434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.84.85.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048333/; classtype:trojan-activity;sid:83911433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048332)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.45.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048332/; classtype:trojan-activity;sid:83911432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.134.156"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048331/; classtype:trojan-activity;sid:83911431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.41.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048330/; classtype:trojan-activity;sid:83911430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048329)"; flow:established,from_client; content:"GET"; http_method; content:"/3144435225931.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048329/; classtype:trojan-activity;sid:83911429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.47.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048328/; classtype:trojan-activity;sid:83911428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.148.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048327/; classtype:trojan-activity;sid:83911427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.85.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048326/; classtype:trojan-activity;sid:83911426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.141.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048325/; classtype:trojan-activity;sid:83911425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.137.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048324/; classtype:trojan-activity;sid:83911424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048323)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.230.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048323/; classtype:trojan-activity;sid:83911423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.105.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048322/; classtype:trojan-activity;sid:83911422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.147.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048321/; classtype:trojan-activity;sid:83911421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.225.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048320/; classtype:trojan-activity;sid:83911420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048319)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.227.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048319/; classtype:trojan-activity;sid:83911419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048317)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.167.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048317/; classtype:trojan-activity;sid:83911417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048318)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.178.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048318/; classtype:trojan-activity;sid:83911418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.197.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048315/; classtype:trojan-activity;sid:83911415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.219.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048316/; classtype:trojan-activity;sid:83911416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.38.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048314/; classtype:trojan-activity;sid:83911414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.124.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048313/; classtype:trojan-activity;sid:83911413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.74.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048312/; classtype:trojan-activity;sid:83911412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048311)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.86.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048311/; classtype:trojan-activity;sid:83911411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.84.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048310/; classtype:trojan-activity;sid:83911410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.76.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048309/; classtype:trojan-activity;sid:83911409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.246.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048308/; classtype:trojan-activity;sid:83911408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048307)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.164.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048307/; classtype:trojan-activity;sid:83911407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.231.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048306/; classtype:trojan-activity;sid:83911406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.15.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048305/; classtype:trojan-activity;sid:83911405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.105.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048304/; classtype:trojan-activity;sid:83911404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.56.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048302/; classtype:trojan-activity;sid:83911402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.121.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048303/; classtype:trojan-activity;sid:83911403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.15.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048301/; classtype:trojan-activity;sid:83911401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.40.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048300/; classtype:trojan-activity;sid:83911400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048299)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.82.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048299/; classtype:trojan-activity;sid:83911399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048298)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.218.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048298/; classtype:trojan-activity;sid:83911398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.164.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048297/; classtype:trojan-activity;sid:83911397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.91.207.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048296/; classtype:trojan-activity;sid:83911396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.233.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048295/; classtype:trojan-activity;sid:83911395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.167.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048294/; classtype:trojan-activity;sid:83911394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.79.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048293/; classtype:trojan-activity;sid:83911393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.75.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048292/; classtype:trojan-activity;sid:83911392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.160.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048291/; classtype:trojan-activity;sid:83911391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.246.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048290/; classtype:trojan-activity;sid:83911390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.146.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048289/; classtype:trojan-activity;sid:83911389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.25.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048288/; classtype:trojan-activity;sid:83911388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.197.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048287/; classtype:trojan-activity;sid:83911387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.117.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048286/; classtype:trojan-activity;sid:83911386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048285)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.68.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048285/; classtype:trojan-activity;sid:83911385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.103.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048284/; classtype:trojan-activity;sid:83911384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048283)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.176.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048283/; classtype:trojan-activity;sid:83911383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048282)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.92.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048282/; classtype:trojan-activity;sid:83911382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.56.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048281/; classtype:trojan-activity;sid:83911381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048280)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.168.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048280/; classtype:trojan-activity;sid:83911380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.138.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048279/; classtype:trojan-activity;sid:83911379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048278)"; flow:established,from_client; content:"GET"; http_method; content:"/cdn-vs/33per.php"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"oakgrovetraining.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048278/; classtype:trojan-activity;sid:83911378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048277)"; flow:established,from_client; content:"GET"; http_method; content:"/cdn-vs/data.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"luxurycaborental.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048277/; classtype:trojan-activity;sid:83911377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048276)"; flow:established,from_client; content:"GET"; http_method; content:"/cdn-vs/33per.php"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"oakgrovetraining.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048276/; classtype:trojan-activity;sid:83911376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048275)"; flow:established,from_client; content:"GET"; http_method; content:"/cdn-vs/data.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"luxurycaborental.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048275/; classtype:trojan-activity;sid:83911375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.110.23.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048274/; classtype:trojan-activity;sid:83911374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.175.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048273/; classtype:trojan-activity;sid:83911373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.233.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048272/; classtype:trojan-activity;sid:83911372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.237.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048271/; classtype:trojan-activity;sid:83911371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.168.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048270/; classtype:trojan-activity;sid:83911370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.129.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048269/; classtype:trojan-activity;sid:83911369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.40.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048268/; classtype:trojan-activity;sid:83911368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.121.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048267/; classtype:trojan-activity;sid:83911367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048265)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.124.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048265/; classtype:trojan-activity;sid:83911365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.67.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048266/; classtype:trojan-activity;sid:83911366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048264)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.214.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048264/; classtype:trojan-activity;sid:83911364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.175.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048263/; classtype:trojan-activity;sid:83911363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.25.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048262/; classtype:trojan-activity;sid:83911362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.167.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048261/; classtype:trojan-activity;sid:83911361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.60.178.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048260/; classtype:trojan-activity;sid:83911360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.6.134.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048259/; classtype:trojan-activity;sid:83911359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.239.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048258/; classtype:trojan-activity;sid:83911358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.134.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048256/; classtype:trojan-activity;sid:83911356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.79.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048257/; classtype:trojan-activity;sid:83911357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048254)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/appmodedrivme.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"77.91.77.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048254/; classtype:trojan-activity;sid:83911354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048255)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/appmodedrivme.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"77.91.77.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048255/; classtype:trojan-activity;sid:83911355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048253)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.75.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048253/; classtype:trojan-activity;sid:83911353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"38.137.250.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048252/; classtype:trojan-activity;sid:83911352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.117.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048251/; classtype:trojan-activity;sid:83911351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.125.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048249/; classtype:trojan-activity;sid:83911349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.83.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048250/; classtype:trojan-activity;sid:83911350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048247)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.179.199.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048247/; classtype:trojan-activity;sid:83911347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048248)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.23.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048248/; classtype:trojan-activity;sid:83911348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048246)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.127.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048246/; classtype:trojan-activity;sid:83911346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.68.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048244/; classtype:trojan-activity;sid:83911344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.175.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048245/; classtype:trojan-activity;sid:83911345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.91.207.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048243/; classtype:trojan-activity;sid:83911343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.178.240.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048241/; classtype:trojan-activity;sid:83911341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048242)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.29.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048242/; classtype:trojan-activity;sid:83911342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.237.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048240/; classtype:trojan-activity;sid:83911340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.225.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048239/; classtype:trojan-activity;sid:83911339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.129.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048238/; classtype:trojan-activity;sid:83911338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.5.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048236/; classtype:trojan-activity;sid:83911336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.123.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048237/; classtype:trojan-activity;sid:83911337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.65.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048234/; classtype:trojan-activity;sid:83911334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.113.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048235/; classtype:trojan-activity;sid:83911335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.25.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048233/; classtype:trojan-activity;sid:83911333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.27.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048232/; classtype:trojan-activity;sid:83911332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048231)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.181.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048231/; classtype:trojan-activity;sid:83911331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048230)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.213.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048230/; classtype:trojan-activity;sid:83911330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048229)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.220.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048229/; classtype:trojan-activity;sid:83911329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048228)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.46.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048228/; classtype:trojan-activity;sid:83911328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048227)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.37.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048227/; classtype:trojan-activity;sid:83911327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048224)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.0.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048224/; classtype:trojan-activity;sid:83911324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048225)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.113.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048225/; classtype:trojan-activity;sid:83911325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048226)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.4.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048226/; classtype:trojan-activity;sid:83911326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.252.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048220/; classtype:trojan-activity;sid:83911320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.23.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048221/; classtype:trojan-activity;sid:83911321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.40.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048222/; classtype:trojan-activity;sid:83911322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.125.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048223/; classtype:trojan-activity;sid:83911323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.130.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048219/; classtype:trojan-activity;sid:83911319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048218)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.214.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048218/; classtype:trojan-activity;sid:83911318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.196.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048217/; classtype:trojan-activity;sid:83911317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.49.110.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048216/; classtype:trojan-activity;sid:83911316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.65.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048215/; classtype:trojan-activity;sid:83911315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.137.250.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048212/; classtype:trojan-activity;sid:83911312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.92.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048213/; classtype:trojan-activity;sid:83911313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.92.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048214/; classtype:trojan-activity;sid:83911314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.252.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048211/; classtype:trojan-activity;sid:83911311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048210)"; flow:established,from_client; content:"GET"; http_method; content:"/byslv28.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"novovisualcabeleireiros.com.br"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048210/; classtype:trojan-activity;sid:83911310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.52.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048209/; classtype:trojan-activity;sid:83911309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.228.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048208/; classtype:trojan-activity;sid:83911308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048207)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.120.132.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048207/; classtype:trojan-activity;sid:83911307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.153.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048206/; classtype:trojan-activity;sid:83911306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.92.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048205/; classtype:trojan-activity;sid:83911305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.161.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048204/; classtype:trojan-activity;sid:83911304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.218.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048203/; classtype:trojan-activity;sid:83911303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048202)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.81.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048202/; classtype:trojan-activity;sid:83911302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048201)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.157.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048201/; classtype:trojan-activity;sid:83911301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.2.110.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048200/; classtype:trojan-activity;sid:83911300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048199)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.208.180.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048199/; classtype:trojan-activity;sid:83911299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.83.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048197/; classtype:trojan-activity;sid:83911297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.124.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048196/; classtype:trojan-activity;sid:83911296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.127.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048194/; classtype:trojan-activity;sid:83911294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.76.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048192/; classtype:trojan-activity;sid:83911292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.60.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048193/; classtype:trojan-activity;sid:83911293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.ps1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"194.59.30.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048191/; classtype:trojan-activity;sid:83911291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.233.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048190/; classtype:trojan-activity;sid:83911290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.60.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048189/; classtype:trojan-activity;sid:83911289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.84.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048188/; classtype:trojan-activity;sid:83911288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.5.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048186/; classtype:trojan-activity;sid:83911286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.245.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048187/; classtype:trojan-activity;sid:83911287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.113.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048185/; classtype:trojan-activity;sid:83911285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.75.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048184/; classtype:trojan-activity;sid:83911284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.205.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048183/; classtype:trojan-activity;sid:83911283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048182)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.236.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048182/; classtype:trojan-activity;sid:83911282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.26.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048181/; classtype:trojan-activity;sid:83911281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048180)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.26.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048180/; classtype:trojan-activity;sid:83911280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048179)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.15.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048179/; classtype:trojan-activity;sid:83911279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048178)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.33.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048178/; classtype:trojan-activity;sid:83911278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048176)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.94.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048176/; classtype:trojan-activity;sid:83911276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048177)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048177/; classtype:trojan-activity;sid:83911277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048172)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.45.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048172/; classtype:trojan-activity;sid:83911272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048173)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.60.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048173/; classtype:trojan-activity;sid:83911273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048174)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.250.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048174/; classtype:trojan-activity;sid:83911274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048175)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.188.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048175/; classtype:trojan-activity;sid:83911275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048171)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.252.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048171/; classtype:trojan-activity;sid:83911271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048169)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.132.11.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048169/; classtype:trojan-activity;sid:83911269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048170)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.62.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048170/; classtype:trojan-activity;sid:83911270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048168)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.122.61.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048168/; classtype:trojan-activity;sid:83911268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.251.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048167/; classtype:trojan-activity;sid:83911267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048166)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.183.60.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048166/; classtype:trojan-activity;sid:83911266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048165)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.123.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048165/; classtype:trojan-activity;sid:83911265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.161.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048164/; classtype:trojan-activity;sid:83911264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048163)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.13.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048163/; classtype:trojan-activity;sid:83911263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048161)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.154.92.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048161/; classtype:trojan-activity;sid:83911261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048162)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.218.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048162/; classtype:trojan-activity;sid:83911262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.92.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048160/; classtype:trojan-activity;sid:83911260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.81.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048158/; classtype:trojan-activity;sid:83911258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.92.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048159/; classtype:trojan-activity;sid:83911259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.52.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048157/; classtype:trojan-activity;sid:83911257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.151.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048156/; classtype:trojan-activity;sid:83911256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.252.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048155/; classtype:trojan-activity;sid:83911255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.171.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048154/; classtype:trojan-activity;sid:83911254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.137.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048153/; classtype:trojan-activity;sid:83911253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.236.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048152/; classtype:trojan-activity;sid:83911252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.92.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048151/; classtype:trojan-activity;sid:83911251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.110.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048150/; classtype:trojan-activity;sid:83911250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.45.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048149/; classtype:trojan-activity;sid:83911249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.127.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048148/; classtype:trojan-activity;sid:83911248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.40.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048147/; classtype:trojan-activity;sid:83911247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.85.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048146/; classtype:trojan-activity;sid:83911246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048139)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.162.20.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048139/; classtype:trojan-activity;sid:83911239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048140)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.162.20.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048140/; classtype:trojan-activity;sid:83911240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048141)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.162.20.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048141/; classtype:trojan-activity;sid:83911241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048142)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.162.20.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048142/; classtype:trojan-activity;sid:83911242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048143)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.162.20.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048143/; classtype:trojan-activity;sid:83911243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048144)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.162.20.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048144/; classtype:trojan-activity;sid:83911244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048145)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.162.20.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048145/; classtype:trojan-activity;sid:83911245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048136)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.162.20.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048136/; classtype:trojan-activity;sid:83911236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048137)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.162.20.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048137/; classtype:trojan-activity;sid:83911237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048138)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.162.20.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048138/; classtype:trojan-activity;sid:83911238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.25.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048135/; classtype:trojan-activity;sid:83911235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.165.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048134/; classtype:trojan-activity;sid:83911234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.75.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048133/; classtype:trojan-activity;sid:83911233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.205.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048132/; classtype:trojan-activity;sid:83911232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048131/; classtype:trojan-activity;sid:83911231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.163.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048130/; classtype:trojan-activity;sid:83911230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.245.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048129/; classtype:trojan-activity;sid:83911229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048128)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.39.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048128/; classtype:trojan-activity;sid:83911228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048127)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.92.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048127/; classtype:trojan-activity;sid:83911227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.143.155.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048126/; classtype:trojan-activity;sid:83911226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.99.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048125/; classtype:trojan-activity;sid:83911225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.177.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048124/; classtype:trojan-activity;sid:83911224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.151.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048123/; classtype:trojan-activity;sid:83911223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.180.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048122/; classtype:trojan-activity;sid:83911222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.171.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048121/; classtype:trojan-activity;sid:83911221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.220.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048120/; classtype:trojan-activity;sid:83911220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.65.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048119/; classtype:trojan-activity;sid:83911219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.228.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048117/; classtype:trojan-activity;sid:83911217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.92.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048118/; classtype:trojan-activity;sid:83911218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.85.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048116/; classtype:trojan-activity;sid:83911216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048115)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/java.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"91.238.203.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048115/; classtype:trojan-activity;sid:83911215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048114)"; flow:established,from_client; content:"GET"; http_method; content:"/prog/66979ab41b05f_crypta.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"79.137.192.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048114/; classtype:trojan-activity;sid:83911214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.105.33.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048113/; classtype:trojan-activity;sid:83911213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.134.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048112/; classtype:trojan-activity;sid:83911212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.93.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048111/; classtype:trojan-activity;sid:83911211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.85.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048110/; classtype:trojan-activity;sid:83911210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.247.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048109/; classtype:trojan-activity;sid:83911209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.30.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048108/; classtype:trojan-activity;sid:83911208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.232.217.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048107/; classtype:trojan-activity;sid:83911207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048106)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.67.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048106/; classtype:trojan-activity;sid:83911206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048105)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.237.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048105/; classtype:trojan-activity;sid:83911205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.165.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048104/; classtype:trojan-activity;sid:83911204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.173.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048102/; classtype:trojan-activity;sid:83911202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.97.92.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048103/; classtype:trojan-activity;sid:83911203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.62.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048101/; classtype:trojan-activity;sid:83911201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048100)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.86.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048100/; classtype:trojan-activity;sid:83911200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.166.115.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048099/; classtype:trojan-activity;sid:83911199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.214.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048098/; classtype:trojan-activity;sid:83911198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048097)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.111.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048097/; classtype:trojan-activity;sid:83911197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048096)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.198.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048096/; classtype:trojan-activity;sid:83911196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.20.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048095/; classtype:trojan-activity;sid:83911195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048094)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.40.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048094/; classtype:trojan-activity;sid:83911194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.180.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048092/; classtype:trojan-activity;sid:83911192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.247.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048093/; classtype:trojan-activity;sid:83911193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.81.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048091/; classtype:trojan-activity;sid:83911191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048090)"; flow:established,from_client; content:"GET"; http_method; content:"/plugin2.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.66.231.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048090/; classtype:trojan-activity;sid:83911190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048089)"; flow:established,from_client; content:"GET"; http_method; content:"/plugin1.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.66.231.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048089/; classtype:trojan-activity;sid:83911189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.253.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048086/; classtype:trojan-activity;sid:83911186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.228.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048087/; classtype:trojan-activity;sid:83911187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048088)"; flow:established,from_client; content:"GET"; http_method; content:"/plugin3.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.66.231.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048088/; classtype:trojan-activity;sid:83911188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.66.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048085/; classtype:trojan-activity;sid:83911185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.144.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048084/; classtype:trojan-activity;sid:83911184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048083)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.144.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048083/; classtype:trojan-activity;sid:83911183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048081)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.73.186.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048081/; classtype:trojan-activity;sid:83911181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048082)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.107.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048082/; classtype:trojan-activity;sid:83911182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.7.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048080/; classtype:trojan-activity;sid:83911180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.113.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048079/; classtype:trojan-activity;sid:83911179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048078)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.183.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048078/; classtype:trojan-activity;sid:83911178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048077)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.219.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048077/; classtype:trojan-activity;sid:83911177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.97.92.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048076/; classtype:trojan-activity;sid:83911176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048075)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.193.204.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048075/; classtype:trojan-activity;sid:83911175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.224.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048074/; classtype:trojan-activity;sid:83911174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.173.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048073/; classtype:trojan-activity;sid:83911173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048072/; classtype:trojan-activity;sid:83911172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.62.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048071/; classtype:trojan-activity;sid:83911171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.170.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048070/; classtype:trojan-activity;sid:83911170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048069)"; flow:established,from_client; content:"GET"; http_method; content:"/client.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"148.135.81.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048069/; classtype:trojan-activity;sid:83911169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.129.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048068/; classtype:trojan-activity;sid:83911168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.162.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048067/; classtype:trojan-activity;sid:83911167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048066)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.94.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048066/; classtype:trojan-activity;sid:83911166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048065)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.166.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048065/; classtype:trojan-activity;sid:83911165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048064)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.37.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048064/; classtype:trojan-activity;sid:83911164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.143.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048063/; classtype:trojan-activity;sid:83911163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048061)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.41.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048061/; classtype:trojan-activity;sid:83911161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048062)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.160.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048062/; classtype:trojan-activity;sid:83911162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048060)"; flow:established,from_client; content:"GET"; http_method; content:"/lopsa/66967d2323cae_cry.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"79.137.192.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048060/; classtype:trojan-activity;sid:83911160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048059)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.76.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048059/; classtype:trojan-activity;sid:83911159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.135.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048058/; classtype:trojan-activity;sid:83911158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.81.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048057/; classtype:trojan-activity;sid:83911157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.247.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048055/; classtype:trojan-activity;sid:83911155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.217.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048056/; classtype:trojan-activity;sid:83911156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.253.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048054/; classtype:trojan-activity;sid:83911154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.173.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048053/; classtype:trojan-activity;sid:83911153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.214.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048052/; classtype:trojan-activity;sid:83911152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.85.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048051/; classtype:trojan-activity;sid:83911151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.7.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048050/; classtype:trojan-activity;sid:83911150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.240.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048049/; classtype:trojan-activity;sid:83911149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048048)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.92.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048048/; classtype:trojan-activity;sid:83911148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048047)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.25.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048047/; classtype:trojan-activity;sid:83911147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048046)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.14.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048046/; classtype:trojan-activity;sid:83911146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.234.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048045/; classtype:trojan-activity;sid:83911145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.242.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048043/; classtype:trojan-activity;sid:83911143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048044)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.128.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048044/; classtype:trojan-activity;sid:83911144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.65.179"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048042/; classtype:trojan-activity;sid:83911142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.59.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048041/; classtype:trojan-activity;sid:83911141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.6.134.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048039/; classtype:trojan-activity;sid:83911139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.148.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048040/; classtype:trojan-activity;sid:83911140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.221.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048038/; classtype:trojan-activity;sid:83911138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.170.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048037/; classtype:trojan-activity;sid:83911137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.163.240.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048036/; classtype:trojan-activity;sid:83911136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.129.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048035/; classtype:trojan-activity;sid:83911135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.175.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048032/; classtype:trojan-activity;sid:83911132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.236.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048033/; classtype:trojan-activity;sid:83911133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.170.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048034/; classtype:trojan-activity;sid:83911134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.37.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048031/; classtype:trojan-activity;sid:83911131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.170.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048030/; classtype:trojan-activity;sid:83911130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048029)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.105.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048029/; classtype:trojan-activity;sid:83911129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048027)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.23.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048027/; classtype:trojan-activity;sid:83911127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048028)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.30.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048028/; classtype:trojan-activity;sid:83911128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048026)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.28.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048026/; classtype:trojan-activity;sid:83911126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.20.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048025/; classtype:trojan-activity;sid:83911125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.80.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048024/; classtype:trojan-activity;sid:83911124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.149.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048023/; classtype:trojan-activity;sid:83911123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.55.98.253"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048022/; classtype:trojan-activity;sid:83911122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.40.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048021/; classtype:trojan-activity;sid:83911121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.193.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048020/; classtype:trojan-activity;sid:83911120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.234.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048019/; classtype:trojan-activity;sid:83911119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.20.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048018/; classtype:trojan-activity;sid:83911118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.137.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048017/; classtype:trojan-activity;sid:83911117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.28.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048016/; classtype:trojan-activity;sid:83911116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.83.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048014/; classtype:trojan-activity;sid:83911114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.28.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048015/; classtype:trojan-activity;sid:83911115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.128.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048013/; classtype:trojan-activity;sid:83911113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.170.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048012/; classtype:trojan-activity;sid:83911112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048011)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.191.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048011/; classtype:trojan-activity;sid:83911111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048010)"; flow:established,from_client; content:"GET"; http_method; content:"/196371523423251.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.9.74.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048010/; classtype:trojan-activity;sid:83911110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048007)"; flow:established,from_client; content:"GET"; http_method; content:"/prog/66968b7e12e95_crypted.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"79.137.192.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048007/; classtype:trojan-activity;sid:83911107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048008)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.58.160.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048008/; classtype:trojan-activity;sid:83911108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.94.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048009/; classtype:trojan-activity;sid:83911109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.107.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048006/; classtype:trojan-activity;sid:83911106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.242.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048004/; classtype:trojan-activity;sid:83911104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.209.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048005/; classtype:trojan-activity;sid:83911105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.221.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048003/; classtype:trojan-activity;sid:83911103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.47.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048002/; classtype:trojan-activity;sid:83911102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.162.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048001/; classtype:trojan-activity;sid:83911101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3048000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.175.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3048000/; classtype:trojan-activity;sid:83911100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.125.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047999/; classtype:trojan-activity;sid:83911099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.236.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047998/; classtype:trojan-activity;sid:83911098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.203.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047997/; classtype:trojan-activity;sid:83911097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.101.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047996/; classtype:trojan-activity;sid:83911096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.170.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047995/; classtype:trojan-activity;sid:83911095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.83.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047994/; classtype:trojan-activity;sid:83911094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.221.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047993/; classtype:trojan-activity;sid:83911093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.139.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047992/; classtype:trojan-activity;sid:83911092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047990)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.180.159.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047990/; classtype:trojan-activity;sid:83911090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047991)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.169.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047991/; classtype:trojan-activity;sid:83911091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.67.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047989/; classtype:trojan-activity;sid:83911089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.47.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047988/; classtype:trojan-activity;sid:83911088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.80.196.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047986/; classtype:trojan-activity;sid:83911086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.92.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047987/; classtype:trojan-activity;sid:83911087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.55.98.253"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047985/; classtype:trojan-activity;sid:83911085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047984)"; flow:established,from_client; content:"GET"; http_method; content:"/60960/zhr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.161.133.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047984/; classtype:trojan-activity;sid:83911084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.38.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047983/; classtype:trojan-activity;sid:83911083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.243.200.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047981/; classtype:trojan-activity;sid:83911081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.243.200.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047982/; classtype:trojan-activity;sid:83911082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.163.240.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047980/; classtype:trojan-activity;sid:83911080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.164.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047979/; classtype:trojan-activity;sid:83911079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.149.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047977/; classtype:trojan-activity;sid:83911077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.162.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047978/; classtype:trojan-activity;sid:83911078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.28.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047975/; classtype:trojan-activity;sid:83911075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.224.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047976/; classtype:trojan-activity;sid:83911076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047973)"; flow:established,from_client; content:"GET"; http_method; content:"/nell.doc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"heinltd.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047973/; classtype:trojan-activity;sid:83911073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047974)"; flow:established,from_client; content:"GET"; http_method; content:"/nell.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"heinltd.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047974/; classtype:trojan-activity;sid:83911074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047972)"; flow:established,from_client; content:"GET"; http_method; content:"/doc851967711_679433735|3f|hash=sypyhozjltexyaevcbzy96vpuuemdvzcgg8zqdqpc50|7c|26|7c|dl=zpvxhyqhgq1gzjeu9g4olkxfskny2rqalrkgkz7nrc0|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047972/; classtype:trojan-activity;sid:83911072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.88.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047970/; classtype:trojan-activity;sid:83911070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.139.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047971/; classtype:trojan-activity;sid:83911071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.28.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047969/; classtype:trojan-activity;sid:83911069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.251.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047967/; classtype:trojan-activity;sid:83911067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047968)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.12.87"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047968/; classtype:trojan-activity;sid:83911068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.242.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047966/; classtype:trojan-activity;sid:83911066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047965/; classtype:trojan-activity;sid:83911065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.229.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047964/; classtype:trojan-activity;sid:83911064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047962)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.51.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047962/; classtype:trojan-activity;sid:83911062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047963)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.114.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047963/; classtype:trojan-activity;sid:83911063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047961)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.225.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047961/; classtype:trojan-activity;sid:83911061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.138.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047960/; classtype:trojan-activity;sid:83911060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.22.242.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047959/; classtype:trojan-activity;sid:83911059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.123.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047958/; classtype:trojan-activity;sid:83911058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.47.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047957/; classtype:trojan-activity;sid:83911057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.17.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047956/; classtype:trojan-activity;sid:83911056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.91.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047955/; classtype:trojan-activity;sid:83911055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.203.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047954/; classtype:trojan-activity;sid:83911054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.253.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047953/; classtype:trojan-activity;sid:83911053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.101.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047952/; classtype:trojan-activity;sid:83911052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.229.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047951/; classtype:trojan-activity;sid:83911051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.92.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047950/; classtype:trojan-activity;sid:83911050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.48.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047949/; classtype:trojan-activity;sid:83911049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.157.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047948/; classtype:trojan-activity;sid:83911048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.252.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047946/; classtype:trojan-activity;sid:83911046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.109.149.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047947/; classtype:trojan-activity;sid:83911047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.45.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047945/; classtype:trojan-activity;sid:83911045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047944)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.125.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047944/; classtype:trojan-activity;sid:83911044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.67.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047943/; classtype:trojan-activity;sid:83911043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047942)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.18.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047942/; classtype:trojan-activity;sid:83911042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047941)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.112.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047941/; classtype:trojan-activity;sid:83911041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047940)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.113.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047940/; classtype:trojan-activity;sid:83911040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047939)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.227.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047939/; classtype:trojan-activity;sid:83911039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047938)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.17.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047938/; classtype:trojan-activity;sid:83911038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047937)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.44.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047937/; classtype:trojan-activity;sid:83911037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047936)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.113.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047936/; classtype:trojan-activity;sid:83911036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047935)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.148.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047935/; classtype:trojan-activity;sid:83911035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.160.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047934/; classtype:trojan-activity;sid:83911034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047933)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.165.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047933/; classtype:trojan-activity;sid:83911033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047929)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.66.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047929/; classtype:trojan-activity;sid:83911029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.30.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047930/; classtype:trojan-activity;sid:83911030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047931)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.225.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047931/; classtype:trojan-activity;sid:83911031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047932)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.60.179.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047932/; classtype:trojan-activity;sid:83911032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.114.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047928/; classtype:trojan-activity;sid:83911028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.191.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047927/; classtype:trojan-activity;sid:83911027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.74.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047926/; classtype:trojan-activity;sid:83911026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.40.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047925/; classtype:trojan-activity;sid:83911025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.11.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047924/; classtype:trojan-activity;sid:83911024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.130.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047922/; classtype:trojan-activity;sid:83911022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.29.29.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047923/; classtype:trojan-activity;sid:83911023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.201.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047920/; classtype:trojan-activity;sid:83911020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.22.242.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047921/; classtype:trojan-activity;sid:83911021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.224.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047919/; classtype:trojan-activity;sid:83911019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.80.196.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047917/; classtype:trojan-activity;sid:83911017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.190.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047918/; classtype:trojan-activity;sid:83911018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.138.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047916/; classtype:trojan-activity;sid:83911016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.115.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047915/; classtype:trojan-activity;sid:83911015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.241.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047913/; classtype:trojan-activity;sid:83911013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047914)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.36.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047914/; classtype:trojan-activity;sid:83911014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.251.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047912/; classtype:trojan-activity;sid:83911012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.219.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047911/; classtype:trojan-activity;sid:83911011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.92.240.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047910/; classtype:trojan-activity;sid:83911010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047908)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.252.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047908/; classtype:trojan-activity;sid:83911008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.168.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047909/; classtype:trojan-activity;sid:83911009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.224.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047907/; classtype:trojan-activity;sid:83911007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.252.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047906/; classtype:trojan-activity;sid:83911006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.135.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047905/; classtype:trojan-activity;sid:83911005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.184.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047904/; classtype:trojan-activity;sid:83911004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.201.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047903/; classtype:trojan-activity;sid:83911003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.30.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047901/; classtype:trojan-activity;sid:83911001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.48.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047902/; classtype:trojan-activity;sid:83911002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.115.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047900/; classtype:trojan-activity;sid:83911000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047899)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.243.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047899/; classtype:trojan-activity;sid:83910999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047898)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.219.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047898/; classtype:trojan-activity;sid:83910998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.88.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047897/; classtype:trojan-activity;sid:83910997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.43.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047896/; classtype:trojan-activity;sid:83910996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.191.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047895/; classtype:trojan-activity;sid:83910995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.74.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047894/; classtype:trojan-activity;sid:83910994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.136.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047893/; classtype:trojan-activity;sid:83910993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.140.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047890/; classtype:trojan-activity;sid:83910990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.29.29.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047891/; classtype:trojan-activity;sid:83910991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.99.232.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047892/; classtype:trojan-activity;sid:83910992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.109.149.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047889/; classtype:trojan-activity;sid:83910989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.157.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047888/; classtype:trojan-activity;sid:83910988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.241.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047887/; classtype:trojan-activity;sid:83910987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.184.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047886/; classtype:trojan-activity;sid:83910986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.222.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047885/; classtype:trojan-activity;sid:83910985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.252.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047884/; classtype:trojan-activity;sid:83910984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.146.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047883/; classtype:trojan-activity;sid:83910983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.4.18.220"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047881/; classtype:trojan-activity;sid:83910981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.92.240.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047882/; classtype:trojan-activity;sid:83910982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047880)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.39.19.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047880/; classtype:trojan-activity;sid:83910980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047878)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.99.232.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047878/; classtype:trojan-activity;sid:83910978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047879)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.171.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047879/; classtype:trojan-activity;sid:83910979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047877)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.12.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047877/; classtype:trojan-activity;sid:83910977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.20.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047875/; classtype:trojan-activity;sid:83910975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.247.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047876/; classtype:trojan-activity;sid:83910976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.235.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047874/; classtype:trojan-activity;sid:83910974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.168.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047873/; classtype:trojan-activity;sid:83910973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.12.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047872/; classtype:trojan-activity;sid:83910972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.179.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047870/; classtype:trojan-activity;sid:83910970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.97.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047871/; classtype:trojan-activity;sid:83910971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.122.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047869/; classtype:trojan-activity;sid:83910969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.135.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047867/; classtype:trojan-activity;sid:83910967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.92.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047868/; classtype:trojan-activity;sid:83910968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.238.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047866/; classtype:trojan-activity;sid:83910966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.90.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047865/; classtype:trojan-activity;sid:83910965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.160.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047864/; classtype:trojan-activity;sid:83910964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.38.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047863/; classtype:trojan-activity;sid:83910963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.94.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047862/; classtype:trojan-activity;sid:83910962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.43.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047861/; classtype:trojan-activity;sid:83910961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.235.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047860/; classtype:trojan-activity;sid:83910960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047859)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.52.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047859/; classtype:trojan-activity;sid:83910959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.84.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047857/; classtype:trojan-activity;sid:83910957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.233.46.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047858/; classtype:trojan-activity;sid:83910958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.230.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047855/; classtype:trojan-activity;sid:83910955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.213.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047856/; classtype:trojan-activity;sid:83910956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.249.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047854/; classtype:trojan-activity;sid:83910954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.142.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047853/; classtype:trojan-activity;sid:83910953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.99.232.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047852/; classtype:trojan-activity;sid:83910952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.140.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047851/; classtype:trojan-activity;sid:83910951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.238.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047850/; classtype:trojan-activity;sid:83910950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.179.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047849/; classtype:trojan-activity;sid:83910949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.235.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047848/; classtype:trojan-activity;sid:83910948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.167.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047847/; classtype:trojan-activity;sid:83910947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.128.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047846/; classtype:trojan-activity;sid:83910946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.4.18.220"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047845/; classtype:trojan-activity;sid:83910945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047844)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.7.121.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047844/; classtype:trojan-activity;sid:83910944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.17.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047843/; classtype:trojan-activity;sid:83910943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047842)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.233.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047842/; classtype:trojan-activity;sid:83910942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047841)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.20.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047841/; classtype:trojan-activity;sid:83910941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047840)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.250.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047840/; classtype:trojan-activity;sid:83910940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.247.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047839/; classtype:trojan-activity;sid:83910939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.160.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047838/; classtype:trojan-activity;sid:83910938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.175.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047836/; classtype:trojan-activity;sid:83910936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047837)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.88.55.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047837/; classtype:trojan-activity;sid:83910937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.135.221.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047835/; classtype:trojan-activity;sid:83910935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.196.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047834/; classtype:trojan-activity;sid:83910934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047833)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.80.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047833/; classtype:trojan-activity;sid:83910933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.46.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047831/; classtype:trojan-activity;sid:83910931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.249.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047832/; classtype:trojan-activity;sid:83910932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.224.75.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047830/; classtype:trojan-activity;sid:83910930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.61.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047829/; classtype:trojan-activity;sid:83910929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.89.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047828/; classtype:trojan-activity;sid:83910928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.193.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047827/; classtype:trojan-activity;sid:83910927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047826)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.12.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047826/; classtype:trojan-activity;sid:83910926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047825)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.176.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047825/; classtype:trojan-activity;sid:83910925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.102.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047824/; classtype:trojan-activity;sid:83910924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.93.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047823/; classtype:trojan-activity;sid:83910923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.243.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047822/; classtype:trojan-activity;sid:83910922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.238.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047821/; classtype:trojan-activity;sid:83910921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.83.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047816/; classtype:trojan-activity;sid:83910916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.196.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047817/; classtype:trojan-activity;sid:83910917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047818)"; flow:established,from_client; content:"GET"; http_method; content:"/60960/greatlionloveroseentierworldlover.gif"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"103.161.133.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047818/; classtype:trojan-activity;sid:83910918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047819)"; flow:established,from_client; content:"GET"; http_method; content:"/loud.doc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"heinltd.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047819/; classtype:trojan-activity;sid:83910919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047820)"; flow:established,from_client; content:"GET"; http_method; content:"/60960/bh/bh..x.x.xbh.....x.x.x.xbhbh.doc"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"103.161.133.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047820/; classtype:trojan-activity;sid:83910920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047815)"; flow:established,from_client; content:"GET"; http_method; content:"/loud.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"heinltd.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047815/; classtype:trojan-activity;sid:83910915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.214.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047814/; classtype:trojan-activity;sid:83910914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.160.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047813/; classtype:trojan-activity;sid:83910913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.171.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047812/; classtype:trojan-activity;sid:83910912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.25.232.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047811/; classtype:trojan-activity;sid:83910911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047810)"; flow:established,from_client; content:"GET"; http_method; content:"/prog/669662d10259b_file150724.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"79.137.192.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047810/; classtype:trojan-activity;sid:83910910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.183.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047809/; classtype:trojan-activity;sid:83910909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.205.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047808/; classtype:trojan-activity;sid:83910908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.238.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047807/; classtype:trojan-activity;sid:83910907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.196.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047806/; classtype:trojan-activity;sid:83910906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.43.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047805/; classtype:trojan-activity;sid:83910905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047804)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.173.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047804/; classtype:trojan-activity;sid:83910904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.225.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047803/; classtype:trojan-activity;sid:83910903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.58.37.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047802/; classtype:trojan-activity;sid:83910902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.175.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047801/; classtype:trojan-activity;sid:83910901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.147.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047800/; classtype:trojan-activity;sid:83910900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047799)"; flow:established,from_client; content:"GET"; http_method; content:"/fbgzu156.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"162.251.122.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047799/; classtype:trojan-activity;sid:83910899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047798)"; flow:established,from_client; content:"GET"; http_method; content:"/tadxlfbdnd151.bin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"162.251.122.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047798/; classtype:trojan-activity;sid:83910898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.46.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047796/; classtype:trojan-activity;sid:83910896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047797)"; flow:established,from_client; content:"GET"; http_method; content:"/szyzx148.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"162.251.122.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047797/; classtype:trojan-activity;sid:83910897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.61.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047795/; classtype:trojan-activity;sid:83910895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.38.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047794/; classtype:trojan-activity;sid:83910894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.102.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047793/; classtype:trojan-activity;sid:83910893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.55.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047792/; classtype:trojan-activity;sid:83910892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.25.232.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047791/; classtype:trojan-activity;sid:83910891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.4.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047790/; classtype:trojan-activity;sid:83910890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.84.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047789/; classtype:trojan-activity;sid:83910889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047788)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.95.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047788/; classtype:trojan-activity;sid:83910888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047787)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.65.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047787/; classtype:trojan-activity;sid:83910887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.86.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047786/; classtype:trojan-activity;sid:83910886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047785)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.130.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047785/; classtype:trojan-activity;sid:83910885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.186.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047784/; classtype:trojan-activity;sid:83910884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.59.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047783/; classtype:trojan-activity;sid:83910883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.43.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047782/; classtype:trojan-activity;sid:83910882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.227.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047781/; classtype:trojan-activity;sid:83910881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.90.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047779/; classtype:trojan-activity;sid:83910879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.25.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047780/; classtype:trojan-activity;sid:83910880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.205.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047778/; classtype:trojan-activity;sid:83910878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.105.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047777/; classtype:trojan-activity;sid:83910877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.92.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047776/; classtype:trojan-activity;sid:83910876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047775)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.85.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047775/; classtype:trojan-activity;sid:83910875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047774)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.213.194.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047774/; classtype:trojan-activity;sid:83910874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.253.104.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047773/; classtype:trojan-activity;sid:83910873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047771)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.124.105.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047771/; classtype:trojan-activity;sid:83910871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047772)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.92.240.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047772/; classtype:trojan-activity;sid:83910872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047770)"; flow:established,from_client; content:"GET"; http_method; content:"/winmod.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"quewex.serv00.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047770/; classtype:trojan-activity;sid:83910870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.49.110.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047766/; classtype:trojan-activity;sid:83910866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.197.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047767/; classtype:trojan-activity;sid:83910867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.0.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047768/; classtype:trojan-activity;sid:83910868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047769)"; flow:established,from_client; content:"GET"; http_method; content:"/berduno.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"xss.ls"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047769/; classtype:trojan-activity;sid:83910869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.251.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047764/; classtype:trojan-activity;sid:83910864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.90.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047765/; classtype:trojan-activity;sid:83910865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047763)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.4.183"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047763/; classtype:trojan-activity;sid:83910863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047762)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.197.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047762/; classtype:trojan-activity;sid:83910862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.223.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047761/; classtype:trojan-activity;sid:83910861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047760)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"172.38.0.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047760/; classtype:trojan-activity;sid:83910860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047759)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.42.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047759/; classtype:trojan-activity;sid:83910859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047758)"; flow:established,from_client; content:"GET"; http_method; content:"/prog/669698e482bd9_finesoft.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"79.137.192.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047758/; classtype:trojan-activity;sid:83910858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047757)"; flow:established,from_client; content:"GET"; http_method; content:"/prog/6696629242869_crypted.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"79.137.192.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047757/; classtype:trojan-activity;sid:83910857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047756)"; flow:established,from_client; content:"GET"; http_method; content:"/.n00b420/..vbuck.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.19.143.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047756/; classtype:trojan-activity;sid:83910856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047755)"; flow:established,from_client; content:"GET"; http_method; content:"/lopsa/66967d2323cae_cry.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"79.137.192.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047755/; classtype:trojan-activity;sid:83910855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047754)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/appmodedrivme.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"77.91.77.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047754/; classtype:trojan-activity;sid:83910854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047753)"; flow:established,from_client; content:"GET"; http_method; content:"/prog/6696621cecc83_crypted.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"79.137.192.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047753/; classtype:trojan-activity;sid:83910853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.168.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047751/; classtype:trojan-activity;sid:83910851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047752)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.147.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047752/; classtype:trojan-activity;sid:83910852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.151.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047750/; classtype:trojan-activity;sid:83910850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047749)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.107.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047749/; classtype:trojan-activity;sid:83910849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047748)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.137.142"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047748/; classtype:trojan-activity;sid:83910848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.148.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047747/; classtype:trojan-activity;sid:83910847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047746)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.184.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047746/; classtype:trojan-activity;sid:83910846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047745)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.254.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047745/; classtype:trojan-activity;sid:83910845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047744)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.12.87"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047744/; classtype:trojan-activity;sid:83910844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047743)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mnqd.schedule.golfballnutz.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047743/; classtype:trojan-activity;sid:83910843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.195.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047742/; classtype:trojan-activity;sid:83910842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.64.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047741/; classtype:trojan-activity;sid:83910841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.0.148.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047740/; classtype:trojan-activity;sid:83910840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.164.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047739/; classtype:trojan-activity;sid:83910839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.1.233"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047738/; classtype:trojan-activity;sid:83910838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.83.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047737/; classtype:trojan-activity;sid:83910837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047736)"; flow:established,from_client; content:"GET"; http_method; content:"/prog/669698e482bd9_finesoft.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"79.137.192.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047736/; classtype:trojan-activity;sid:83910836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.112.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047735/; classtype:trojan-activity;sid:83910835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.88.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047734/; classtype:trojan-activity;sid:83910834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047733)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.91.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047733/; classtype:trojan-activity;sid:83910833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.230.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047731/; classtype:trojan-activity;sid:83910831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.112.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047732/; classtype:trojan-activity;sid:83910832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047730)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.185.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047730/; classtype:trojan-activity;sid:83910830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047729)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.20.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047729/; classtype:trojan-activity;sid:83910829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047728)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.183.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047728/; classtype:trojan-activity;sid:83910828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.32.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047727/; classtype:trojan-activity;sid:83910827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.141.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047726/; classtype:trojan-activity;sid:83910826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.193.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047725/; classtype:trojan-activity;sid:83910825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.29.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047724/; classtype:trojan-activity;sid:83910824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.166.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047723/; classtype:trojan-activity;sid:83910823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.100.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047722/; classtype:trojan-activity;sid:83910822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.43.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047721/; classtype:trojan-activity;sid:83910821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.40.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047720/; classtype:trojan-activity;sid:83910820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.163.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047719/; classtype:trojan-activity;sid:83910819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.41.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047718/; classtype:trojan-activity;sid:83910818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.125.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047717/; classtype:trojan-activity;sid:83910817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.64.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047716/; classtype:trojan-activity;sid:83910816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.183.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047715/; classtype:trojan-activity;sid:83910815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.210.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047714/; classtype:trojan-activity;sid:83910814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.34.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047713/; classtype:trojan-activity;sid:83910813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047712)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.204.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047712/; classtype:trojan-activity;sid:83910812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047711)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.59.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047711/; classtype:trojan-activity;sid:83910811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.60.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047710/; classtype:trojan-activity;sid:83910810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047709)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.127.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047709/; classtype:trojan-activity;sid:83910809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.10.144.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047708/; classtype:trojan-activity;sid:83910808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047705)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.234.60.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047705/; classtype:trojan-activity;sid:83910805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.94.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047706/; classtype:trojan-activity;sid:83910806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047707)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.227.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047707/; classtype:trojan-activity;sid:83910807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047704)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.121.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047704/; classtype:trojan-activity;sid:83910804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047703)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.152.15.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047703/; classtype:trojan-activity;sid:83910803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047702)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.254.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047702/; classtype:trojan-activity;sid:83910802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047701)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.30.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047701/; classtype:trojan-activity;sid:83910801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.64.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047700/; classtype:trojan-activity;sid:83910800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047699)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.21.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047699/; classtype:trojan-activity;sid:83910799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.19.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047698/; classtype:trojan-activity;sid:83910798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.69.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_17; reference:url, urlhaus.abuse.ch/url/3047697/; classtype:trojan-activity;sid:83910797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047638)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.155.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3047638/; classtype:trojan-activity;sid:83910738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047335)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.35.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3047335/; classtype:trojan-activity;sid:83910435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047318)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.83.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3047318/; classtype:trojan-activity;sid:83910418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"205.209.246.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3047301/; classtype:trojan-activity;sid:83910401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.232.132.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3047113/; classtype:trojan-activity;sid:83910213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047056)"; flow:established,from_client; content:"GET"; http_method; content:"/drp/ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.196.9.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3047056/; classtype:trojan-activity;sid:83910156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047057)"; flow:established,from_client; content:"GET"; http_method; content:"/drp/sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.196.9.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3047057/; classtype:trojan-activity;sid:83910157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047058)"; flow:established,from_client; content:"GET"; http_method; content:"/drp/spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.196.9.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3047058/; classtype:trojan-activity;sid:83910158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047059)"; flow:established,from_client; content:"GET"; http_method; content:"/drp/x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.196.9.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3047059/; classtype:trojan-activity;sid:83910159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047060)"; flow:established,from_client; content:"GET"; http_method; content:"/drp/arm4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.196.9.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3047060/; classtype:trojan-activity;sid:83910160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047061)"; flow:established,from_client; content:"GET"; http_method; content:"/drp/arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.196.9.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3047061/; classtype:trojan-activity;sid:83910161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047062)"; flow:established,from_client; content:"GET"; http_method; content:"/drp/arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.196.9.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3047062/; classtype:trojan-activity;sid:83910162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.6.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3047049/; classtype:trojan-activity;sid:83910149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047053)"; flow:established,from_client; content:"GET"; http_method; content:"/drp/mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.196.9.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3047053/; classtype:trojan-activity;sid:83910153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047055)"; flow:established,from_client; content:"GET"; http_method; content:"/drp/mipsel"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.196.9.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3047055/; classtype:trojan-activity;sid:83910155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047043)"; flow:established,from_client; content:"GET"; http_method; content:"/drp/m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.196.9.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3047043/; classtype:trojan-activity;sid:83910143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3047046)"; flow:established,from_client; content:"GET"; http_method; content:"/drp/arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.196.9.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3047046/; classtype:trojan-activity;sid:83910146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.244.234.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046998/; classtype:trojan-activity;sid:83910098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.6.88.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046980/; classtype:trojan-activity;sid:83910080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.101.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046969/; classtype:trojan-activity;sid:83910069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046949)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.205.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046949/; classtype:trojan-activity;sid:83910049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046881)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.102.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046881/; classtype:trojan-activity;sid:83909981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046871)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.208.158.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046871/; classtype:trojan-activity;sid:83909971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046872)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.208.158.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046872/; classtype:trojan-activity;sid:83909972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046865)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.208.158.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046865/; classtype:trojan-activity;sid:83909965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046866)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.208.158.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046866/; classtype:trojan-activity;sid:83909966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046867)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.208.158.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046867/; classtype:trojan-activity;sid:83909967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046861)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.208.158.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046861/; classtype:trojan-activity;sid:83909961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046794)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.208.158.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046794/; classtype:trojan-activity;sid:83909894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046773)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.208.158.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046773/; classtype:trojan-activity;sid:83909873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046753)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.208.158.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046753/; classtype:trojan-activity;sid:83909853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046705)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.208.158.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046705/; classtype:trojan-activity;sid:83909805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046702)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.208.158.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046702/; classtype:trojan-activity;sid:83909802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046651)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.208.158.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046651/; classtype:trojan-activity;sid:83909751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046559)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1xvwttdidff3eukgariw1lyrdoqyisrvt"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046559/; classtype:trojan-activity;sid:83909659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.251.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046557/; classtype:trojan-activity;sid:83909657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046527)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.55.98.253"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046527/; classtype:trojan-activity;sid:83909627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046477)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.61.176.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046477/; classtype:trojan-activity;sid:83909577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.6.88.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046425/; classtype:trojan-activity;sid:83909525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.242.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046314/; classtype:trojan-activity;sid:83909414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046280)"; flow:established,from_client; content:"GET"; http_method; content:"/evjrutwzcqip48.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"skbm.ba"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046280/; classtype:trojan-activity;sid:83909380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046279)"; flow:established,from_client; content:"GET"; http_method; content:"/evjrutwzcqip48.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"skbm.ba"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046279/; classtype:trojan-activity;sid:83909379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.242.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046278/; classtype:trojan-activity;sid:83909378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046243)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.197.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046243/; classtype:trojan-activity;sid:83909343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.101.248.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046183/; classtype:trojan-activity;sid:83909283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046074)"; flow:established,from_client; content:"GET"; http_method; content:"/tv.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.232.181.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046074/; classtype:trojan-activity;sid:83909174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046070)"; flow:established,from_client; content:"GET"; http_method; content:"/d3l.ps1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"191.232.181.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046070/; classtype:trojan-activity;sid:83909170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046071)"; flow:established,from_client; content:"GET"; http_method; content:"/tv2.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"191.232.181.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046071/; classtype:trojan-activity;sid:83909171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046072)"; flow:established,from_client; content:"GET"; http_method; content:"/shell.bat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"191.232.181.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046072/; classtype:trojan-activity;sid:83909172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046073)"; flow:established,from_client; content:"GET"; http_method; content:"/peekaboo.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"191.232.181.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046073/; classtype:trojan-activity;sid:83909173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046060)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.239.34.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046060/; classtype:trojan-activity;sid:83909160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3046000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.155.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3046000/; classtype:trojan-activity;sid:83909100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.213.228.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3045987/; classtype:trojan-activity;sid:83909087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.155.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_16; reference:url, urlhaus.abuse.ch/url/3045965/; classtype:trojan-activity;sid:83909065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045565)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.208.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045565/; classtype:trojan-activity;sid:83908665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045530)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.208.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045530/; classtype:trojan-activity;sid:83908630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045522)"; flow:established,from_client; content:"GET"; http_method; content:"//arm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.208.158.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045522/; classtype:trojan-activity;sid:83908622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045523)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.239.34.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045523/; classtype:trojan-activity;sid:83908623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045524)"; flow:established,from_client; content:"GET"; http_method; content:"//x86_64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.208.158.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045524/; classtype:trojan-activity;sid:83908624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045525)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.239.34.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045525/; classtype:trojan-activity;sid:83908625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045518)"; flow:established,from_client; content:"GET"; http_method; content:"//ppc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.208.158.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045518/; classtype:trojan-activity;sid:83908618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045519)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.208.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045519/; classtype:trojan-activity;sid:83908619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045520)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.208.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045520/; classtype:trojan-activity;sid:83908620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045521)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.208.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045521/; classtype:trojan-activity;sid:83908621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045515)"; flow:established,from_client; content:"GET"; http_method; content:"//arm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.208.158.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045515/; classtype:trojan-activity;sid:83908615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045516)"; flow:established,from_client; content:"GET"; http_method; content:"//arm6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.208.158.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045516/; classtype:trojan-activity;sid:83908616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045517)"; flow:established,from_client; content:"GET"; http_method; content:"//x86"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.208.158.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045517/; classtype:trojan-activity;sid:83908617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045510)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.208.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045510/; classtype:trojan-activity;sid:83908610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045513)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.208.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045513/; classtype:trojan-activity;sid:83908613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045502)"; flow:established,from_client; content:"GET"; http_method; content:"//mpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.208.158.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045502/; classtype:trojan-activity;sid:83908602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045506)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.208.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045506/; classtype:trojan-activity;sid:83908606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045486)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.239.34.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045486/; classtype:trojan-activity;sid:83908586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045487)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.239.34.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045487/; classtype:trojan-activity;sid:83908587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045489)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.208.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045489/; classtype:trojan-activity;sid:83908589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045490)"; flow:established,from_client; content:"GET"; http_method; content:"//sh4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.208.158.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045490/; classtype:trojan-activity;sid:83908590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045492)"; flow:established,from_client; content:"GET"; http_method; content:"//arm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.208.158.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045492/; classtype:trojan-activity;sid:83908592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045493)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.208.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045493/; classtype:trojan-activity;sid:83908593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045494)"; flow:established,from_client; content:"GET"; http_method; content:"//m68k"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.208.158.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045494/; classtype:trojan-activity;sid:83908594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045495)"; flow:established,from_client; content:"GET"; http_method; content:"//spc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.208.158.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045495/; classtype:trojan-activity;sid:83908595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045496)"; flow:established,from_client; content:"GET"; http_method; content:"/gmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"85.239.34.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045496/; classtype:trojan-activity;sid:83908596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045485)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.208.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045485/; classtype:trojan-activity;sid:83908585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045482)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.208.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045482/; classtype:trojan-activity;sid:83908582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045483)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.208.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045483/; classtype:trojan-activity;sid:83908583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045484)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.208.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045484/; classtype:trojan-activity;sid:83908584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045359)"; flow:established,from_client; content:"GET"; http_method; content:"/1/file.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"hydewood.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045359/; classtype:trojan-activity;sid:83908459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045357)"; flow:established,from_client; content:"GET"; http_method; content:"/1/ttteee.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"hydewood.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045357/; classtype:trojan-activity;sid:83908457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045358)"; flow:established,from_client; content:"GET"; http_method; content:"/1/ttteee.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"hydewood.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045358/; classtype:trojan-activity;sid:83908458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045328)"; flow:established,from_client; content:"GET"; http_method; content:"/111.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.69.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045328/; classtype:trojan-activity;sid:83908428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045329)"; flow:established,from_client; content:"GET"; http_method; content:"/qidong.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.69.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045329/; classtype:trojan-activity;sid:83908429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045327)"; flow:established,from_client; content:"GET"; http_method; content:"/shell.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.69.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045327/; classtype:trojan-activity;sid:83908427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045326)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.208.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045326/; classtype:trojan-activity;sid:83908426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045319)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.66.231.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045319/; classtype:trojan-activity;sid:83908419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045320)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.208.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045320/; classtype:trojan-activity;sid:83908420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045321)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.66.231.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045321/; classtype:trojan-activity;sid:83908421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045322)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.208.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045322/; classtype:trojan-activity;sid:83908422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045323)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.66.231.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045323/; classtype:trojan-activity;sid:83908423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045324)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.66.231.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045324/; classtype:trojan-activity;sid:83908424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045325)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.66.231.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045325/; classtype:trojan-activity;sid:83908425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045317)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.66.231.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045317/; classtype:trojan-activity;sid:83908417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045318)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.66.231.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045318/; classtype:trojan-activity;sid:83908418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045313)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.66.231.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045313/; classtype:trojan-activity;sid:83908413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045314)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.208.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045314/; classtype:trojan-activity;sid:83908414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045315)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.208.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045315/; classtype:trojan-activity;sid:83908415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045286)"; flow:established,from_client; content:"GET"; http_method; content:"/1/file.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"hydewood.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045286/; classtype:trojan-activity;sid:83908386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045218)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"tsrv1.ws"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045218/; classtype:trojan-activity;sid:83908318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045217)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tsrv1.ws"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045217/; classtype:trojan-activity;sid:83908317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045216)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"tsrv1.ws"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045216/; classtype:trojan-activity;sid:83908316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045204)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045204/; classtype:trojan-activity;sid:83908304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045205)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045205/; classtype:trojan-activity;sid:83908305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045201)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045201/; classtype:trojan-activity;sid:83908301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045202)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045202/; classtype:trojan-activity;sid:83908302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045203)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045203/; classtype:trojan-activity;sid:83908303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045200)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"aefiabeuodbauobfafoebbf.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045200/; classtype:trojan-activity;sid:83908300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045199)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045199/; classtype:trojan-activity;sid:83908299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045198)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"thaus.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045198/; classtype:trojan-activity;sid:83908298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045192)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045192/; classtype:trojan-activity;sid:83908292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045193)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045193/; classtype:trojan-activity;sid:83908293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045194)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045194/; classtype:trojan-activity;sid:83908294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045195)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"fihsifuiiusuiuduf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045195/; classtype:trojan-activity;sid:83908295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045187)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045187/; classtype:trojan-activity;sid:83908287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045188)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"thaus.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045188/; classtype:trojan-activity;sid:83908288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045189)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fihsifuiiusuiuduf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045189/; classtype:trojan-activity;sid:83908289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045190)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045190/; classtype:trojan-activity;sid:83908290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045191)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045191/; classtype:trojan-activity;sid:83908291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045186)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045186/; classtype:trojan-activity;sid:83908286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045181)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aefiabeuodbauobfafoebbf.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045181/; classtype:trojan-activity;sid:83908281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045182)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fihsifuiiusuiuduf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045182/; classtype:trojan-activity;sid:83908282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045183)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045183/; classtype:trojan-activity;sid:83908283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045184)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045184/; classtype:trojan-activity;sid:83908284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045185)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"thaus.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045185/; classtype:trojan-activity;sid:83908285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045180)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fihsifuiiusuiuduf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045180/; classtype:trojan-activity;sid:83908280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045178)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"thaus.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045178/; classtype:trojan-activity;sid:83908278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045179)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aefiabeuodbauobfafoebbf.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045179/; classtype:trojan-activity;sid:83908279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045176)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045176/; classtype:trojan-activity;sid:83908276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045177)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045177/; classtype:trojan-activity;sid:83908277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045174)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045174/; classtype:trojan-activity;sid:83908274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045175)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045175/; classtype:trojan-activity;sid:83908275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045173)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aefiabeuodbauobfafoebbf.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045173/; classtype:trojan-activity;sid:83908273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045171)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"aefiabeuodbauobfafoebbf.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045171/; classtype:trojan-activity;sid:83908271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045170)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"thaus.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045170/; classtype:trojan-activity;sid:83908270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045166)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045166/; classtype:trojan-activity;sid:83908266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045167)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"fihsifuiiusuiuduf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045167/; classtype:trojan-activity;sid:83908267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045168)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045168/; classtype:trojan-activity;sid:83908268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045169)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045169/; classtype:trojan-activity;sid:83908269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045163)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045163/; classtype:trojan-activity;sid:83908263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045164)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045164/; classtype:trojan-activity;sid:83908264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045165)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045165/; classtype:trojan-activity;sid:83908265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045161)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045161/; classtype:trojan-activity;sid:83908261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045162)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045162/; classtype:trojan-activity;sid:83908262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045155)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045155/; classtype:trojan-activity;sid:83908255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045156)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aiiaiafrzrueuedur.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045156/; classtype:trojan-activity;sid:83908256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045157)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045157/; classtype:trojan-activity;sid:83908257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045158)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"eguaheoghouughahsu.cc"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045158/; classtype:trojan-activity;sid:83908258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045159)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045159/; classtype:trojan-activity;sid:83908259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045160)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045160/; classtype:trojan-activity;sid:83908260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045148)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045148/; classtype:trojan-activity;sid:83908248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045145)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045145/; classtype:trojan-activity;sid:83908245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045146)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045146/; classtype:trojan-activity;sid:83908246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045144)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045144/; classtype:trojan-activity;sid:83908244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045129)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.66.231.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045129/; classtype:trojan-activity;sid:83908229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045130)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.66.231.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045130/; classtype:trojan-activity;sid:83908230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.251.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045124/; classtype:trojan-activity;sid:83908224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045067)"; flow:established,from_client; content:"GET"; http_method; content:"/woxyouvbg230.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"anchornorth.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045067/; classtype:trojan-activity;sid:83908167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.66.68.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045057/; classtype:trojan-activity;sid:83908157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.66.68.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045035/; classtype:trojan-activity;sid:83908135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3044875)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.239.34.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3044875/; classtype:trojan-activity;sid:83907975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3044876)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.239.34.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3044876/; classtype:trojan-activity;sid:83907976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3044877)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.239.34.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3044877/; classtype:trojan-activity;sid:83907977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3044878)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.239.34.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3044878/; classtype:trojan-activity;sid:83907978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3044693)"; flow:established,from_client; content:"GET"; http_method; content:"/56c57ad9d521c6c4/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"85.28.47.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3044693/; classtype:trojan-activity;sid:83907793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3044694)"; flow:established,from_client; content:"GET"; http_method; content:"/56c57ad9d521c6c4/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"85.28.47.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3044694/; classtype:trojan-activity;sid:83907794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3044695)"; flow:established,from_client; content:"GET"; http_method; content:"/56c57ad9d521c6c4/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"85.28.47.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3044695/; classtype:trojan-activity;sid:83907795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3044696)"; flow:established,from_client; content:"GET"; http_method; content:"/56c57ad9d521c6c4/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"85.28.47.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3044696/; classtype:trojan-activity;sid:83907796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3044697)"; flow:established,from_client; content:"GET"; http_method; content:"/56c57ad9d521c6c4/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"85.28.47.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3044697/; classtype:trojan-activity;sid:83907797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3044698)"; flow:established,from_client; content:"GET"; http_method; content:"/56c57ad9d521c6c4/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"85.28.47.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3044698/; classtype:trojan-activity;sid:83907798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3044699)"; flow:established,from_client; content:"GET"; http_method; content:"/56c57ad9d521c6c4/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"85.28.47.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3044699/; classtype:trojan-activity;sid:83907799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3044662)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"37.156.29.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3044662/; classtype:trojan-activity;sid:83907762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3044498)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"212.80.18.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3044498/; classtype:trojan-activity;sid:83907598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3044494)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"212.80.18.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3044494/; classtype:trojan-activity;sid:83907594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3044495)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"212.80.18.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3044495/; classtype:trojan-activity;sid:83907595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3044484)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"212.80.18.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3044484/; classtype:trojan-activity;sid:83907584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3044485)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sparc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"212.80.18.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3044485/; classtype:trojan-activity;sid:83907585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3044486)"; flow:established,from_client; content:"GET"; http_method; content:"/updaterr.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"50.114.185.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3044486/; classtype:trojan-activity;sid:83907586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3044487)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"212.80.18.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3044487/; classtype:trojan-activity;sid:83907587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3044488)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"212.80.18.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3044488/; classtype:trojan-activity;sid:83907588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3044490)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"212.80.18.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3044490/; classtype:trojan-activity;sid:83907590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3044493)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"212.80.18.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3044493/; classtype:trojan-activity;sid:83907593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3044436)"; flow:established,from_client; content:"GET"; http_method; content:"/dist/kkm_kz/kz_kkm_2.4.2.3.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"dist.eda1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3044436/; classtype:trojan-activity;sid:83907536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3044431)"; flow:established,from_client; content:"GET"; http_method; content:"/dist/kkm/kkm.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"dist.eda1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3044431/; classtype:trojan-activity;sid:83907531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3044418)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.187.6.249"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3044418/; classtype:trojan-activity;sid:83907518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3044131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.60.179.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3044131/; classtype:trojan-activity;sid:83907231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3043870)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.240.211.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_14; reference:url, urlhaus.abuse.ch/url/3043870/; classtype:trojan-activity;sid:83906970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3043387)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.249.236.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_14; reference:url, urlhaus.abuse.ch/url/3043387/; classtype:trojan-activity;sid:83906487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3043162)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.46.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_14; reference:url, urlhaus.abuse.ch/url/3043162/; classtype:trojan-activity;sid:83906262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3043035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.197.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_14; reference:url, urlhaus.abuse.ch/url/3043035/; classtype:trojan-activity;sid:83906135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3042850)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.208.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_14; reference:url, urlhaus.abuse.ch/url/3042850/; classtype:trojan-activity;sid:83905950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3042851)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.208.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_14; reference:url, urlhaus.abuse.ch/url/3042851/; classtype:trojan-activity;sid:83905951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3042771)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.208.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_14; reference:url, urlhaus.abuse.ch/url/3042771/; classtype:trojan-activity;sid:83905871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3042650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.240.38.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_14; reference:url, urlhaus.abuse.ch/url/3042650/; classtype:trojan-activity;sid:83905750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3042589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.60.179.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_14; reference:url, urlhaus.abuse.ch/url/3042589/; classtype:trojan-activity;sid:83905689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3042324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"210.22.177.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/3042324/; classtype:trojan-activity;sid:83905424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3042321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.232.132.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/3042321/; classtype:trojan-activity;sid:83905421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3042305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.22.177.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/3042305/; classtype:trojan-activity;sid:83905405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3016772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.158.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/3016772/; classtype:trojan-activity;sid:83879872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2998226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.231.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2998226/; classtype:trojan-activity;sid:83861326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2993979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.158.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2993979/; classtype:trojan-activity;sid:83857079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2988449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.231.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2988449/; classtype:trojan-activity;sid:83851549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2988435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.240.38.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2988435/; classtype:trojan-activity;sid:83851535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968724)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/1.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"inspirepk.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968724/; classtype:trojan-activity;sid:83831824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.59.0.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968687/; classtype:trojan-activity;sid:83831787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968688)"; flow:established,from_client; content:"GET"; http_method; content:"/av_downloader1.1.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968688/; classtype:trojan-activity;sid:83831788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968679)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/12.apk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968679/; classtype:trojan-activity;sid:83831779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968678)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/22.apk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968678/; classtype:trojan-activity;sid:83831778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.163.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968658/; classtype:trojan-activity;sid:83831758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.163.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968634/; classtype:trojan-activity;sid:83831734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953457)"; flow:established,from_client; content:"GET"; http_method; content:"/1337/mfceum-4.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953457/; classtype:trojan-activity;sid:83816557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953458)"; flow:established,from_client; content:"GET"; http_method; content:"/tpbactivetor/mfceum-4.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953458/; classtype:trojan-activity;sid:83816558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953456)"; flow:established,from_client; content:"GET"; http_method; content:"/freeapps/mfceum-4.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953456/; classtype:trojan-activity;sid:83816556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953455)"; flow:established,from_client; content:"GET"; http_method; content:"/hexo-software/sazae-1.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953455/; classtype:trojan-activity;sid:83816555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953450)"; flow:established,from_client; content:"GET"; http_method; content:"/freeapps/rrobknnz-freeapps.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953450/; classtype:trojan-activity;sid:83816550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953451)"; flow:established,from_client; content:"GET"; http_method; content:"/newz2k/rrobknnz-z2k.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953451/; classtype:trojan-activity;sid:83816551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953452)"; flow:established,from_client; content:"GET"; http_method; content:"/limetor/mfceum-4.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953452/; classtype:trojan-activity;sid:83816552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953453)"; flow:established,from_client; content:"GET"; http_method; content:"/torrent-spam/kbdxdxwj-1.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953453/; classtype:trojan-activity;sid:83816553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953454)"; flow:established,from_client; content:"GET"; http_method; content:"/newz2k/mfceum-4.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953454/; classtype:trojan-activity;sid:83816554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953448)"; flow:established,from_client; content:"GET"; http_method; content:"/limetor/rrobknnz-limetorrents.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953448/; classtype:trojan-activity;sid:83816548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953449)"; flow:established,from_client; content:"GET"; http_method; content:"/hexo-software/hexo-software-1.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953449/; classtype:trojan-activity;sid:83816549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953440)"; flow:established,from_client; content:"GET"; http_method; content:"/limetor/kgilth-lime-3.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953440/; classtype:trojan-activity;sid:83816540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953441)"; flow:established,from_client; content:"GET"; http_method; content:"/tpbactivetor/update.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953441/; classtype:trojan-activity;sid:83816541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953442)"; flow:established,from_client; content:"GET"; http_method; content:"/freeapps/dzodhr-free-2.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953442/; classtype:trojan-activity;sid:83816542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953443)"; flow:established,from_client; content:"GET"; http_method; content:"/freeapps/dzodhr-free-3.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953443/; classtype:trojan-activity;sid:83816543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953444)"; flow:established,from_client; content:"GET"; http_method; content:"/1337/wjgqesf-old-2.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953444/; classtype:trojan-activity;sid:83816544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953445)"; flow:established,from_client; content:"GET"; http_method; content:"/limetor/kgilth-lime-2.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953445/; classtype:trojan-activity;sid:83816545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953446)"; flow:established,from_client; content:"GET"; http_method; content:"/tpbactivetor/rrobknnz-tpba.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953446/; classtype:trojan-activity;sid:83816546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953447)"; flow:established,from_client; content:"GET"; http_method; content:"/1337/wjgqesf-old-3.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953447/; classtype:trojan-activity;sid:83816547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953439)"; flow:established,from_client; content:"GET"; http_method; content:"/1337/rrobknnz-torrentold.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953439/; classtype:trojan-activity;sid:83816539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953437)"; flow:established,from_client; content:"GET"; http_method; content:"/hexo-software/sazae-2.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953437/; classtype:trojan-activity;sid:83816537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953438)"; flow:established,from_client; content:"GET"; http_method; content:"/torrent-spam/kbdxdxwj-2.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953438/; classtype:trojan-activity;sid:83816538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953435)"; flow:established,from_client; content:"GET"; http_method; content:"/tpbactivetor/tpb-activator-1.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953435/; classtype:trojan-activity;sid:83816535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953436)"; flow:established,from_client; content:"GET"; http_method; content:"/torrent-spam/torrent-spam-1.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953436/; classtype:trojan-activity;sid:83816536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953432)"; flow:established,from_client; content:"GET"; http_method; content:"/newz2k/ivnut-z2k-3.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953432/; classtype:trojan-activity;sid:83816532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953433)"; flow:established,from_client; content:"GET"; http_method; content:"/freeapps/free-apps-1.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953433/; classtype:trojan-activity;sid:83816533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953434)"; flow:established,from_client; content:"GET"; http_method; content:"/limetor/limetorrents-1.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953434/; classtype:trojan-activity;sid:83816534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953429)"; flow:established,from_client; content:"GET"; http_method; content:"/1337/torrentold-1.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953429/; classtype:trojan-activity;sid:83816529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953430)"; flow:established,from_client; content:"GET"; http_method; content:"/newz2k/ivnut-z2k-2.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953430/; classtype:trojan-activity;sid:83816530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953431)"; flow:established,from_client; content:"GET"; http_method; content:"/newz2k/z2k-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953431/; classtype:trojan-activity;sid:83816531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953361)"; flow:established,from_client; content:"GET"; http_method; content:"/z2knew/mfceum-4.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953361/; classtype:trojan-activity;sid:83816461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953360)"; flow:established,from_client; content:"GET"; http_method; content:"/z2knew/rrobknnz-z2k.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953360/; classtype:trojan-activity;sid:83816460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953356)"; flow:established,from_client; content:"GET"; http_method; content:"/z2knew/ivnut-z2k-3.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953356/; classtype:trojan-activity;sid:83816456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953357)"; flow:established,from_client; content:"GET"; http_method; content:"/z2knew/z2k-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953357/; classtype:trojan-activity;sid:83816457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953358)"; flow:established,from_client; content:"GET"; http_method; content:"/z2knew/ivnut-z2k-2.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953358/; classtype:trojan-activity;sid:83816458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953269)"; flow:established,from_client; content:"GET"; http_method; content:"/tpb-2-links/ntprfgupx-1.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953269/; classtype:trojan-activity;sid:83816369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953270)"; flow:established,from_client; content:"GET"; http_method; content:"/tpb-2-links/ntprfgupx-2.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953270/; classtype:trojan-activity;sid:83816370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953265)"; flow:established,from_client; content:"GET"; http_method; content:"/tpb-2-links/tpb-1.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953265/; classtype:trojan-activity;sid:83816365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953247)"; flow:established,from_client; content:"GET"; http_method; content:"/tg-source/tg-source-1.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953247/; classtype:trojan-activity;sid:83816347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953246)"; flow:established,from_client; content:"GET"; http_method; content:"/tg-source/tg-source-2.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953246/; classtype:trojan-activity;sid:83816346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.63.155.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953229/; classtype:trojan-activity;sid:83816329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953227)"; flow:established,from_client; content:"GET"; http_method; content:"/tpb-g/tpb-grenn-1.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953227/; classtype:trojan-activity;sid:83816327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953228)"; flow:established,from_client; content:"GET"; http_method; content:"/tpb-g/ndhqvdmn-1.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953228/; classtype:trojan-activity;sid:83816328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953220)"; flow:established,from_client; content:"GET"; http_method; content:"/autotask/q-backup.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953220/; classtype:trojan-activity;sid:83816320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953221)"; flow:established,from_client; content:"GET"; http_method; content:"/autotask/moriwnrn.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953221/; classtype:trojan-activity;sid:83816321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953223)"; flow:established,from_client; content:"GET"; http_method; content:"/autotask/overlay2.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953223/; classtype:trojan-activity;sid:83816323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953224)"; flow:established,from_client; content:"GET"; http_method; content:"/update/rrobknnz-tpb.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953224/; classtype:trojan-activity;sid:83816324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953225)"; flow:established,from_client; content:"GET"; http_method; content:"/autotask/eppzjtedzmk.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953225/; classtype:trojan-activity;sid:83816325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953219)"; flow:established,from_client; content:"GET"; http_method; content:"/autotask/overlaycrypt.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953219/; classtype:trojan-activity;sid:83816319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953215)"; flow:established,from_client; content:"GET"; http_method; content:"/update/tpb-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953215/; classtype:trojan-activity;sid:83816315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953214)"; flow:established,from_client; content:"GET"; http_method; content:"/autotask/eflbu.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953214/; classtype:trojan-activity;sid:83816314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953208)"; flow:established,from_client; content:"GET"; http_method; content:"/tg-source/trkyzwvg-tg-r.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953208/; classtype:trojan-activity;sid:83816308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953209)"; flow:established,from_client; content:"GET"; http_method; content:"/tg-source/trkyzwvg-tg-a.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.196.9.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953209/; classtype:trojan-activity;sid:83816309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953183)"; flow:established,from_client; content:"GET"; http_method; content:"/random.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"serviweb-ag-dkb.itsaol.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953183/; classtype:trojan-activity;sid:83816283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953184)"; flow:established,from_client; content:"GET"; http_method; content:"/random.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"m-ag-dkb-login-id.itsaol.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953184/; classtype:trojan-activity;sid:83816284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953185)"; flow:established,from_client; content:"GET"; http_method; content:"/random.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"id-formulare-ag-login.myz.info"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953185/; classtype:trojan-activity;sid:83816285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953180)"; flow:established,from_client; content:"GET"; http_method; content:"/am/random.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"id-formulare-ag-login.myz.info"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953180/; classtype:trojan-activity;sid:83816280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953181)"; flow:established,from_client; content:"GET"; http_method; content:"/am/random.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"serviweb-ag-dkb.itsaol.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953181/; classtype:trojan-activity;sid:83816281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953182)"; flow:established,from_client; content:"GET"; http_method; content:"/am/random.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m-ag-dkb-login-id.itsaol.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953182/; classtype:trojan-activity;sid:83816282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953174)"; flow:established,from_client; content:"GET"; http_method; content:"/am/random.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.196.8.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953174/; classtype:trojan-activity;sid:83816274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.63.155.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953173/; classtype:trojan-activity;sid:83816273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.135.221.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953151/; classtype:trojan-activity;sid:83816251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953144)"; flow:established,from_client; content:"GET"; http_method; content:"/random.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.196.8.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953144/; classtype:trojan-activity;sid:83816244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.135.221.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953091/; classtype:trojan-activity;sid:83816191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952926)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.37.140.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2952926/; classtype:trojan-activity;sid:83816026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.220.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2952765/; classtype:trojan-activity;sid:83815865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.63.155.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2952724/; classtype:trojan-activity;sid:83815824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.197.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2952698/; classtype:trojan-activity;sid:83815798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.220.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952353/; classtype:trojan-activity;sid:83815453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952327)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1xlvjhhrjt6siivltqjcfbcc61ijiddpb"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952327/; classtype:trojan-activity;sid:83815427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952278)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/rz.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952278/; classtype:trojan-activity;sid:83815378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952271)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/ny1.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952271/; classtype:trojan-activity;sid:83815371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952272)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/async.txt"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952272/; classtype:trojan-activity;sid:83815372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952273)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/wx1.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952273/; classtype:trojan-activity;sid:83815373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952274)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/rup.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952274/; classtype:trojan-activity;sid:83815374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952275)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/rr2.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952275/; classtype:trojan-activity;sid:83815375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952276)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/r.txt"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952276/; classtype:trojan-activity;sid:83815376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952277)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/rmup.txt"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952277/; classtype:trojan-activity;sid:83815377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952266)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/nj.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952266/; classtype:trojan-activity;sid:83815366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952267)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/nj.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952267/; classtype:trojan-activity;sid:83815367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952268)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nc.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952268/; classtype:trojan-activity;sid:83815368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952269)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/ny0.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952269/; classtype:trojan-activity;sid:83815369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952270)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/rcup3.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952270/; classtype:trojan-activity;sid:83815370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952263)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/r1.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952263/; classtype:trojan-activity;sid:83815363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952264)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/nx.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952264/; classtype:trojan-activity;sid:83815364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952265)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/ps1.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952265/; classtype:trojan-activity;sid:83815365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952258)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/fesarog.txt"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952258/; classtype:trojan-activity;sid:83815358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952259)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/p.txt"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952259/; classtype:trojan-activity;sid:83815359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952260)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/n3.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952260/; classtype:trojan-activity;sid:83815360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952261)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/n3.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952261/; classtype:trojan-activity;sid:83815361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952262)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/p.txt"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952262/; classtype:trojan-activity;sid:83815362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952252)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/rcup3.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952252/; classtype:trojan-activity;sid:83815352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952253)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/ps1.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952253/; classtype:trojan-activity;sid:83815353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952254)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/n1.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952254/; classtype:trojan-activity;sid:83815354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952255)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/qx.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952255/; classtype:trojan-activity;sid:83815355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952256)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/qxx.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952256/; classtype:trojan-activity;sid:83815356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952257)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/r.txt"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952257/; classtype:trojan-activity;sid:83815357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952243)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/rcup.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952243/; classtype:trojan-activity;sid:83815343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952244)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/rr2.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952244/; classtype:trojan-activity;sid:83815344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952245)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/dx.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952245/; classtype:trojan-activity;sid:83815345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952246)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/qx.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952246/; classtype:trojan-activity;sid:83815346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952247)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/async.txt"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952247/; classtype:trojan-activity;sid:83815347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952248)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/dcr.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952248/; classtype:trojan-activity;sid:83815348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952249)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/ny1.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952249/; classtype:trojan-activity;sid:83815349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952250)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/fesarog.txt"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952250/; classtype:trojan-activity;sid:83815350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952251)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/rm.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952251/; classtype:trojan-activity;sid:83815351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952238)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/qxx.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952238/; classtype:trojan-activity;sid:83815338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952239)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/nx.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952239/; classtype:trojan-activity;sid:83815339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952240)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/zx2.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952240/; classtype:trojan-activity;sid:83815340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952241)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/q2.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952241/; classtype:trojan-activity;sid:83815341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952242)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/r1.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952242/; classtype:trojan-activity;sid:83815342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952234)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/ny0.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952234/; classtype:trojan-activity;sid:83815334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952235)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/rcup.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952235/; classtype:trojan-activity;sid:83815335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952236)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/n1.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952236/; classtype:trojan-activity;sid:83815336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952237)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/q2.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952237/; classtype:trojan-activity;sid:83815337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952231)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/rm.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952231/; classtype:trojan-activity;sid:83815331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952232)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/rmup.txt"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952232/; classtype:trojan-activity;sid:83815332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952233)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/pr.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952233/; classtype:trojan-activity;sid:83815333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952226)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/asx.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952226/; classtype:trojan-activity;sid:83815326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952227)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/dx.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952227/; classtype:trojan-activity;sid:83815327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952228)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/rup.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952228/; classtype:trojan-activity;sid:83815328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952229)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nc.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952229/; classtype:trojan-activity;sid:83815329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952230)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/rz.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952230/; classtype:trojan-activity;sid:83815330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952224)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/q7.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952224/; classtype:trojan-activity;sid:83815324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952225)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/asx.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952225/; classtype:trojan-activity;sid:83815325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952220)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/zqwer/pef3dir.txt"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952220/; classtype:trojan-activity;sid:83815320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952221)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/q1.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952221/; classtype:trojan-activity;sid:83815321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952222)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/rmz.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952222/; classtype:trojan-activity;sid:83815322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952218)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/q7.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952218/; classtype:trojan-activity;sid:83815318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952219)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/t3.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952219/; classtype:trojan-activity;sid:83815319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952215)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/wx1.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952215/; classtype:trojan-activity;sid:83815315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952216)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/t3.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952216/; classtype:trojan-activity;sid:83815316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952217)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/rmz.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952217/; classtype:trojan-activity;sid:83815317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952212)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/njz.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952212/; classtype:trojan-activity;sid:83815312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952213)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/q1.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952213/; classtype:trojan-activity;sid:83815313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952214)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/dcr.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952214/; classtype:trojan-activity;sid:83815314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952211)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/pr.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952211/; classtype:trojan-activity;sid:83815311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952209)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/zqwer/dllxf3.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952209/; classtype:trojan-activity;sid:83815309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952204)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/zx2.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952204/; classtype:trojan-activity;sid:83815304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952205)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/njx.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952205/; classtype:trojan-activity;sid:83815305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952206)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/njz.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952206/; classtype:trojan-activity;sid:83815306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952208)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/njx.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952208/; classtype:trojan-activity;sid:83815308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.96.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951995/; classtype:trojan-activity;sid:83815095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.96.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951966/; classtype:trojan-activity;sid:83815066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951763)"; flow:established,from_client; content:"GET"; http_method; content:"/igz.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.59.248.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951763/; classtype:trojan-activity;sid:83814863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951643)"; flow:established,from_client; content:"GET"; http_method; content:"/igz.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dhcp-206-248-59-5.metro86.ru"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951643/; classtype:trojan-activity;sid:83814743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951644)"; flow:established,from_client; content:"GET"; http_method; content:"/igz.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dhcp-206-248-59-5.metro86.ru"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951644/; classtype:trojan-activity;sid:83814744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951642)"; flow:established,from_client; content:"GET"; http_method; content:"/igz.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dhcp-206-248-59-5.metro86.ru"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951642/; classtype:trojan-activity;sid:83814742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951641)"; flow:established,from_client; content:"GET"; http_method; content:"/igz.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dhcp-206-248-59-5.metro86.ru"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951641/; classtype:trojan-activity;sid:83814741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951638)"; flow:established,from_client; content:"GET"; http_method; content:"/igz.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dhcp-206-248-59-5.metro86.ru"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951638/; classtype:trojan-activity;sid:83814738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951639)"; flow:established,from_client; content:"GET"; http_method; content:"/igz.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dhcp-206-248-59-5.metro86.ru"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951639/; classtype:trojan-activity;sid:83814739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951640)"; flow:established,from_client; content:"GET"; http_method; content:"/igz.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dhcp-206-248-59-5.metro86.ru"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951640/; classtype:trojan-activity;sid:83814740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951635)"; flow:established,from_client; content:"GET"; http_method; content:"/igz.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dhcp-206-248-59-5.metro86.ru"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951635/; classtype:trojan-activity;sid:83814735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951636)"; flow:established,from_client; content:"GET"; http_method; content:"/8usa.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dhcp-206-248-59-5.metro86.ru"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951636/; classtype:trojan-activity;sid:83814736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951637)"; flow:established,from_client; content:"GET"; http_method; content:"/igz.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dhcp-206-248-59-5.metro86.ru"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951637/; classtype:trojan-activity;sid:83814737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951556)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jade.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.59.248.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951556/; classtype:trojan-activity;sid:83814656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951549)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jade.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.59.248.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951549/; classtype:trojan-activity;sid:83814649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951550)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jade.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.59.248.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951550/; classtype:trojan-activity;sid:83814650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951551)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jade.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.59.248.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951551/; classtype:trojan-activity;sid:83814651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951552)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jade.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.59.248.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951552/; classtype:trojan-activity;sid:83814652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951553)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jade.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.59.248.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951553/; classtype:trojan-activity;sid:83814653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951554)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jade.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.59.248.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951554/; classtype:trojan-activity;sid:83814654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951555)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jade.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.59.248.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951555/; classtype:trojan-activity;sid:83814655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951546)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jade.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.59.248.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951546/; classtype:trojan-activity;sid:83814646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951547)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jade.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.59.248.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951547/; classtype:trojan-activity;sid:83814647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.46.44.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951421/; classtype:trojan-activity;sid:83814521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.46.44.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951393/; classtype:trojan-activity;sid:83814493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951272)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951272/; classtype:trojan-activity;sid:83814372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951273)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951273/; classtype:trojan-activity;sid:83814373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951274)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951274/; classtype:trojan-activity;sid:83814374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951275)"; flow:established,from_client; content:"GET"; http_method; content:"/i6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.121.112.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951275/; classtype:trojan-activity;sid:83814375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951276)"; flow:established,from_client; content:"GET"; http_method; content:"/i5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.121.112.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951276/; classtype:trojan-activity;sid:83814376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951266)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951266/; classtype:trojan-activity;sid:83814366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951267)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951267/; classtype:trojan-activity;sid:83814367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951268)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951268/; classtype:trojan-activity;sid:83814368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951269)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951269/; classtype:trojan-activity;sid:83814369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951270)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951270/; classtype:trojan-activity;sid:83814370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951271)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951271/; classtype:trojan-activity;sid:83814371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951168)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.180.130.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951168/; classtype:trojan-activity;sid:83814268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2950761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.132.36.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2950761/; classtype:trojan-activity;sid:83813861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2950732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.132.36.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2950732/; classtype:trojan-activity;sid:83813832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2950283)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2950283/; classtype:trojan-activity;sid:83813383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2950266)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2950266/; classtype:trojan-activity;sid:83813366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2950195)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.61.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2950195/; classtype:trojan-activity;sid:83813295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2950175)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1dw-ezm7o_wfctzz8fcnjwpag5oikf-xt"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2950175/; classtype:trojan-activity;sid:83813275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2950170)"; flow:established,from_client; content:"GET"; http_method; content:"/nokumtcne50.bin"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tmars.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2950170/; classtype:trojan-activity;sid:83813270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2950169)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1d-wca9siby574mvzkelwe3wwh0qsiuuk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2950169/; classtype:trojan-activity;sid:83813269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2950167)"; flow:established,from_client; content:"GET"; http_method; content:"/nokumtcne50.bin"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tmars.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2950167/; classtype:trojan-activity;sid:83813267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2950107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.132.36.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2950107/; classtype:trojan-activity;sid:83813207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2950105)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2950105/; classtype:trojan-activity;sid:83813205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949917)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.82.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949917/; classtype:trojan-activity;sid:83813017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.234.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949455/; classtype:trojan-activity;sid:83812555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.234.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949413/; classtype:trojan-activity;sid:83812513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949407)"; flow:established,from_client; content:"GET"; http_method; content:"/tan.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www999999safagqwhg-1327129302.cos.ap-chengdu.myqcloud.com"; http_host; depth:57; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949407/; classtype:trojan-activity;sid:83812507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949406)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.210.27.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949406/; classtype:trojan-activity;sid:83812506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949385)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1rsqnkyvcaein5m-gskl8coyuh8w5xrbd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949385/; classtype:trojan-activity;sid:83812485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949363)"; flow:established,from_client; content:"GET"; http_method; content:"/scyxhqci195.bin"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tmars.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949363/; classtype:trojan-activity;sid:83812463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949362)"; flow:established,from_client; content:"GET"; http_method; content:"/scyxhqci195.bin"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tmars.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949362/; classtype:trojan-activity;sid:83812462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949267)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/rodriakd-8413d.appspot.com/o/pe%2fp%20mio.txt|3f|alt=media|7c|26|7c|token=330330d6-cbd5-4a10-a95d-bb839b673423"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949267/; classtype:trojan-activity;sid:83812367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949265)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1mpo2w6zanpe_-zbjgplcpea3hmowavkm"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949265/; classtype:trojan-activity;sid:83812365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949235)"; flow:established,from_client; content:"GET"; http_method; content:"/mntlefdlfdoalck229.bin"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.237.86.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949235/; classtype:trojan-activity;sid:83812335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949230)"; flow:established,from_client; content:"GET"; http_method; content:"/myxobacteriaceous.snp"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.237.86.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949230/; classtype:trojan-activity;sid:83812330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949231)"; flow:established,from_client; content:"GET"; http_method; content:"/hitachi186.xtp"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.237.86.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949231/; classtype:trojan-activity;sid:83812331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949232)"; flow:established,from_client; content:"GET"; http_method; content:"/tdukdbgr180.bin"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.237.86.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949232/; classtype:trojan-activity;sid:83812332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949233)"; flow:established,from_client; content:"GET"; http_method; content:"/dirigo.pcx"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.237.86.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949233/; classtype:trojan-activity;sid:83812333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949229)"; flow:established,from_client; content:"GET"; http_method; content:"/dkjnufaxexw94.bin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.237.86.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949229/; classtype:trojan-activity;sid:83812329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949176)"; flow:established,from_client; content:"GET"; http_method; content:"/tan.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www999999asgasg-1327129302.cos.ap-chengdu.myqcloud.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949176/; classtype:trojan-activity;sid:83812276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949166)"; flow:established,from_client; content:"GET"; http_method; content:"/a.elf"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"107.172.234.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949166/; classtype:trojan-activity;sid:83812266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949163)"; flow:established,from_client; content:"GET"; http_method; content:"/miryp/gasgqw/downloads/ddmc.txt"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949163/; classtype:trojan-activity;sid:83812263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949158)"; flow:established,from_client; content:"GET"; http_method; content:"/hgdfhdfgd/test/downloads/new_image2.jpg|3f|14461721"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949158/; classtype:trojan-activity;sid:83812258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.246.235.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949069/; classtype:trojan-activity;sid:83812169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.246.235.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949038/; classtype:trojan-activity;sid:83812138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2948861)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.149.139.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2948861/; classtype:trojan-activity;sid:83811961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2948839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.180.130.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2948839/; classtype:trojan-activity;sid:83811939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2948552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.105.172.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2948552/; classtype:trojan-activity;sid:83811652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2948532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.105.172.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2948532/; classtype:trojan-activity;sid:83811632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2948508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.220.166.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2948508/; classtype:trojan-activity;sid:83811608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2948465)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jgvnke0-oihe5-iqu772j07jweadd8cq"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2948465/; classtype:trojan-activity;sid:83811565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2948459)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1xjytwrf1rsolsgkswyhu7kbggg9asbaz"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2948459/; classtype:trojan-activity;sid:83811559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2948421)"; flow:established,from_client; content:"GET"; http_method; content:"/fcgeqk229.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"white.carsmartag.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2948421/; classtype:trojan-activity;sid:83811521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2948404)"; flow:established,from_client; content:"GET"; http_method; content:"/distribute/.2"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.194.32.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2948404/; classtype:trojan-activity;sid:83811504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2948294)"; flow:established,from_client; content:"GET"; http_method; content:"/ptkxprhuugwvwvbwncctg164.bin"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"tmars.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2948294/; classtype:trojan-activity;sid:83811394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2948292)"; flow:established,from_client; content:"GET"; http_method; content:"/gaveafgifts.hhk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.237.86.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2948292/; classtype:trojan-activity;sid:83811392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2948291)"; flow:established,from_client; content:"GET"; http_method; content:"/kudumxclsgn143.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.237.86.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2948291/; classtype:trojan-activity;sid:83811391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2948289)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/2.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bades.co.tz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2948289/; classtype:trojan-activity;sid:83811389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2948222)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1tdc0chqeg5vcszu_xhie9bfwlvdsowra"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2948222/; classtype:trojan-activity;sid:83811322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2948122)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ijmhpwvvwh5vty_bunhlmm4vuqncbavl"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2948122/; classtype:trojan-activity;sid:83811222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2947817)"; flow:established,from_client; content:"GET"; http_method; content:"/svibelglasset.aca"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.237.86.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2947817/; classtype:trojan-activity;sid:83810917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2947818)"; flow:established,from_client; content:"GET"; http_method; content:"/jlnopkdrwldekwzrg240.bin"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.237.86.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2947818/; classtype:trojan-activity;sid:83810918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2947811)"; flow:established,from_client; content:"GET"; http_method; content:"/down/1qwbf4bsej2u.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"43.153.49.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2947811/; classtype:trojan-activity;sid:83810911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2947794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.248.194.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2947794/; classtype:trojan-activity;sid:83810894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2947795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.248.194.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2947795/; classtype:trojan-activity;sid:83810895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2947740)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.55.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2947740/; classtype:trojan-activity;sid:83810840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2947474)"; flow:established,from_client; content:"GET"; http_method; content:"/tech/200.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"fookonline.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2947474/; classtype:trojan-activity;sid:83810574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2947394)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.163.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2947394/; classtype:trojan-activity;sid:83810494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2946143)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=105fjezm0xcr8st4tqhremjggzkld2xw_"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2946143/; classtype:trojan-activity;sid:83809243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2946139)"; flow:established,from_client; content:"GET"; http_method; content:"/rd/ayddhu193.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"evoluxcontabilidade.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2946139/; classtype:trojan-activity;sid:83809239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2946141)"; flow:established,from_client; content:"GET"; http_method; content:"/rd/greenland.xtp"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"evoluxcontabilidade.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2946141/; classtype:trojan-activity;sid:83809241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2946131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.91.153.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2946131/; classtype:trojan-activity;sid:83809231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2946132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.247.206.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2946132/; classtype:trojan-activity;sid:83809232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2946096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.91.153.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2946096/; classtype:trojan-activity;sid:83809196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945969)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1vi1xsx54rcwqzgzvb-2oav9l9siqpaip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945969/; classtype:trojan-activity;sid:83809069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945942)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.148.120.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945942/; classtype:trojan-activity;sid:83809042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945935)"; flow:established,from_client; content:"GET"; http_method; content:"/tech/200.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"fookonline.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945935/; classtype:trojan-activity;sid:83809035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945936)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=11qhsna1hbygbdtbstnrv9vibk7ntjhpi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945936/; classtype:trojan-activity;sid:83809036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945932)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1x2ottjaqouharvqcgs-lsggzqijws0hv"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945932/; classtype:trojan-activity;sid:83809032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945933)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uqhwvmx2487zzfsem60otqi7j9mairnl"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945933/; classtype:trojan-activity;sid:83809033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945925)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945925/; classtype:trojan-activity;sid:83809025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945866)"; flow:established,from_client; content:"GET"; http_method; content:"/stjernemrket.mso"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.237.86.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945866/; classtype:trojan-activity;sid:83808966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945867)"; flow:established,from_client; content:"GET"; http_method; content:"/iwzingo13.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.237.86.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945867/; classtype:trojan-activity;sid:83808967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945863)"; flow:established,from_client; content:"GET"; http_method; content:"/stjjifsrtr152.bin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.237.86.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945863/; classtype:trojan-activity;sid:83808963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945864)"; flow:established,from_client; content:"GET"; http_method; content:"/epimacus.afm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.237.86.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945864/; classtype:trojan-activity;sid:83808964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945865)"; flow:established,from_client; content:"GET"; http_method; content:"/blnvjsmdhxnul181.bin"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.237.86.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945865/; classtype:trojan-activity;sid:83808965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945862)"; flow:established,from_client; content:"GET"; http_method; content:"/allylamine.cur"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.237.86.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945862/; classtype:trojan-activity;sid:83808962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945787)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1d71as2f80cm_fx4vfjzlpdeppf58dly0"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945787/; classtype:trojan-activity;sid:83808887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945742)"; flow:established,from_client; content:"GET"; http_method; content:"/yedek/bot.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"tspanel.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945742/; classtype:trojan-activity;sid:83808842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945723)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.51.126.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945723/; classtype:trojan-activity;sid:83808823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945714)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.51.126.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945714/; classtype:trojan-activity;sid:83808814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945688)"; flow:established,from_client; content:"GET"; http_method; content:"/igz.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.59.248.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945688/; classtype:trojan-activity;sid:83808788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945689)"; flow:established,from_client; content:"GET"; http_method; content:"/igz.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.59.248.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945689/; classtype:trojan-activity;sid:83808789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945684)"; flow:established,from_client; content:"GET"; http_method; content:"/igz.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.59.248.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945684/; classtype:trojan-activity;sid:83808784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945685)"; flow:established,from_client; content:"GET"; http_method; content:"/igz.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.59.248.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945685/; classtype:trojan-activity;sid:83808785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945686)"; flow:established,from_client; content:"GET"; http_method; content:"/igz.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.59.248.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945686/; classtype:trojan-activity;sid:83808786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945687)"; flow:established,from_client; content:"GET"; http_method; content:"/igz.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.59.248.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945687/; classtype:trojan-activity;sid:83808787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945681)"; flow:established,from_client; content:"GET"; http_method; content:"/igz.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.59.248.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945681/; classtype:trojan-activity;sid:83808781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945683)"; flow:established,from_client; content:"GET"; http_method; content:"/igz.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.59.248.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945683/; classtype:trojan-activity;sid:83808783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945649)"; flow:established,from_client; content:"GET"; http_method; content:"/39f75e7c42187827/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"176.123.5.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945649/; classtype:trojan-activity;sid:83808749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945642)"; flow:established,from_client; content:"GET"; http_method; content:"/dark8711/dark/main/xw.jpg"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945642/; classtype:trojan-activity;sid:83808742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945640)"; flow:established,from_client; content:"GET"; http_method; content:"/sdfsfew/abbas-ksdmspaod/downloads/r28juniosost.txt"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945640/; classtype:trojan-activity;sid:83808740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945630)"; flow:established,from_client; content:"GET"; http_method; content:"/wh/wh.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.almrwad.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945630/; classtype:trojan-activity;sid:83808730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945613)"; flow:established,from_client; content:"GET"; http_method; content:"/wh/wh.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"almrwad.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945613/; classtype:trojan-activity;sid:83808713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945587)"; flow:established,from_client; content:"GET"; http_method; content:"/wh/wh.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"almrwad.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945587/; classtype:trojan-activity;sid:83808687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945588)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=18hegse3o1_awwqlninxdgqmaqezmqqeu"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945588/; classtype:trojan-activity;sid:83808688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945582)"; flow:established,from_client; content:"GET"; http_method; content:"/wh/wh.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.almrwad.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945582/; classtype:trojan-activity;sid:83808682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945577)"; flow:established,from_client; content:"GET"; http_method; content:"/prototroch.emz"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.195.237.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945577/; classtype:trojan-activity;sid:83808677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945580)"; flow:established,from_client; content:"GET"; http_method; content:"/39f75e7c42187827/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.123.5.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945580/; classtype:trojan-activity;sid:83808680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945581)"; flow:established,from_client; content:"GET"; http_method; content:"/39f75e7c42187827/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"176.123.5.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945581/; classtype:trojan-activity;sid:83808681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945570)"; flow:established,from_client; content:"GET"; http_method; content:"/wh/subordinerendes78.smi"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"almrwad.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945570/; classtype:trojan-activity;sid:83808670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945571)"; flow:established,from_client; content:"GET"; http_method; content:"/gtovuxlna102.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.195.237.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945571/; classtype:trojan-activity;sid:83808671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945568)"; flow:established,from_client; content:"GET"; http_method; content:"/xfhpzefnhkob158.bin"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"white.carsmartag.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945568/; classtype:trojan-activity;sid:83808668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945569)"; flow:established,from_client; content:"GET"; http_method; content:"/22/items/new_image_20240628_1859/new_image.jpg"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ia903207.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945569/; classtype:trojan-activity;sid:83808669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945565)"; flow:established,from_client; content:"GET"; http_method; content:"/gtovuxlna102.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"milanaces.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945565/; classtype:trojan-activity;sid:83808665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945563)"; flow:established,from_client; content:"GET"; http_method; content:"/39f75e7c42187827/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"176.123.5.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945563/; classtype:trojan-activity;sid:83808663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945541)"; flow:established,from_client; content:"GET"; http_method; content:"/kamelens.xtp"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.195.237.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945541/; classtype:trojan-activity;sid:83808641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945542)"; flow:established,from_client; content:"GET"; http_method; content:"/wh/subordinerendes78.smi"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.almrwad.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945542/; classtype:trojan-activity;sid:83808642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945547)"; flow:established,from_client; content:"GET"; http_method; content:"/39f75e7c42187827/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"176.123.5.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945547/; classtype:trojan-activity;sid:83808647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945548)"; flow:established,from_client; content:"GET"; http_method; content:"/wh/subordinerendes78.smi"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"almrwad.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945548/; classtype:trojan-activity;sid:83808648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945549)"; flow:established,from_client; content:"GET"; http_method; content:"/dark831/top3/main/barbarossa.jpg"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945549/; classtype:trojan-activity;sid:83808649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945531)"; flow:established,from_client; content:"GET"; http_method; content:"/39f75e7c42187827/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.123.5.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945531/; classtype:trojan-activity;sid:83808631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945533)"; flow:established,from_client; content:"GET"; http_method; content:"/39f75e7c42187827/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.123.5.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945533/; classtype:trojan-activity;sid:83808633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945534)"; flow:established,from_client; content:"GET"; http_method; content:"/ktrl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.92.89.193"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945534/; classtype:trojan-activity;sid:83808634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.180.130.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945509/; classtype:trojan-activity;sid:83808609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2944651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"205.209.246.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2944651/; classtype:trojan-activity;sid:83807751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2944636)"; flow:established,from_client; content:"GET"; http_method; content:"/main.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1.92.89.193"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2944636/; classtype:trojan-activity;sid:83807736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2944629)"; flow:established,from_client; content:"GET"; http_method; content:"/result.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"1.92.89.193"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2944629/; classtype:trojan-activity;sid:83807729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2944631)"; flow:established,from_client; content:"GET"; http_method; content:"/persona.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"1.92.89.193"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2944631/; classtype:trojan-activity;sid:83807731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2944599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"205.209.246.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2944599/; classtype:trojan-activity;sid:83807699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2944494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.107.28.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2944494/; classtype:trojan-activity;sid:83807594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2944467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.107.28.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2944467/; classtype:trojan-activity;sid:83807567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2944339)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.71.61.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2944339/; classtype:trojan-activity;sid:83807439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2944309)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.237.38.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2944309/; classtype:trojan-activity;sid:83807409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2944285)"; flow:established,from_client; content:"GET"; http_method; content:"/jijilovedada/jijilovedada/main/tools/cc/adaptorovernight.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2944285/; classtype:trojan-activity;sid:83807385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2944279)"; flow:established,from_client; content:"GET"; http_method; content:"/psyzh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.111.174.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2944279/; classtype:trojan-activity;sid:83807379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2944119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.149.139.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2944119/; classtype:trojan-activity;sid:83807219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2944095)"; flow:established,from_client; content:"GET"; http_method; content:"/setup.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.208.158.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2944095/; classtype:trojan-activity;sid:83807195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2944017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.149.139.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2944017/; classtype:trojan-activity;sid:83807117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2943961)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/(3"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"39.101.205.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2943961/; classtype:trojan-activity;sid:83807061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2943960)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/t.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"39.101.205.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2943960/; classtype:trojan-activity;sid:83807060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2943959)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/1"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"39.101.205.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2943959/; classtype:trojan-activity;sid:83807059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2943958)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/2"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"39.101.205.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2943958/; classtype:trojan-activity;sid:83807058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2943955)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/cc"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"43.143.246.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2943955/; classtype:trojan-activity;sid:83807055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2943952)"; flow:established,from_client; content:"GET"; http_method; content:"/qq.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"129.204.230.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2943952/; classtype:trojan-activity;sid:83807052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2943953)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/sss.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"39.103.150.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2943953/; classtype:trojan-activity;sid:83807053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2943946)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/cab.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"45.152.67.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2943946/; classtype:trojan-activity;sid:83807046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2943523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.149.142.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2943523/; classtype:trojan-activity;sid:83806623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2943493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.149.142.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2943493/; classtype:trojan-activity;sid:83806593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2943263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.249.236.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2943263/; classtype:trojan-activity;sid:83806363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2943157)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.33.72.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2943157/; classtype:trojan-activity;sid:83806257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2943111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.249.236.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2943111/; classtype:trojan-activity;sid:83806211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942730)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/win"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"117.50.184.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942730/; classtype:trojan-activity;sid:83805830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942728)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/win"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"101.42.4.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942728/; classtype:trojan-activity;sid:83805828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942727)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/1.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942727/; classtype:trojan-activity;sid:83805827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942725)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download//1.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942725/; classtype:trojan-activity;sid:83805825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942721)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/shell"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"81.70.93.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942721/; classtype:trojan-activity;sid:83805821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942720)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/win"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"119.45.219.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942720/; classtype:trojan-activity;sid:83805820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942717)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/1.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"111.231.145.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942717/; classtype:trojan-activity;sid:83805817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942718)"; flow:established,from_client; content:"GET"; http_method; content:"/fucksupershell"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.88.186.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942718/; classtype:trojan-activity;sid:83805818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942716)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/win.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"74.48.60.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942716/; classtype:trojan-activity;sid:83805816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942715)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/tool"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"101.35.228.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942715/; classtype:trojan-activity;sid:83805815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942714)"; flow:established,from_client; content:"GET"; http_method; content:"/rssh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"222.88.186.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942714/; classtype:trojan-activity;sid:83805814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942694)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/123.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942694/; classtype:trojan-activity;sid:83805794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942693)"; flow:established,from_client; content:"GET"; http_method; content:"/lolminer.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"147.45.47.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942693/; classtype:trojan-activity;sid:83805793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942682)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/[win"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"47.98.188.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942682/; classtype:trojan-activity;sid:83805782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942673)"; flow:established,from_client; content:"GET"; http_method; content:"//shell.elf"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.96.128.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942673/; classtype:trojan-activity;sid:83805773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942671)"; flow:established,from_client; content:"GET"; http_method; content:"/gdb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.96.128.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942671/; classtype:trojan-activity;sid:83805771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942646)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/regedit.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"49.233.249.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942646/; classtype:trojan-activity;sid:83805746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942629)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download//win.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"74.48.60.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942629/; classtype:trojan-activity;sid:83805729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942621)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/360"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"74.48.45.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942621/; classtype:trojan-activity;sid:83805721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942595)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/windows_update.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"8.213.217.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942595/; classtype:trojan-activity;sid:83805695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942590)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/check.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"8.137.59.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942590/; classtype:trojan-activity;sid:83805690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942575)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/shell.elf"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"81.70.93.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942575/; classtype:trojan-activity;sid:83805675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942571)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/win.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"82.157.80.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942571/; classtype:trojan-activity;sid:83805671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942567)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/win"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"8.218.138.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942567/; classtype:trojan-activity;sid:83805667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942559)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/1.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.238.203.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942559/; classtype:trojan-activity;sid:83805659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942557)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/tool.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"101.35.228.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942557/; classtype:trojan-activity;sid:83805657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.71.61.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942529/; classtype:trojan-activity;sid:83805629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.71.61.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942504/; classtype:trojan-activity;sid:83805604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942403)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942403/; classtype:trojan-activity;sid:83805503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942222)"; flow:established,from_client; content:"GET"; http_method; content:"/936209e0a9383450/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"139.99.67.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942222/; classtype:trojan-activity;sid:83805322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942220)"; flow:established,from_client; content:"GET"; http_method; content:"/936209e0a9383450/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"139.99.67.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942220/; classtype:trojan-activity;sid:83805320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942221)"; flow:established,from_client; content:"GET"; http_method; content:"/936209e0a9383450/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"139.99.67.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942221/; classtype:trojan-activity;sid:83805321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942217)"; flow:established,from_client; content:"GET"; http_method; content:"/936209e0a9383450/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"139.99.67.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942217/; classtype:trojan-activity;sid:83805317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942218)"; flow:established,from_client; content:"GET"; http_method; content:"/936209e0a9383450/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"139.99.67.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942218/; classtype:trojan-activity;sid:83805318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942219)"; flow:established,from_client; content:"GET"; http_method; content:"/936209e0a9383450/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"139.99.67.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942219/; classtype:trojan-activity;sid:83805319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942216)"; flow:established,from_client; content:"GET"; http_method; content:"/936209e0a9383450/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"139.99.67.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942216/; classtype:trojan-activity;sid:83805316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942161)"; flow:established,from_client; content:"GET"; http_method; content:"/winring0x64.sys"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"147.45.47.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942161/; classtype:trojan-activity;sid:83805261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2941116)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.240.211.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_06; reference:url, urlhaus.abuse.ch/url/2941116/; classtype:trojan-activity;sid:83804216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2940502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.6.88.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_06; reference:url, urlhaus.abuse.ch/url/2940502/; classtype:trojan-activity;sid:83803602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2940472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.6.88.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_06; reference:url, urlhaus.abuse.ch/url/2940472/; classtype:trojan-activity;sid:83803572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2940455)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.54.98.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_06; reference:url, urlhaus.abuse.ch/url/2940455/; classtype:trojan-activity;sid:83803555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2940430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.236.238.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_06; reference:url, urlhaus.abuse.ch/url/2940430/; classtype:trojan-activity;sid:83803530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2940274)"; flow:established,from_client; content:"GET"; http_method; content:"/down/ugclemrahjnb.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"43.153.49.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_06; reference:url, urlhaus.abuse.ch/url/2940274/; classtype:trojan-activity;sid:83803374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2940163)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"caca.szcoolgame.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_06; reference:url, urlhaus.abuse.ch/url/2940163/; classtype:trojan-activity;sid:83803263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2939984)"; flow:established,from_client; content:"GET"; http_method; content:"/mn/bow.lzh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"almrwad.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_06; reference:url, urlhaus.abuse.ch/url/2939984/; classtype:trojan-activity;sid:83803084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2939953)"; flow:established,from_client; content:"GET"; http_method; content:"/mn/udliggers.hhk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"almrwad.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_06; reference:url, urlhaus.abuse.ch/url/2939953/; classtype:trojan-activity;sid:83803053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2938514)"; flow:established,from_client; content:"GET"; http_method; content:"/mn/udliggers.hhk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"almrwad.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_06; reference:url, urlhaus.abuse.ch/url/2938514/; classtype:trojan-activity;sid:83801614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2938396)"; flow:established,from_client; content:"GET"; http_method; content:"/mn/bow.lzh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.almrwad.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_06; reference:url, urlhaus.abuse.ch/url/2938396/; classtype:trojan-activity;sid:83801496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2937799)"; flow:established,from_client; content:"GET"; http_method; content:"/mn/udliggers.hhk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.almrwad.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_06; reference:url, urlhaus.abuse.ch/url/2937799/; classtype:trojan-activity;sid:83800899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2937796)"; flow:established,from_client; content:"GET"; http_method; content:"/mn/udliggers.hhk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.almrwad.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_06; reference:url, urlhaus.abuse.ch/url/2937796/; classtype:trojan-activity;sid:83800896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2937708)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1js_0klwabntwltixvmlzwimesfgs3lwk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_06; reference:url, urlhaus.abuse.ch/url/2937708/; classtype:trojan-activity;sid:83800808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2937485)"; flow:established,from_client; content:"GET"; http_method; content:"/hack"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"caca.szcoolgame.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_06; reference:url, urlhaus.abuse.ch/url/2937485/; classtype:trojan-activity;sid:83800585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2936908)"; flow:established,from_client; content:"GET"; http_method; content:"/cc.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"caca.szcoolgame.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_06; reference:url, urlhaus.abuse.ch/url/2936908/; classtype:trojan-activity;sid:83800008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2936549)"; flow:established,from_client; content:"GET"; http_method; content:"/mn/bow.lzh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"almrwad.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_06; reference:url, urlhaus.abuse.ch/url/2936549/; classtype:trojan-activity;sid:83799649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2936254)"; flow:established,from_client; content:"GET"; http_method; content:"/diamorphine-master.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"caca.szcoolgame.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_06; reference:url, urlhaus.abuse.ch/url/2936254/; classtype:trojan-activity;sid:83799354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2936178)"; flow:established,from_client; content:"GET"; http_method; content:"/mn/bow.lzh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.almrwad.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_06; reference:url, urlhaus.abuse.ch/url/2936178/; classtype:trojan-activity;sid:83799278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2935860)"; flow:established,from_client; content:"GET"; http_method; content:"/c.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"212.70.149.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_06; reference:url, urlhaus.abuse.ch/url/2935860/; classtype:trojan-activity;sid:83798960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2935365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.240.211.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_06; reference:url, urlhaus.abuse.ch/url/2935365/; classtype:trojan-activity;sid:83798465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2935358)"; flow:established,from_client; content:"GET"; http_method; content:"/igz.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.59.248.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_06; reference:url, urlhaus.abuse.ch/url/2935358/; classtype:trojan-activity;sid:83798458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2935338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.240.211.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_06; reference:url, urlhaus.abuse.ch/url/2935338/; classtype:trojan-activity;sid:83798438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2935117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.236.238.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2935117/; classtype:trojan-activity;sid:83798217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934823)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/000.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934823/; classtype:trojan-activity;sid:83797923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934824)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/trojan.malpack.themida%20(anti%20vm).exe"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934824/; classtype:trojan-activity;sid:83797924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934818)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/jigsaw.exe"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934818/; classtype:trojan-activity;sid:83797918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934819)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/freeyoutubedownloader.exe"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934819/; classtype:trojan-activity;sid:83797919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934820)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/memz.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934820/; classtype:trojan-activity;sid:83797920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934821)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/noescape.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934821/; classtype:trojan-activity;sid:83797921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934822)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/destover.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934822/; classtype:trojan-activity;sid:83797922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934816)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/meredrop.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934816/; classtype:trojan-activity;sid:83797916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934817)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/redlinestealer.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934817/; classtype:trojan-activity;sid:83797917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934811)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/hive%20ransomware.exe"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934811/; classtype:trojan-activity;sid:83797911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934812)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/wannacry.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934812/; classtype:trojan-activity;sid:83797912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934813)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/nomoreransom.exe"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934813/; classtype:trojan-activity;sid:83797913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934808)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/petya.a.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934808/; classtype:trojan-activity;sid:83797908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934809)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/cryptowall.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934809/; classtype:trojan-activity;sid:83797909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934810)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/infinitycrypt.exe"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934810/; classtype:trojan-activity;sid:83797910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934805)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/coronavirus.exe"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934805/; classtype:trojan-activity;sid:83797905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934607)"; flow:established,from_client; content:"GET"; http_method; content:"/down/0gpthy6iszbt.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"43.153.49.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934607/; classtype:trojan-activity;sid:83797707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934393)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.179.194.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934393/; classtype:trojan-activity;sid:83797493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934145)"; flow:established,from_client; content:"GET"; http_method; content:"/dbg"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.59.248.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934145/; classtype:trojan-activity;sid:83797245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934134)"; flow:established,from_client; content:"GET"; http_method; content:"/dbg"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"dhcp-206-248-59-5.metro86.ru"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934134/; classtype:trojan-activity;sid:83797234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2933699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.239.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2933699/; classtype:trojan-activity;sid:83796799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2933621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.239.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2933621/; classtype:trojan-activity;sid:83796721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2933616)"; flow:established,from_client; content:"GET"; http_method; content:"/1.04.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.25.147.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2933616/; classtype:trojan-activity;sid:83796716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2933617)"; flow:established,from_client; content:"GET"; http_method; content:"/1.0.0.2.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"27.25.147.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2933617/; classtype:trojan-activity;sid:83796717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2933615)"; flow:established,from_client; content:"GET"; http_method; content:"/1.03.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.25.147.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2933615/; classtype:trojan-activity;sid:83796715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2933613)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%96%87%e4%bb%b6%e7%89%b9%e5%be%81%e6%91%98%e8%a6%81%e5%88%97%e8%a1%a8%e7%94%9f%e6%88%90.exe"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"27.25.147.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2933613/; classtype:trojan-activity;sid:83796713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2933614)"; flow:established,from_client; content:"GET"; http_method; content:"/r2%e7%99%bb%e5%bd%95%e5%99%a8%e5%88%b6%e4%bd%9c%e5%b7%a5%e5%85%b7%ef%bc%88%e5%b8%a6%e6%9b%b4%e6%96%b0%ef%bc%8c%e5%8f%8d%e5%a4%96%e6%8c%82%ef%bc%8c%e7%ae%80%e7%ba%a6%e7%9a%ae%e8%82%a4%ef%bc%89.exe"; http_uri; depth:196; isdataat:!1,relative; nocase; content:"27.25.147.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2933614/; classtype:trojan-activity;sid:83796714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2933611)"; flow:established,from_client; content:"GET"; http_method; content:"/vf.dll"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.25.147.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2933611/; classtype:trojan-activity;sid:83796711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2933536)"; flow:established,from_client; content:"GET"; http_method; content:"/offic%e8%a1%a8%e6%a0%bcluck.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"ysdjsrf.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2933536/; classtype:trojan-activity;sid:83796636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2933490)"; flow:established,from_client; content:"GET"; http_method; content:"/scraich.aaf"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.237.86.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2933490/; classtype:trojan-activity;sid:83796590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2933487)"; flow:established,from_client; content:"GET"; http_method; content:"/hshtcq138.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.237.86.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2933487/; classtype:trojan-activity;sid:83796587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2933488)"; flow:established,from_client; content:"GET"; http_method; content:"/uncloudedness121.psd"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.237.86.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2933488/; classtype:trojan-activity;sid:83796588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2933489)"; flow:established,from_client; content:"GET"; http_method; content:"/acidizes.mso"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.237.86.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2933489/; classtype:trojan-activity;sid:83796589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2933486)"; flow:established,from_client; content:"GET"; http_method; content:"/mtyozjdm72.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.237.86.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2933486/; classtype:trojan-activity;sid:83796586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2933406)"; flow:established,from_client; content:"GET"; http_method; content:"/base64.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"192.3.216.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2933406/; classtype:trojan-activity;sid:83796506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2933343)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic1.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"mussangroup.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2933343/; classtype:trojan-activity;sid:83796443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2933117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.163.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2933117/; classtype:trojan-activity;sid:83796217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932531)"; flow:established,from_client; content:"GET"; http_method; content:"/ngrok.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"177.155.215.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932531/; classtype:trojan-activity;sid:83795631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932525)"; flow:established,from_client; content:"GET"; http_method; content:"/fotonview.apk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932525/; classtype:trojan-activity;sid:83795625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932526)"; flow:established,from_client; content:"GET"; http_method; content:"/!!%20delete%20!!/apk/fiskal.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932526/; classtype:trojan-activity;sid:83795626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932524)"; flow:established,from_client; content:"GET"; http_method; content:"/evaluation.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932524/; classtype:trojan-activity;sid:83795624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932523)"; flow:established,from_client; content:"GET"; http_method; content:"/cameracomponent.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932523/; classtype:trojan-activity;sid:83795623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932522)"; flow:established,from_client; content:"GET"; http_method; content:"/kuwaitsetuphockey.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932522/; classtype:trojan-activity;sid:83795622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932521)"; flow:established,from_client; content:"GET"; http_method; content:"/officialsevaluationold.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932521/; classtype:trojan-activity;sid:83795621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932520)"; flow:established,from_client; content:"GET"; http_method; content:"/srbijasetuphokej.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932520/; classtype:trojan-activity;sid:83795620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932466)"; flow:established,from_client; content:"GET"; http_method; content:"/64.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.108.60.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932466/; classtype:trojan-activity;sid:83795566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932462)"; flow:established,from_client; content:"GET"; http_method; content:"/hooks.jpg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"hook.ftp21.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932462/; classtype:trojan-activity;sid:83795562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932461)"; flow:established,from_client; content:"GET"; http_method; content:"/mpmgsvc.jpg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"hook.ftp21.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932461/; classtype:trojan-activity;sid:83795561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932460)"; flow:established,from_client; content:"GET"; http_method; content:"/445.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"down.ftp21.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932460/; classtype:trojan-activity;sid:83795560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.101.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932338/; classtype:trojan-activity;sid:83795438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2931191)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"205.185.124.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2931191/; classtype:trojan-activity;sid:83794291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2929644)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"205.185.124.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2929644/; classtype:trojan-activity;sid:83792744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2928956)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"205.185.124.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2928956/; classtype:trojan-activity;sid:83792056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2927261)"; flow:established,from_client; content:"GET"; http_method; content:"/rgcyem139.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.237.86.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2927261/; classtype:trojan-activity;sid:83790361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2926341)"; flow:established,from_client; content:"GET"; http_method; content:"/pyemia.prx"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.237.86.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2926341/; classtype:trojan-activity;sid:83789441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2923982)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic4.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"mussangroup.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2923982/; classtype:trojan-activity;sid:83787082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2923981)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic2.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"mussangroup.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2923981/; classtype:trojan-activity;sid:83787081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2922516)"; flow:established,from_client; content:"GET"; http_method; content:"/obdaiofi.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"92.204.170.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2922516/; classtype:trojan-activity;sid:83785616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2922517)"; flow:established,from_client; content:"GET"; http_method; content:"/ktcweovz.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"92.204.170.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2922517/; classtype:trojan-activity;sid:83785617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2922320)"; flow:established,from_client; content:"GET"; http_method; content:"/lazagne.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2922320/; classtype:trojan-activity;sid:83785420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2922317)"; flow:established,from_client; content:"GET"; http_method; content:"/deathransom_1.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"89.197.154.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2922317/; classtype:trojan-activity;sid:83785417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2922235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.163.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2922235/; classtype:trojan-activity;sid:83785335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2922233)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.201.148.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2922233/; classtype:trojan-activity;sid:83785333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2921858)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.15.254.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2921858/; classtype:trojan-activity;sid:83784958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2921372)"; flow:established,from_client; content:"GET"; http_method; content:"/htaxlsxfoldrs.txt"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"192.3.64.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_03; reference:url, urlhaus.abuse.ch/url/2921372/; classtype:trojan-activity;sid:83784472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2921243)"; flow:established,from_client; content:"GET"; http_method; content:"/okeydookietrational.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"192.3.64.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_03; reference:url, urlhaus.abuse.ch/url/2921243/; classtype:trojan-activity;sid:83784343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2921232)"; flow:established,from_client; content:"GET"; http_method; content:"/madamwebbbbbbbas6444.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"198.46.178.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_03; reference:url, urlhaus.abuse.ch/url/2921232/; classtype:trojan-activity;sid:83784332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2921215)"; flow:established,from_client; content:"GET"; http_method; content:"/adrtest.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.42.55.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_03; reference:url, urlhaus.abuse.ch/url/2921215/; classtype:trojan-activity;sid:83784315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2921210)"; flow:established,from_client; content:"GET"; http_method; content:"/data/a.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"129.151.210.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_03; reference:url, urlhaus.abuse.ch/url/2921210/; classtype:trojan-activity;sid:83784310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2921134)"; flow:established,from_client; content:"GET"; http_method; content:"/evengiecache.hta"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"198.46.178.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_03; reference:url, urlhaus.abuse.ch/url/2921134/; classtype:trojan-activity;sid:83784234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2921123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.6.76.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_03; reference:url, urlhaus.abuse.ch/url/2921123/; classtype:trojan-activity;sid:83784223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2920845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.6.76.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_03; reference:url, urlhaus.abuse.ch/url/2920845/; classtype:trojan-activity;sid:83783945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2920390)"; flow:established,from_client; content:"GET"; http_method; content:"/magnetiseringerne.sea"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.195.237.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_03; reference:url, urlhaus.abuse.ch/url/2920390/; classtype:trojan-activity;sid:83783490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2920225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.189.103.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_03; reference:url, urlhaus.abuse.ch/url/2920225/; classtype:trojan-activity;sid:83783325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2920090)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=16c6v-drp1lkrsjwem7dh7eidsn61_1xl"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_03; reference:url, urlhaus.abuse.ch/url/2920090/; classtype:trojan-activity;sid:83783190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2920084)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1vsur0eqtbms6bvnqcsfo8rxzvp3vfqnd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_03; reference:url, urlhaus.abuse.ch/url/2920084/; classtype:trojan-activity;sid:83783184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2920071)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yzeorlwdwke15en4v7t0ymp96mb-kluq"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_03; reference:url, urlhaus.abuse.ch/url/2920071/; classtype:trojan-activity;sid:83783171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2920070)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nswywj8clchrca8qfprulk146knvbj_z"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_03; reference:url, urlhaus.abuse.ch/url/2920070/; classtype:trojan-activity;sid:83783170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2920067)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1x7znle2rmcofu1ki717cjcnxfgpw2whl"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_03; reference:url, urlhaus.abuse.ch/url/2920067/; classtype:trojan-activity;sid:83783167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2920063)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ktbjyxwsalf73tp79ejtexdnkcogv_e4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_03; reference:url, urlhaus.abuse.ch/url/2920063/; classtype:trojan-activity;sid:83783163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2919902)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.37.129.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_03; reference:url, urlhaus.abuse.ch/url/2919902/; classtype:trojan-activity;sid:83783002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2919857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.193.144.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_03; reference:url, urlhaus.abuse.ch/url/2919857/; classtype:trojan-activity;sid:83782957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2919829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.193.144.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_03; reference:url, urlhaus.abuse.ch/url/2919829/; classtype:trojan-activity;sid:83782929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2919764)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.11.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_03; reference:url, urlhaus.abuse.ch/url/2919764/; classtype:trojan-activity;sid:83782864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2919566)"; flow:established,from_client; content:"GET"; http_method; content:"/avastavv.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"avastcsw.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_03; reference:url, urlhaus.abuse.ch/url/2919566/; classtype:trojan-activity;sid:83782666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2919564)"; flow:established,from_client; content:"GET"; http_method; content:"/avastavv.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"avastsf.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_03; reference:url, urlhaus.abuse.ch/url/2919564/; classtype:trojan-activity;sid:83782664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2919070)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.215.202.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_03; reference:url, urlhaus.abuse.ch/url/2919070/; classtype:trojan-activity;sid:83782170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2918827)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2918827/; classtype:trojan-activity;sid:83781927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2918710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.230.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2918710/; classtype:trojan-activity;sid:83781810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2918527)"; flow:established,from_client; content:"GET"; http_method; content:"/386"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"108.174.58.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2918527/; classtype:trojan-activity;sid:83781627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2918526)"; flow:established,from_client; content:"GET"; http_method; content:"/amd64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"108.174.58.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2918526/; classtype:trojan-activity;sid:83781626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2918499)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"108.174.58.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2918499/; classtype:trojan-activity;sid:83781599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2918498)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.196.9.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2918498/; classtype:trojan-activity;sid:83781598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2918490)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"108.174.58.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2918490/; classtype:trojan-activity;sid:83781590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2918491)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"108.174.58.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2918491/; classtype:trojan-activity;sid:83781591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2918492)"; flow:established,from_client; content:"GET"; http_method; content:"/mips64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"108.174.58.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2918492/; classtype:trojan-activity;sid:83781592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2918493)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"108.174.58.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2918493/; classtype:trojan-activity;sid:83781593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2918494)"; flow:established,from_client; content:"GET"; http_method; content:"/mips64el"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"108.174.58.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2918494/; classtype:trojan-activity;sid:83781594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2918497)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"108.174.58.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2918497/; classtype:trojan-activity;sid:83781597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2918481)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"108.174.58.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2918481/; classtype:trojan-activity;sid:83781581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2918473)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.196.9.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2918473/; classtype:trojan-activity;sid:83781573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2918467)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.196.9.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2918467/; classtype:trojan-activity;sid:83781567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2918465)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.196.9.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2918465/; classtype:trojan-activity;sid:83781565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2918466)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.196.9.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2918466/; classtype:trojan-activity;sid:83781566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2918460)"; flow:established,from_client; content:"GET"; http_method; content:"/execute_and_cleanup.sh"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"108.174.58.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2918460/; classtype:trojan-activity;sid:83781560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2918456)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.196.9.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2918456/; classtype:trojan-activity;sid:83781556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2918457)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.196.9.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2918457/; classtype:trojan-activity;sid:83781557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2918452)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.196.9.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2918452/; classtype:trojan-activity;sid:83781552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2918453)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.196.9.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2918453/; classtype:trojan-activity;sid:83781553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2918454)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.196.9.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2918454/; classtype:trojan-activity;sid:83781554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2918455)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.196.9.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2918455/; classtype:trojan-activity;sid:83781555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2918205)"; flow:established,from_client; content:"GET"; http_method; content:"/cdnusa/invoiceupsstage"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"nebulaquestcorporation.cc"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2918205/; classtype:trojan-activity;sid:83781305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2918207)"; flow:established,from_client; content:"GET"; http_method; content:"/update/invoice_past"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"scratchedcards.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2918207/; classtype:trojan-activity;sid:83781307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2918208)"; flow:established,from_client; content:"GET"; http_method; content:"/binary/scrscrscr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"scratchedcards.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2918208/; classtype:trojan-activity;sid:83781308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2917756)"; flow:established,from_client; content:"GET"; http_method; content:"/qjqdh201.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.195.237.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2917756/; classtype:trojan-activity;sid:83780856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2917755)"; flow:established,from_client; content:"GET"; http_method; content:"/sfryerieexomutejeaq228.bin"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"103.195.237.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2917755/; classtype:trojan-activity;sid:83780855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2917751)"; flow:established,from_client; content:"GET"; http_method; content:"/aarsberetnings.jpb"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.195.237.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2917751/; classtype:trojan-activity;sid:83780851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2917752)"; flow:established,from_client; content:"GET"; http_method; content:"/nyet.qxd"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.195.237.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2917752/; classtype:trojan-activity;sid:83780852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2917753)"; flow:established,from_client; content:"GET"; http_method; content:"/micromeritic.emz"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.195.237.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2917753/; classtype:trojan-activity;sid:83780853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2917754)"; flow:established,from_client; content:"GET"; http_method; content:"/outgassed.emz"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.195.237.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2917754/; classtype:trojan-activity;sid:83780854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2917679)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/xhthjkifvacjtpy7t1tkw/cheatrun_ue.zip|3f|rlkey=43mau4b0oc0kdil7umfheckw0|7c|26|7c|st=7ze80qza|7c|26|7c|dl=0"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2917679/; classtype:trojan-activity;sid:83780779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2917510)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.23.169.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2917510/; classtype:trojan-activity;sid:83780610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916766)"; flow:established,from_client; content:"GET"; http_method; content:"/hgdfhdfgd/test/downloads/ingdmbd.txt"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916766/; classtype:trojan-activity;sid:83779866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916763)"; flow:established,from_client; content:"GET"; http_method; content:"/hgdfhdfgd/test/downloads/new_image2.jpg"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916763/; classtype:trojan-activity;sid:83779863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916749)"; flow:established,from_client; content:"GET"; http_method; content:"/nedslagnings.dwp"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"contemega.com.do"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916749/; classtype:trojan-activity;sid:83779849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916740)"; flow:established,from_client; content:"GET"; http_method; content:"/zpwwf47.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"contemega.com.do"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916740/; classtype:trojan-activity;sid:83779840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916737)"; flow:established,from_client; content:"GET"; http_method; content:"/sdfsfew/remcos/downloads/28.txt"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916737/; classtype:trojan-activity;sid:83779837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916734)"; flow:established,from_client; content:"GET"; http_method; content:"/sdfsfew/remcos/downloads/27.txt"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916734/; classtype:trojan-activity;sid:83779834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916735)"; flow:established,from_client; content:"GET"; http_method; content:"/sdfsfew/remcos/downloads/26.txt"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916735/; classtype:trojan-activity;sid:83779835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916736)"; flow:established,from_client; content:"GET"; http_method; content:"/sdfsfew/remcos/downloads/25.txt"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916736/; classtype:trojan-activity;sid:83779836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916727)"; flow:established,from_client; content:"GET"; http_method; content:"/new/new/mvbkq170.bin"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"contemega.com.do"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916727/; classtype:trojan-activity;sid:83779827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916726)"; flow:established,from_client; content:"GET"; http_method; content:"/new/new/pustene.lpk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"contemega.com.do"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916726/; classtype:trojan-activity;sid:83779826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916588)"; flow:established,from_client; content:"GET"; http_method; content:"/arm|3f|ddos"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.148.120.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916588/; classtype:trojan-activity;sid:83779688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916585)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel|3f|ddos"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.148.120.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916585/; classtype:trojan-activity;sid:83779685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916581)"; flow:established,from_client; content:"GET"; http_method; content:"/mips|3f|ddos"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.148.120.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916581/; classtype:trojan-activity;sid:83779681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916341)"; flow:established,from_client; content:"GET"; http_method; content:"/can/cantruck"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"scratchedcards.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916341/; classtype:trojan-activity;sid:83779441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916319)"; flow:established,from_client; content:"GET"; http_method; content:"/can/ihbhxxqf.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"scratchedcards.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916319/; classtype:trojan-activity;sid:83779419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916249)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.38.18.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916249/; classtype:trojan-activity;sid:83779349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916190)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.powerpc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916190/; classtype:trojan-activity;sid:83779290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916187)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916187/; classtype:trojan-activity;sid:83779287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916188)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916188/; classtype:trojan-activity;sid:83779288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916189)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916189/; classtype:trojan-activity;sid:83779289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916180)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.sparc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916180/; classtype:trojan-activity;sid:83779280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916181)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.mipsel"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916181/; classtype:trojan-activity;sid:83779281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916182)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916182/; classtype:trojan-activity;sid:83779282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916183)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916183/; classtype:trojan-activity;sid:83779283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916184)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916184/; classtype:trojan-activity;sid:83779284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916185)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916185/; classtype:trojan-activity;sid:83779285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916127)"; flow:established,from_client; content:"GET"; http_method; content:"/july/tethjwjvc141.bin"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"evoluxcontabilidade.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916127/; classtype:trojan-activity;sid:83779227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916128)"; flow:established,from_client; content:"GET"; http_method; content:"/july/tekstlsnings118.java"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"evoluxcontabilidade.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916128/; classtype:trojan-activity;sid:83779228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916125)"; flow:established,from_client; content:"GET"; http_method; content:"/new/new/reificering.fla"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"contemega.com.do"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916125/; classtype:trojan-activity;sid:83779225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916122)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=18s4yootwkyvfb1r2yuaisjgn1btht30d"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916122/; classtype:trojan-activity;sid:83779222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916107)"; flow:established,from_client; content:"GET"; http_method; content:"/upjmjxcuf244.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.195.237.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916107/; classtype:trojan-activity;sid:83779207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916108)"; flow:established,from_client; content:"GET"; http_method; content:"/wrongdoings193.pcx"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.195.237.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916108/; classtype:trojan-activity;sid:83779208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916093)"; flow:established,from_client; content:"GET"; http_method; content:"/mpmgsvc.jpg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"211.108.60.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916093/; classtype:trojan-activity;sid:83779193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916089)"; flow:established,from_client; content:"GET"; http_method; content:"/controlfirebase65.txt"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"managermagnetcccccmango.duckdns.org"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916089/; classtype:trojan-activity;sid:83779189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916088)"; flow:established,from_client; content:"GET"; http_method; content:"/baze644444444444444444444444.txt"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"managermagnetcccccmango.duckdns.org"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916088/; classtype:trojan-activity;sid:83779188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2915763)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sparc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"37.156.29.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2915763/; classtype:trojan-activity;sid:83778863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2915764)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"37.156.29.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2915764/; classtype:trojan-activity;sid:83778864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2915688)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"37.156.29.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2915688/; classtype:trojan-activity;sid:83778788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2915685)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"37.156.29.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2915685/; classtype:trojan-activity;sid:83778785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2915686)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"37.156.29.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2915686/; classtype:trojan-activity;sid:83778786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2915687)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"37.156.29.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2915687/; classtype:trojan-activity;sid:83778787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2915673)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"37.156.29.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2915673/; classtype:trojan-activity;sid:83778773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2915674)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"37.156.29.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2915674/; classtype:trojan-activity;sid:83778774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2915134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.201.156.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_30; reference:url, urlhaus.abuse.ch/url/2915134/; classtype:trojan-activity;sid:83778234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2915098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.201.156.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_30; reference:url, urlhaus.abuse.ch/url/2915098/; classtype:trojan-activity;sid:83778198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2915017)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.193.144.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_30; reference:url, urlhaus.abuse.ch/url/2915017/; classtype:trojan-activity;sid:83778117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2914932)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.102.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_30; reference:url, urlhaus.abuse.ch/url/2914932/; classtype:trojan-activity;sid:83778032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2914682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.101.248.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_30; reference:url, urlhaus.abuse.ch/url/2914682/; classtype:trojan-activity;sid:83777782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2914668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.101.248.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_30; reference:url, urlhaus.abuse.ch/url/2914668/; classtype:trojan-activity;sid:83777768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2914055)"; flow:established,from_client; content:"GET"; http_method; content:"/tq.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"down.ftp21.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_30; reference:url, urlhaus.abuse.ch/url/2914055/; classtype:trojan-activity;sid:83777155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2914056)"; flow:established,from_client; content:"GET"; http_method; content:"/wmi.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"down.ftp21.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_30; reference:url, urlhaus.abuse.ch/url/2914056/; classtype:trojan-activity;sid:83777156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2914041)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"60.246.106.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_30; reference:url, urlhaus.abuse.ch/url/2914041/; classtype:trojan-activity;sid:83777141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2912838)"; flow:established,from_client; content:"GET"; http_method; content:"/asec.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_29; reference:url, urlhaus.abuse.ch/url/2912838/; classtype:trojan-activity;sid:83775938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2912668)"; flow:established,from_client; content:"GET"; http_method; content:"/finansloves203.mix"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.195.237.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_29; reference:url, urlhaus.abuse.ch/url/2912668/; classtype:trojan-activity;sid:83775768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2912453)"; flow:established,from_client; content:"GET"; http_method; content:"/avastavv.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"avastcsw.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_29; reference:url, urlhaus.abuse.ch/url/2912453/; classtype:trojan-activity;sid:83775553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2912454)"; flow:established,from_client; content:"GET"; http_method; content:"/avastavv.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"avastsf.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_29; reference:url, urlhaus.abuse.ch/url/2912454/; classtype:trojan-activity;sid:83775554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911702)"; flow:established,from_client; content:"GET"; http_method; content:"/anydesk.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"avast-antivirusdownload.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911702/; classtype:trojan-activity;sid:83774802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911701)"; flow:established,from_client; content:"GET"; http_method; content:"/anydesk.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"avast-antivirus.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911701/; classtype:trojan-activity;sid:83774801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911611)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"174.63.112.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911611/; classtype:trojan-activity;sid:83774711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911609)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.138.90.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911609/; classtype:trojan-activity;sid:83774709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911365)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.botnet123.cc"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911365/; classtype:trojan-activity;sid:83774465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911362)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.botnet123.cc"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911362/; classtype:trojan-activity;sid:83774462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911363)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.botnet123.cc"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911363/; classtype:trojan-activity;sid:83774463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911356)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.botnet123.cc"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911356/; classtype:trojan-activity;sid:83774456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911357)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.botnet123.cc"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911357/; classtype:trojan-activity;sid:83774457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911358)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.botnet123.cc"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911358/; classtype:trojan-activity;sid:83774458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911353)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.botnet123.cc"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911353/; classtype:trojan-activity;sid:83774453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911354)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.botnet123.cc"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911354/; classtype:trojan-activity;sid:83774454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911355)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.botnet123.cc"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911355/; classtype:trojan-activity;sid:83774455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911350)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.botnet123.cc"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911350/; classtype:trojan-activity;sid:83774450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911351)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.botnet123.cc"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911351/; classtype:trojan-activity;sid:83774451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911245)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"data.discuz.mobi"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911245/; classtype:trojan-activity;sid:83774345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911225)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.231.82.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911225/; classtype:trojan-activity;sid:83774325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911222)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.3.78.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911222/; classtype:trojan-activity;sid:83774322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911219)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911219/; classtype:trojan-activity;sid:83774319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911217)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911217/; classtype:trojan-activity;sid:83774317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911215)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911215/; classtype:trojan-activity;sid:83774315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911216)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.51.16.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911216/; classtype:trojan-activity;sid:83774316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911212)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.185.193.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911212/; classtype:trojan-activity;sid:83774312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911211)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.250.120.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911211/; classtype:trojan-activity;sid:83774311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911208)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.60.25.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911208/; classtype:trojan-activity;sid:83774308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911205)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.160.129.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911205/; classtype:trojan-activity;sid:83774305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911204)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5-157-110-232.dyn.eolo.it"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911204/; classtype:trojan-activity;sid:83774304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911202)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.26.97.52"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911202/; classtype:trojan-activity;sid:83774302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911203)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"170.250.53.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911203/; classtype:trojan-activity;sid:83774303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911200)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.45.165.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911200/; classtype:trojan-activity;sid:83774300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911199)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"184.148.5.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911199/; classtype:trojan-activity;sid:83774299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911198)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"34.red-88-28-217.staticip.rima-tde.net"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911198/; classtype:trojan-activity;sid:83774298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911194)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"195.103.203.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911194/; classtype:trojan-activity;sid:83774294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911191)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"88.28.218.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911191/; classtype:trojan-activity;sid:83774291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911187)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"102.53.15.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911187/; classtype:trojan-activity;sid:83774287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911184)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"126.23.203.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911184/; classtype:trojan-activity;sid:83774284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911182)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.143.54.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911182/; classtype:trojan-activity;sid:83774282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911179)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"59.29.46.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911179/; classtype:trojan-activity;sid:83774279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911175)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.140.77.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911175/; classtype:trojan-activity;sid:83774275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911170)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.142.27.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911170/; classtype:trojan-activity;sid:83774270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911167)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.115.102.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911167/; classtype:trojan-activity;sid:83774267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911163)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"184.151.249.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911163/; classtype:trojan-activity;sid:83774263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911165)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.9.26.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911165/; classtype:trojan-activity;sid:83774265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911166)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.22.139.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911166/; classtype:trojan-activity;sid:83774266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911154)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"95.255.114.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911154/; classtype:trojan-activity;sid:83774254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911157)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.157.110.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911157/; classtype:trojan-activity;sid:83774257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911159)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.190.171.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911159/; classtype:trojan-activity;sid:83774259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911160)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"181.36.153.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911160/; classtype:trojan-activity;sid:83774260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911150)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.215.253.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911150/; classtype:trojan-activity;sid:83774250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911149)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.46.23.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911149/; classtype:trojan-activity;sid:83774249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911148)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.214.192.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911148/; classtype:trojan-activity;sid:83774248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911145)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.50.52.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911145/; classtype:trojan-activity;sid:83774245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911141)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.147.147.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911141/; classtype:trojan-activity;sid:83774241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911140)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.31.159.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911140/; classtype:trojan-activity;sid:83774240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911138)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.117.27.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911138/; classtype:trojan-activity;sid:83774238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911137)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.229.251.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911137/; classtype:trojan-activity;sid:83774237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911134)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.103.73.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911134/; classtype:trojan-activity;sid:83774234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911133)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"102.53.15.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911133/; classtype:trojan-activity;sid:83774233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911131)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.253.12.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911131/; classtype:trojan-activity;sid:83774231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911129)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cpc138130-hatf10-2-0-cust814.9-3.cable.virginm.net"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911129/; classtype:trojan-activity;sid:83774229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911126)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.186.91.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911126/; classtype:trojan-activity;sid:83774226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911122)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"102.53.15.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911122/; classtype:trojan-activity;sid:83774222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911123)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.213.59.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911123/; classtype:trojan-activity;sid:83774223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911119)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83-87-76-41.cable.dynamic.v4.ziggo.nl"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911119/; classtype:trojan-activity;sid:83774219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911118)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.87.76.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911118/; classtype:trojan-activity;sid:83774218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911116)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.225.132.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911116/; classtype:trojan-activity;sid:83774216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911114)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"syn-047-229-251-027.res.spectrum.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911114/; classtype:trojan-activity;sid:83774214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911113)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"softbank126023203236.bbtec.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911113/; classtype:trojan-activity;sid:83774213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911112)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"pic.shouhucj.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911112/; classtype:trojan-activity;sid:83774212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911109)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"epei77.direct.quickconnect.to"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911109/; classtype:trojan-activity;sid:83774209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911108)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"host-195-103-203-106.business.telecomitalia.it"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911108/; classtype:trojan-activity;sid:83774208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911106)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"qgf338jtt8tty7rx.myfritz.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911106/; classtype:trojan-activity;sid:83774206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911105)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"host-95-255-114-11.business.telecomitalia.it"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911105/; classtype:trojan-activity;sid:83774205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911104)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"static-91-225-132-57.devs.futuro.pl"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911104/; classtype:trojan-activity;sid:83774204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911011)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"100.16.168.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911011/; classtype:trojan-activity;sid:83774111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910835)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"216.172.177.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910835/; classtype:trojan-activity;sid:83773935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910836)"; flow:established,from_client; content:"GET"; http_method; content:"/gpon443"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"216.172.177.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910836/; classtype:trojan-activity;sid:83773936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910830)"; flow:established,from_client; content:"GET"; http_method; content:"/pulse"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"216.172.177.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910830/; classtype:trojan-activity;sid:83773930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910831)"; flow:established,from_client; content:"GET"; http_method; content:"/aws"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"216.172.177.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910831/; classtype:trojan-activity;sid:83773931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910832)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"216.172.177.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910832/; classtype:trojan-activity;sid:83773932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910826)"; flow:established,from_client; content:"GET"; http_method; content:"/lg"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"216.172.177.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910826/; classtype:trojan-activity;sid:83773926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910827)"; flow:established,from_client; content:"GET"; http_method; content:"/thinkphp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"216.172.177.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910827/; classtype:trojan-activity;sid:83773927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910829)"; flow:established,from_client; content:"GET"; http_method; content:"/huawei"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.172.177.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910829/; classtype:trojan-activity;sid:83773929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"216.172.177.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910819/; classtype:trojan-activity;sid:83773919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910820)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"216.172.177.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910820/; classtype:trojan-activity;sid:83773920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910821)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"216.172.177.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910821/; classtype:trojan-activity;sid:83773921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910822)"; flow:established,from_client; content:"GET"; http_method; content:"/zte"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"216.172.177.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910822/; classtype:trojan-activity;sid:83773922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910823)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"216.172.177.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910823/; classtype:trojan-activity;sid:83773923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910824)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"216.172.177.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910824/; classtype:trojan-activity;sid:83773924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910825)"; flow:established,from_client; content:"GET"; http_method; content:"/hnap"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"216.172.177.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910825/; classtype:trojan-activity;sid:83773925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.215.202.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910773/; classtype:trojan-activity;sid:83773873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.215.202.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910772/; classtype:trojan-activity;sid:83773872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910756)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.248.81.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910756/; classtype:trojan-activity;sid:83773856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910687)"; flow:established,from_client; content:"GET"; http_method; content:"/config/qnvqkfym.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"b46.oss-cn-hongkong.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910687/; classtype:trojan-activity;sid:83773787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910664)"; flow:established,from_client; content:"GET"; http_method; content:"/xload/ycdidobbvbej173.bin"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"evoluxcontabilidade.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910664/; classtype:trojan-activity;sid:83773764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910665)"; flow:established,from_client; content:"GET"; http_method; content:"/xload/rumner.xtp"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"evoluxcontabilidade.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910665/; classtype:trojan-activity;sid:83773765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910662)"; flow:established,from_client; content:"GET"; http_method; content:"/pub/vpaabdggwk37.bin"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"evoluxcontabilidade.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910662/; classtype:trojan-activity;sid:83773762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910663)"; flow:established,from_client; content:"GET"; http_method; content:"/pub/taarepersedes.sea"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"evoluxcontabilidade.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910663/; classtype:trojan-activity;sid:83773763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910635)"; flow:established,from_client; content:"GET"; http_method; content:"/controlfirebase65.txt"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"198.46.178.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910635/; classtype:trojan-activity;sid:83773735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910450)"; flow:established,from_client; content:"GET"; http_method; content:"/baze644444444444444444444444.txt"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"198.46.178.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910450/; classtype:trojan-activity;sid:83773550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910447)"; flow:established,from_client; content:"GET"; http_method; content:"/se.e.e.e.eee.doc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"managermagnetcccccmango.duckdns.org"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910447/; classtype:trojan-activity;sid:83773547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910407)"; flow:established,from_client; content:"GET"; http_method; content:"/wow/apep_7.3.5.26365.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"5.249.20.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910407/; classtype:trojan-activity;sid:83773507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910379)"; flow:established,from_client; content:"GET"; http_method; content:"/forest/theyleadershippro.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"159.253.120.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910379/; classtype:trojan-activity;sid:83773479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910374)"; flow:established,from_client; content:"GET"; http_method; content:"/forest/fwivw.mp3"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"159.253.120.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910374/; classtype:trojan-activity;sid:83773474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910375)"; flow:established,from_client; content:"GET"; http_method; content:"/forest/nruustyqoi.pdf"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"159.253.120.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910375/; classtype:trojan-activity;sid:83773475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910376)"; flow:established,from_client; content:"GET"; http_method; content:"/forest/oujxajpkc.mp3"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"159.253.120.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910376/; classtype:trojan-activity;sid:83773476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910377)"; flow:established,from_client; content:"GET"; http_method; content:"/forest/uoqhwzhx.wav"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"159.253.120.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910377/; classtype:trojan-activity;sid:83773477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910378)"; flow:established,from_client; content:"GET"; http_method; content:"/forest/forest.jpeg"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"159.253.120.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910378/; classtype:trojan-activity;sid:83773478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910371)"; flow:established,from_client; content:"GET"; http_method; content:"/forest/qdgfx.wav"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"159.253.120.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910371/; classtype:trojan-activity;sid:83773471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910372)"; flow:established,from_client; content:"GET"; http_method; content:"/forest/vycpmxn.wav"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"159.253.120.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910372/; classtype:trojan-activity;sid:83773472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910373)"; flow:established,from_client; content:"GET"; http_method; content:"/forest/vpziqnq.dat"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"159.253.120.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910373/; classtype:trojan-activity;sid:83773473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910369)"; flow:established,from_client; content:"GET"; http_method; content:"/forest/nfrecpxqyd.dat"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"159.253.120.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910369/; classtype:trojan-activity;sid:83773469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910370)"; flow:established,from_client; content:"GET"; http_method; content:"/forest/yismdlcl.mp4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"159.253.120.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910370/; classtype:trojan-activity;sid:83773470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910368)"; flow:established,from_client; content:"GET"; http_method; content:"/forest/czyituqtdv.vdf"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"159.253.120.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910368/; classtype:trojan-activity;sid:83773468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910367)"; flow:established,from_client; content:"GET"; http_method; content:"/forest/rgdzpmpouv.mp3"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"159.253.120.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910367/; classtype:trojan-activity;sid:83773467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910224)"; flow:established,from_client; content:"GET"; http_method; content:"/payloads/dmshell.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"shell.dimitrimedia.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910224/; classtype:trojan-activity;sid:83773324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910223)"; flow:established,from_client; content:"GET"; http_method; content:"/payloads/dmshell.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"172-105-66-118.ip.linodeusercontent.com"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910223/; classtype:trojan-activity;sid:83773323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910143)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.230.28.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910143/; classtype:trojan-activity;sid:83773243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910138)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"101.58.214.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910138/; classtype:trojan-activity;sid:83773238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909696)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.47.247.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2909696/; classtype:trojan-activity;sid:83772796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909370)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.149.71.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909370/; classtype:trojan-activity;sid:83772470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909335)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1pjt23vhtwzyzypmtn3-laqctzzr5vb5d"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909335/; classtype:trojan-activity;sid:83772435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909310)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.118.79.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909310/; classtype:trojan-activity;sid:83772410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909294)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.57.50.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909294/; classtype:trojan-activity;sid:83772394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909291)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.184.185.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909291/; classtype:trojan-activity;sid:83772391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909290)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.224.107.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909290/; classtype:trojan-activity;sid:83772390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909170)"; flow:established,from_client; content:"GET"; http_method; content:"/46d5c5db-3dcf-40b7-9747-10abbec96aee/fabtronics%20rfq%20for%20parts%20ti%20pn%20urgent%e2%80%aef%cd%8fd%cd%8fp%cd%8f..7z|3f|v=1719473909542"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"cdn.glitch.global"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909170/; classtype:trojan-activity;sid:83772270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909085)"; flow:established,from_client; content:"GET"; http_method; content:"/cuxfc17.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.167.61.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909085/; classtype:trojan-activity;sid:83772185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908944)"; flow:established,from_client; content:"GET"; http_method; content:"/sw.w.w.w.www.doc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"198.46.178.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908944/; classtype:trojan-activity;sid:83772044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908919)"; flow:established,from_client; content:"GET"; http_method; content:"/dqibgxck76.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.195.237.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908919/; classtype:trojan-activity;sid:83772019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908918)"; flow:established,from_client; content:"GET"; http_method; content:"/minimumtrykket.deploy"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.195.237.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908918/; classtype:trojan-activity;sid:83772018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908910)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"170.210.81.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908910/; classtype:trojan-activity;sid:83772010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908913)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.72.167.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908913/; classtype:trojan-activity;sid:83772013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908909)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"12.196.184.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908909/; classtype:trojan-activity;sid:83772009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908895)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.57.50.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908895/; classtype:trojan-activity;sid:83771995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908899)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"211.192.113.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908899/; classtype:trojan-activity;sid:83771999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908900)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"190.108.63.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908900/; classtype:trojan-activity;sid:83772000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908901)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"211.192.113.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908901/; classtype:trojan-activity;sid:83772001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908902)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.57.39.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908902/; classtype:trojan-activity;sid:83772002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908903)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.142.209.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908903/; classtype:trojan-activity;sid:83772003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908905)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"124.105.81.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908905/; classtype:trojan-activity;sid:83772005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908906)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"211.40.16.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908906/; classtype:trojan-activity;sid:83772006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908907)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"122.3.195.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908907/; classtype:trojan-activity;sid:83772007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908891)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"200.123.251.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908891/; classtype:trojan-activity;sid:83771991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908892)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.134.214.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908892/; classtype:trojan-activity;sid:83771992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908893)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.57.44.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908893/; classtype:trojan-activity;sid:83771993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908894)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"170.210.81.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908894/; classtype:trojan-activity;sid:83771994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908888)"; flow:established,from_client; content:"GET"; http_method; content:"/deccastationers.msi"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"karoonpc.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908888/; classtype:trojan-activity;sid:83771988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908887)"; flow:established,from_client; content:"GET"; http_method; content:"/deccastationers.msi"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"karoonpc.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908887/; classtype:trojan-activity;sid:83771987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908042)"; flow:established,from_client; content:"GET"; http_method; content:"/abatua.dsp"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.195.237.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_26; reference:url, urlhaus.abuse.ch/url/2908042/; classtype:trojan-activity;sid:83771142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908041)"; flow:established,from_client; content:"GET"; http_method; content:"/stttepillens34.pcx"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.195.237.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_26; reference:url, urlhaus.abuse.ch/url/2908041/; classtype:trojan-activity;sid:83771141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908040)"; flow:established,from_client; content:"GET"; http_method; content:"/adnation.qxd"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.195.237.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_26; reference:url, urlhaus.abuse.ch/url/2908040/; classtype:trojan-activity;sid:83771140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908038)"; flow:established,from_client; content:"GET"; http_method; content:"/hqexdvyd37.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.195.237.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_26; reference:url, urlhaus.abuse.ch/url/2908038/; classtype:trojan-activity;sid:83771138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908039)"; flow:established,from_client; content:"GET"; http_method; content:"/castellated18.aca"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.195.237.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_26; reference:url, urlhaus.abuse.ch/url/2908039/; classtype:trojan-activity;sid:83771139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908029)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.101.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_26; reference:url, urlhaus.abuse.ch/url/2908029/; classtype:trojan-activity;sid:83771129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908012)"; flow:established,from_client; content:"GET"; http_method; content:"/8/items/new_image_20240619_1432/new_image.jpg"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"ia800400.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_06_26; reference:url, urlhaus.abuse.ch/url/2908012/; classtype:trojan-activity;sid:83771112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908011)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wh77u66ujxr-ihxqfarkrqgrv-ngaoxe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_26; reference:url, urlhaus.abuse.ch/url/2908011/; classtype:trojan-activity;sid:83771111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2907952)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"37.44.238.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_26; reference:url, urlhaus.abuse.ch/url/2907952/; classtype:trojan-activity;sid:83771052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2907615)"; flow:established,from_client; content:"GET"; http_method; content:"/17/items/new_image_20240625_2128/new_image.jpg"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ia803402.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_06_26; reference:url, urlhaus.abuse.ch/url/2907615/; classtype:trojan-activity;sid:83770715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2907054)"; flow:established,from_client; content:"GET"; http_method; content:"/at"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"s088.silver.fastwebserver.de"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_06_26; reference:url, urlhaus.abuse.ch/url/2907054/; classtype:trojan-activity;sid:83770154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.86.39.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906790/; classtype:trojan-activity;sid:83769890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906682)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906682/; classtype:trojan-activity;sid:83769782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906683)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.230.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906683/; classtype:trojan-activity;sid:83769783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906680)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.230.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906680/; classtype:trojan-activity;sid:83769780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906681)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906681/; classtype:trojan-activity;sid:83769781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906679)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906679/; classtype:trojan-activity;sid:83769779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906678)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.230.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906678/; classtype:trojan-activity;sid:83769778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906677)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906677/; classtype:trojan-activity;sid:83769777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906655)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.24.230.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906655/; classtype:trojan-activity;sid:83769755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906656)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.24.228.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906656/; classtype:trojan-activity;sid:83769756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906657)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.228.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906657/; classtype:trojan-activity;sid:83769757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906659)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.174.101.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906659/; classtype:trojan-activity;sid:83769759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906653)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906653/; classtype:trojan-activity;sid:83769753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906641)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.228.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906641/; classtype:trojan-activity;sid:83769741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906642)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906642/; classtype:trojan-activity;sid:83769742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906632)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.228.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906632/; classtype:trojan-activity;sid:83769732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906634)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.24.228.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906634/; classtype:trojan-activity;sid:83769734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906617)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906617/; classtype:trojan-activity;sid:83769717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906608)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906608/; classtype:trojan-activity;sid:83769708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906605)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906605/; classtype:trojan-activity;sid:83769705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906606)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906606/; classtype:trojan-activity;sid:83769706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906596)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.24.228.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906596/; classtype:trojan-activity;sid:83769696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906597)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906597/; classtype:trojan-activity;sid:83769697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906598)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.230.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906598/; classtype:trojan-activity;sid:83769698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906582)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.230.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906582/; classtype:trojan-activity;sid:83769682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906584)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.24.228.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906584/; classtype:trojan-activity;sid:83769684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906585)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.228.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906585/; classtype:trojan-activity;sid:83769685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906573)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.24.230.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906573/; classtype:trojan-activity;sid:83769673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906576)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.228.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906576/; classtype:trojan-activity;sid:83769676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906579)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906579/; classtype:trojan-activity;sid:83769679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906581)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906581/; classtype:trojan-activity;sid:83769681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906569)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906569/; classtype:trojan-activity;sid:83769669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906570)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906570/; classtype:trojan-activity;sid:83769670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906571)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.24.228.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906571/; classtype:trojan-activity;sid:83769671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906553)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.24.230.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906553/; classtype:trojan-activity;sid:83769653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906555)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.24.228.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906555/; classtype:trojan-activity;sid:83769655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906556)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906556/; classtype:trojan-activity;sid:83769656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906557)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.24.228.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906557/; classtype:trojan-activity;sid:83769657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906545)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906545/; classtype:trojan-activity;sid:83769645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906548)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906548/; classtype:trojan-activity;sid:83769648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906537)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906537/; classtype:trojan-activity;sid:83769637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906543)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906543/; classtype:trojan-activity;sid:83769643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906523)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.24.230.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906523/; classtype:trojan-activity;sid:83769623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906524)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.24.228.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906524/; classtype:trojan-activity;sid:83769624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906526)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.24.228.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906526/; classtype:trojan-activity;sid:83769626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906530)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.228.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906530/; classtype:trojan-activity;sid:83769630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906512)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.24.230.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906512/; classtype:trojan-activity;sid:83769612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906517)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906517/; classtype:trojan-activity;sid:83769617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906507)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906507/; classtype:trojan-activity;sid:83769607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906511)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906511/; classtype:trojan-activity;sid:83769611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906499)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906499/; classtype:trojan-activity;sid:83769599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906500)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906500/; classtype:trojan-activity;sid:83769600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906488)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.24.230.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906488/; classtype:trojan-activity;sid:83769588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906492)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906492/; classtype:trojan-activity;sid:83769592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906478)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.24.228.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906478/; classtype:trojan-activity;sid:83769578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906481)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.228.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906481/; classtype:trojan-activity;sid:83769581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906473)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906473/; classtype:trojan-activity;sid:83769573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906475)"; flow:established,from_client; content:"GET"; http_method; content:"/img001.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906475/; classtype:trojan-activity;sid:83769575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906470)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.230.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906470/; classtype:trojan-activity;sid:83769570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906460)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906460/; classtype:trojan-activity;sid:83769560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906452)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.228.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906452/; classtype:trojan-activity;sid:83769552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906454)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906454/; classtype:trojan-activity;sid:83769554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906447)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906447/; classtype:trojan-activity;sid:83769547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906437)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.228.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906437/; classtype:trojan-activity;sid:83769537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906426)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906426/; classtype:trojan-activity;sid:83769526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906429)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906429/; classtype:trojan-activity;sid:83769529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906424)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.24.230.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906424/; classtype:trojan-activity;sid:83769524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906415)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.230.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906415/; classtype:trojan-activity;sid:83769515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906417)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.24.230.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906417/; classtype:trojan-activity;sid:83769517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906407)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.24.228.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906407/; classtype:trojan-activity;sid:83769507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906408)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.230.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906408/; classtype:trojan-activity;sid:83769508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906410)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906410/; classtype:trojan-activity;sid:83769510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906396)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906396/; classtype:trojan-activity;sid:83769496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906398)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906398/; classtype:trojan-activity;sid:83769498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906401)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906401/; classtype:trojan-activity;sid:83769501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906388)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906388/; classtype:trojan-activity;sid:83769488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906389)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906389/; classtype:trojan-activity;sid:83769489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906391)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.24.230.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906391/; classtype:trojan-activity;sid:83769491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906392)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.230.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906392/; classtype:trojan-activity;sid:83769492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906393)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906393/; classtype:trojan-activity;sid:83769493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906379)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.228.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906379/; classtype:trojan-activity;sid:83769479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906385)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906385/; classtype:trojan-activity;sid:83769485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906367)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906367/; classtype:trojan-activity;sid:83769467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906361)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.24.230.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906361/; classtype:trojan-activity;sid:83769461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906362)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.230.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906362/; classtype:trojan-activity;sid:83769462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906363)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.228.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906363/; classtype:trojan-activity;sid:83769463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906348)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.24.228.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906348/; classtype:trojan-activity;sid:83769448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906356)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.230.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906356/; classtype:trojan-activity;sid:83769456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906335)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906335/; classtype:trojan-activity;sid:83769435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906339)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906339/; classtype:trojan-activity;sid:83769439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906341)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.230.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906341/; classtype:trojan-activity;sid:83769441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906331)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906331/; classtype:trojan-activity;sid:83769431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906329)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906329/; classtype:trojan-activity;sid:83769429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906301)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906301/; classtype:trojan-activity;sid:83769401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906302)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906302/; classtype:trojan-activity;sid:83769402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906303)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.228.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906303/; classtype:trojan-activity;sid:83769403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906304)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.24.228.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906304/; classtype:trojan-activity;sid:83769404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906307)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906307/; classtype:trojan-activity;sid:83769407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906308)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906308/; classtype:trojan-activity;sid:83769408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906311)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.24.228.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906311/; classtype:trojan-activity;sid:83769411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906314)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906314/; classtype:trojan-activity;sid:83769414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906291)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.230.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906291/; classtype:trojan-activity;sid:83769391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906292)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906292/; classtype:trojan-activity;sid:83769392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906295)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906295/; classtype:trojan-activity;sid:83769395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906299)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.228.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906299/; classtype:trojan-activity;sid:83769399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906281)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906281/; classtype:trojan-activity;sid:83769381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906282)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906282/; classtype:trojan-activity;sid:83769382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906284)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906284/; classtype:trojan-activity;sid:83769384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906288)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906288/; classtype:trojan-activity;sid:83769388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906289)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906289/; classtype:trojan-activity;sid:83769389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906268)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.24.230.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906268/; classtype:trojan-activity;sid:83769368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906270)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.228.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906270/; classtype:trojan-activity;sid:83769370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906272)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906272/; classtype:trojan-activity;sid:83769372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906276)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.24.228.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906276/; classtype:trojan-activity;sid:83769376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906259)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.228.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906259/; classtype:trojan-activity;sid:83769359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906260)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906260/; classtype:trojan-activity;sid:83769360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906244)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906244/; classtype:trojan-activity;sid:83769344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906251)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.24.228.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906251/; classtype:trojan-activity;sid:83769351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906253)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.228.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906253/; classtype:trojan-activity;sid:83769353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906254)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.24.228.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906254/; classtype:trojan-activity;sid:83769354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906231)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.228.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906231/; classtype:trojan-activity;sid:83769331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906234)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.230.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906234/; classtype:trojan-activity;sid:83769334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906236)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906236/; classtype:trojan-activity;sid:83769336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906237)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906237/; classtype:trojan-activity;sid:83769337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906239)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906239/; classtype:trojan-activity;sid:83769339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906240)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.228.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906240/; classtype:trojan-activity;sid:83769340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906222)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906222/; classtype:trojan-activity;sid:83769322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906195)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906195/; classtype:trojan-activity;sid:83769295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906145)"; flow:established,from_client; content:"GET"; http_method; content:"/down/fxye6uflshc8.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"43.153.49.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906145/; classtype:trojan-activity;sid:83769245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905846)"; flow:established,from_client; content:"GET"; http_method; content:"/xfhd.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.193.241.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905846/; classtype:trojan-activity;sid:83768946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905730)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905730/; classtype:trojan-activity;sid:83768830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905611)"; flow:established,from_client; content:"GET"; http_method; content:"/frielandrews892/file/releases/download/file/file.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905611/; classtype:trojan-activity;sid:83768711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905610)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/1.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"biancolevrin.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905610/; classtype:trojan-activity;sid:83768710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905609)"; flow:established,from_client; content:"GET"; http_method; content:"/frielandrews892/file/releases/download/installer/installer.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905609/; classtype:trojan-activity;sid:83768709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905264)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.230.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905264/; classtype:trojan-activity;sid:83768364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905265)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905265/; classtype:trojan-activity;sid:83768365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905262)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905262/; classtype:trojan-activity;sid:83768362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905261)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905261/; classtype:trojan-activity;sid:83768361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905260)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.228.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905260/; classtype:trojan-activity;sid:83768360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905256)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.175.24.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905256/; classtype:trojan-activity;sid:83768356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905245)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.230.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905245/; classtype:trojan-activity;sid:83768345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905246)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905246/; classtype:trojan-activity;sid:83768346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905247)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.228.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905247/; classtype:trojan-activity;sid:83768347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905248)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905248/; classtype:trojan-activity;sid:83768348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905249)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.228.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905249/; classtype:trojan-activity;sid:83768349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905250)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.230.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905250/; classtype:trojan-activity;sid:83768350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905251)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.228.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905251/; classtype:trojan-activity;sid:83768351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905252)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.228.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905252/; classtype:trojan-activity;sid:83768352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905253)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905253/; classtype:trojan-activity;sid:83768353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905255)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.228.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905255/; classtype:trojan-activity;sid:83768355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905240)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.228.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905240/; classtype:trojan-activity;sid:83768340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905241)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.228.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905241/; classtype:trojan-activity;sid:83768341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905242)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905242/; classtype:trojan-activity;sid:83768342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905243)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.230.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905243/; classtype:trojan-activity;sid:83768343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905244)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.228.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905244/; classtype:trojan-activity;sid:83768344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905238)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905238/; classtype:trojan-activity;sid:83768338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905239)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905239/; classtype:trojan-activity;sid:83768339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905236)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905236/; classtype:trojan-activity;sid:83768336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905237)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.228.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905237/; classtype:trojan-activity;sid:83768337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905235)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.230.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905235/; classtype:trojan-activity;sid:83768335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905228)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905228/; classtype:trojan-activity;sid:83768328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905229)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.230.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905229/; classtype:trojan-activity;sid:83768329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905230)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.228.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905230/; classtype:trojan-activity;sid:83768330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905231)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905231/; classtype:trojan-activity;sid:83768331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905232)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.230.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905232/; classtype:trojan-activity;sid:83768332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905233)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.228.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905233/; classtype:trojan-activity;sid:83768333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905234)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.228.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905234/; classtype:trojan-activity;sid:83768334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905227)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905227/; classtype:trojan-activity;sid:83768327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905226)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905226/; classtype:trojan-activity;sid:83768326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905225)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905225/; classtype:trojan-activity;sid:83768325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905223)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905223/; classtype:trojan-activity;sid:83768323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905224)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905224/; classtype:trojan-activity;sid:83768324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905221)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905221/; classtype:trojan-activity;sid:83768321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905222)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905222/; classtype:trojan-activity;sid:83768322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905220)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905220/; classtype:trojan-activity;sid:83768320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905219)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905219/; classtype:trojan-activity;sid:83768319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905216)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905216/; classtype:trojan-activity;sid:83768316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905211)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905211/; classtype:trojan-activity;sid:83768311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905210)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905210/; classtype:trojan-activity;sid:83768310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905208)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.175.24.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905208/; classtype:trojan-activity;sid:83768308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905209)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.175.24.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905209/; classtype:trojan-activity;sid:83768309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905204)"; flow:established,from_client; content:"GET"; http_method; content:"/img001.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905204/; classtype:trojan-activity;sid:83768304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905202)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905202/; classtype:trojan-activity;sid:83768302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905203)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905203/; classtype:trojan-activity;sid:83768303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905201)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905201/; classtype:trojan-activity;sid:83768301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905199)"; flow:established,from_client; content:"GET"; http_method; content:"/install_python3.sh"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"116.206.151.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905199/; classtype:trojan-activity;sid:83768299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905200)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905200/; classtype:trojan-activity;sid:83768300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905194)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905194/; classtype:trojan-activity;sid:83768294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905195)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905195/; classtype:trojan-activity;sid:83768295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905196)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905196/; classtype:trojan-activity;sid:83768296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905191)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905191/; classtype:trojan-activity;sid:83768291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905192)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905192/; classtype:trojan-activity;sid:83768292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905193)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905193/; classtype:trojan-activity;sid:83768293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905188)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905188/; classtype:trojan-activity;sid:83768288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905189)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905189/; classtype:trojan-activity;sid:83768289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905190)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905190/; classtype:trojan-activity;sid:83768290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905178)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905178/; classtype:trojan-activity;sid:83768278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905186)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905186/; classtype:trojan-activity;sid:83768286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905187)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905187/; classtype:trojan-activity;sid:83768287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905176)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905176/; classtype:trojan-activity;sid:83768276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905175)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.230.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905175/; classtype:trojan-activity;sid:83768275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905174)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.228.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905174/; classtype:trojan-activity;sid:83768274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905173)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905173/; classtype:trojan-activity;sid:83768273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905172)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.228.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905172/; classtype:trojan-activity;sid:83768272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905169)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.24.228.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905169/; classtype:trojan-activity;sid:83768269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905170)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905170/; classtype:trojan-activity;sid:83768270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905171)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905171/; classtype:trojan-activity;sid:83768271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905159)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.236.23.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905159/; classtype:trojan-activity;sid:83768259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905160)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.200.14.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905160/; classtype:trojan-activity;sid:83768260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905158)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.236.23.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905158/; classtype:trojan-activity;sid:83768258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905154)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"119.32.29.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905154/; classtype:trojan-activity;sid:83768254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905152)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.200.14.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905152/; classtype:trojan-activity;sid:83768252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905149)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.50.95.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905149/; classtype:trojan-activity;sid:83768249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905150)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"119.32.29.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905150/; classtype:trojan-activity;sid:83768250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905147)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.50.95.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905147/; classtype:trojan-activity;sid:83768247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905145)"; flow:established,from_client; content:"GET"; http_method; content:"/av_downloader.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905145/; classtype:trojan-activity;sid:83768245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905140)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.236.23.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905140/; classtype:trojan-activity;sid:83768240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905133)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.32.29.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905133/; classtype:trojan-activity;sid:83768233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905129)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.50.95.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905129/; classtype:trojan-activity;sid:83768229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905125)"; flow:established,from_client; content:"GET"; http_method; content:"/pornhub_downloader.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905125/; classtype:trojan-activity;sid:83768225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905121)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905121/; classtype:trojan-activity;sid:83768221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905117)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.230.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905117/; classtype:trojan-activity;sid:83768217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905114)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905114/; classtype:trojan-activity;sid:83768214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905115)"; flow:established,from_client; content:"GET"; http_method; content:"/install_python3.sh"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905115/; classtype:trojan-activity;sid:83768215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905116)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.24.228.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905116/; classtype:trojan-activity;sid:83768216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905098)"; flow:established,from_client; content:"GET"; http_method; content:"/biltong19.ocx"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.195.237.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905098/; classtype:trojan-activity;sid:83768198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2904276)"; flow:established,from_client; content:"GET"; http_method; content:"/unplunderously.cur"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.195.237.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_24; reference:url, urlhaus.abuse.ch/url/2904276/; classtype:trojan-activity;sid:83767376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2904277)"; flow:established,from_client; content:"GET"; http_method; content:"/smles.aca"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.195.237.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_24; reference:url, urlhaus.abuse.ch/url/2904277/; classtype:trojan-activity;sid:83767377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2904278)"; flow:established,from_client; content:"GET"; http_method; content:"/skrifttegnet65.xtp"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.195.237.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_24; reference:url, urlhaus.abuse.ch/url/2904278/; classtype:trojan-activity;sid:83767378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2904256)"; flow:established,from_client; content:"GET"; http_method; content:"/xfhpzefnhkob158.bin"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"white.carsmartag.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_06_24; reference:url, urlhaus.abuse.ch/url/2904256/; classtype:trojan-activity;sid:83767356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2904258)"; flow:established,from_client; content:"GET"; http_method; content:"/fcgeqk229.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"white.carsmartag.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_06_24; reference:url, urlhaus.abuse.ch/url/2904258/; classtype:trojan-activity;sid:83767358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2903918)"; flow:established,from_client; content:"GET"; http_method; content:"/cs.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.193.241.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_24; reference:url, urlhaus.abuse.ch/url/2903918/; classtype:trojan-activity;sid:83767018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2902723)"; flow:established,from_client; content:"GET"; http_method; content:"/nk3"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"101.42.158.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_23; reference:url, urlhaus.abuse.ch/url/2902723/; classtype:trojan-activity;sid:83765823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2902438)"; flow:established,from_client; content:"GET"; http_method; content:"/02.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.71.147.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_23; reference:url, urlhaus.abuse.ch/url/2902438/; classtype:trojan-activity;sid:83765538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2902437)"; flow:established,from_client; content:"GET"; http_method; content:"/cmd.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"81.71.147.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_23; reference:url, urlhaus.abuse.ch/url/2902437/; classtype:trojan-activity;sid:83765537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2902428)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.71.147.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_23; reference:url, urlhaus.abuse.ch/url/2902428/; classtype:trojan-activity;sid:83765528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2902368)"; flow:established,from_client; content:"GET"; http_method; content:"/xx.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"206.53.55.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_23; reference:url, urlhaus.abuse.ch/url/2902368/; classtype:trojan-activity;sid:83765468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2902246)"; flow:established,from_client; content:"GET"; http_method; content:"/jack.jpg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"23.94.126.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_23; reference:url, urlhaus.abuse.ch/url/2902246/; classtype:trojan-activity;sid:83765346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2901926)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.123.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_23; reference:url, urlhaus.abuse.ch/url/2901926/; classtype:trojan-activity;sid:83765026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2901791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"158.255.82.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_23; reference:url, urlhaus.abuse.ch/url/2901791/; classtype:trojan-activity;sid:83764891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2901327)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.194.79.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_22; reference:url, urlhaus.abuse.ch/url/2901327/; classtype:trojan-activity;sid:83764427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2901197)"; flow:established,from_client; content:"GET"; http_method; content:"/zwzonepieces/posapsi/master/chatlife.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_22; reference:url, urlhaus.abuse.ch/url/2901197/; classtype:trojan-activity;sid:83764297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2900550)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.118.121.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_21; reference:url, urlhaus.abuse.ch/url/2900550/; classtype:trojan-activity;sid:83763650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2900548)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.156.154.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_21; reference:url, urlhaus.abuse.ch/url/2900548/; classtype:trojan-activity;sid:83763648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2900017)"; flow:established,from_client; content:"GET"; http_method; content:"/8usa.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.59.248.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_21; reference:url, urlhaus.abuse.ch/url/2900017/; classtype:trojan-activity;sid:83763117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899910)"; flow:established,from_client; content:"GET"; http_method; content:"/16/items/new_image_202406/new_image.jpg"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"ia803405.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_06_21; reference:url, urlhaus.abuse.ch/url/2899910/; classtype:trojan-activity;sid:83763010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899853)"; flow:established,from_client; content:"GET"; http_method; content:"/ipfs/qmu99juvu4mweyuw7e6kkw8mheocjzoem5nueb87fdfpeh"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"ipfs.io"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2024_06_21; reference:url, urlhaus.abuse.ch/url/2899853/; classtype:trojan-activity;sid:83762953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899789)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.220.60.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_21; reference:url, urlhaus.abuse.ch/url/2899789/; classtype:trojan-activity;sid:83762889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899148)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.23.215.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899148/; classtype:trojan-activity;sid:83762248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899144)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.23.215.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899144/; classtype:trojan-activity;sid:83762244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899145)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.23.215.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899145/; classtype:trojan-activity;sid:83762245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899146)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"36.249.46.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899146/; classtype:trojan-activity;sid:83762246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899147)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"36.249.46.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899147/; classtype:trojan-activity;sid:83762247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899138)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.23.215.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899138/; classtype:trojan-activity;sid:83762238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899139)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"36.249.46.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899139/; classtype:trojan-activity;sid:83762239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899140)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"36.249.46.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899140/; classtype:trojan-activity;sid:83762240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899141)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.23.215.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899141/; classtype:trojan-activity;sid:83762241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899142)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"36.249.46.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899142/; classtype:trojan-activity;sid:83762242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899131)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.23.215.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899131/; classtype:trojan-activity;sid:83762231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899132)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.23.215.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899132/; classtype:trojan-activity;sid:83762232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899133)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"36.249.46.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899133/; classtype:trojan-activity;sid:83762233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899134)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.23.215.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899134/; classtype:trojan-activity;sid:83762234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899135)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.23.215.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899135/; classtype:trojan-activity;sid:83762235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899136)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"36.249.46.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899136/; classtype:trojan-activity;sid:83762236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899137)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.23.215.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899137/; classtype:trojan-activity;sid:83762237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899124)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.23.215.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899124/; classtype:trojan-activity;sid:83762224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899125)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.23.215.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899125/; classtype:trojan-activity;sid:83762225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899126)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"36.249.46.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899126/; classtype:trojan-activity;sid:83762226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899127)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.23.215.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899127/; classtype:trojan-activity;sid:83762227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899128)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.23.215.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899128/; classtype:trojan-activity;sid:83762228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899129)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"36.249.46.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899129/; classtype:trojan-activity;sid:83762229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899130)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.23.215.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899130/; classtype:trojan-activity;sid:83762230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899120)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"36.249.46.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899120/; classtype:trojan-activity;sid:83762220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899121)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.23.215.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899121/; classtype:trojan-activity;sid:83762221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899122)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.23.215.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899122/; classtype:trojan-activity;sid:83762222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899123)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.23.215.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899123/; classtype:trojan-activity;sid:83762223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899119)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.23.215.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899119/; classtype:trojan-activity;sid:83762219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899115)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"36.249.46.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899115/; classtype:trojan-activity;sid:83762215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899116)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.23.215.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899116/; classtype:trojan-activity;sid:83762216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899117)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.23.215.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899117/; classtype:trojan-activity;sid:83762217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899114)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.23.215.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899114/; classtype:trojan-activity;sid:83762214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899112)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"36.249.46.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899112/; classtype:trojan-activity;sid:83762212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899109)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.23.215.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899109/; classtype:trojan-activity;sid:83762209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899110)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"36.249.46.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899110/; classtype:trojan-activity;sid:83762210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899111)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.23.215.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899111/; classtype:trojan-activity;sid:83762211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899108)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.23.215.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899108/; classtype:trojan-activity;sid:83762208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899106)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"36.249.46.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899106/; classtype:trojan-activity;sid:83762206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899107)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"36.249.46.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899107/; classtype:trojan-activity;sid:83762207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899105)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.23.215.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899105/; classtype:trojan-activity;sid:83762205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899102)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.23.215.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899102/; classtype:trojan-activity;sid:83762202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899103)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.23.215.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899103/; classtype:trojan-activity;sid:83762203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899104)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"36.249.46.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899104/; classtype:trojan-activity;sid:83762204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899099)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.23.215.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899099/; classtype:trojan-activity;sid:83762199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899100)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"36.249.46.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899100/; classtype:trojan-activity;sid:83762200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899101)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"36.249.46.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899101/; classtype:trojan-activity;sid:83762201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899091)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.23.215.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899091/; classtype:trojan-activity;sid:83762191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899092)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.23.215.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899092/; classtype:trojan-activity;sid:83762192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899093)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"36.249.46.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899093/; classtype:trojan-activity;sid:83762193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899094)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.23.215.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899094/; classtype:trojan-activity;sid:83762194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899095)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"117.28.27.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899095/; classtype:trojan-activity;sid:83762195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899096)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.23.215.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899096/; classtype:trojan-activity;sid:83762196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899097)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"36.249.46.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899097/; classtype:trojan-activity;sid:83762197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899098)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.23.215.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899098/; classtype:trojan-activity;sid:83762198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899088)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"36.249.46.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899088/; classtype:trojan-activity;sid:83762188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899089)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"36.249.46.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899089/; classtype:trojan-activity;sid:83762189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899090)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.23.215.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899090/; classtype:trojan-activity;sid:83762190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899081)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.23.215.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899081/; classtype:trojan-activity;sid:83762181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899082)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.23.215.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899082/; classtype:trojan-activity;sid:83762182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899083)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"36.249.46.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899083/; classtype:trojan-activity;sid:83762183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899084)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"36.249.46.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899084/; classtype:trojan-activity;sid:83762184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899085)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"117.28.27.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899085/; classtype:trojan-activity;sid:83762185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899086)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"36.249.46.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899086/; classtype:trojan-activity;sid:83762186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899087)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.23.215.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899087/; classtype:trojan-activity;sid:83762187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899076)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"36.249.46.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899076/; classtype:trojan-activity;sid:83762176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899077)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"36.249.46.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899077/; classtype:trojan-activity;sid:83762177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899078)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.23.215.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899078/; classtype:trojan-activity;sid:83762178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899079)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.23.215.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899079/; classtype:trojan-activity;sid:83762179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899080)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.23.215.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899080/; classtype:trojan-activity;sid:83762180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899074)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.23.215.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899074/; classtype:trojan-activity;sid:83762174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899075)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"117.28.27.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899075/; classtype:trojan-activity;sid:83762175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899073)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.23.215.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899073/; classtype:trojan-activity;sid:83762173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899068)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.23.215.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899068/; classtype:trojan-activity;sid:83762168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899069)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"36.249.46.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899069/; classtype:trojan-activity;sid:83762169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899070)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.23.215.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899070/; classtype:trojan-activity;sid:83762170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899071)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"36.249.46.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899071/; classtype:trojan-activity;sid:83762171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899072)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"36.249.46.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899072/; classtype:trojan-activity;sid:83762172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899067)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"36.249.46.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899067/; classtype:trojan-activity;sid:83762167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899066)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"36.249.46.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899066/; classtype:trojan-activity;sid:83762166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899054)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.23.215.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899054/; classtype:trojan-activity;sid:83762154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899055)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"36.249.46.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899055/; classtype:trojan-activity;sid:83762155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899056)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.23.215.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899056/; classtype:trojan-activity;sid:83762156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899057)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"36.249.46.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899057/; classtype:trojan-activity;sid:83762157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899058)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"36.249.46.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899058/; classtype:trojan-activity;sid:83762158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899059)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"36.249.46.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899059/; classtype:trojan-activity;sid:83762159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899060)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"36.249.46.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899060/; classtype:trojan-activity;sid:83762160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899061)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"36.249.46.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899061/; classtype:trojan-activity;sid:83762161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899062)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.23.215.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899062/; classtype:trojan-activity;sid:83762162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899063)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.23.215.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899063/; classtype:trojan-activity;sid:83762163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899064)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.23.215.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899064/; classtype:trojan-activity;sid:83762164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899065)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.23.215.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899065/; classtype:trojan-activity;sid:83762165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899048)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.23.215.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899048/; classtype:trojan-activity;sid:83762148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899049)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.23.215.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899049/; classtype:trojan-activity;sid:83762149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899050)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.23.215.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899050/; classtype:trojan-activity;sid:83762150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899051)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"36.249.46.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899051/; classtype:trojan-activity;sid:83762151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899052)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.23.215.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899052/; classtype:trojan-activity;sid:83762152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899053)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.23.215.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899053/; classtype:trojan-activity;sid:83762153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899047)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.23.215.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899047/; classtype:trojan-activity;sid:83762147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899046)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"36.249.46.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899046/; classtype:trojan-activity;sid:83762146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899044)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.23.215.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899044/; classtype:trojan-activity;sid:83762144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899045)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.23.215.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899045/; classtype:trojan-activity;sid:83762145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899043)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.23.215.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899043/; classtype:trojan-activity;sid:83762143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899042)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"36.249.46.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899042/; classtype:trojan-activity;sid:83762142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899041)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"36.249.46.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899041/; classtype:trojan-activity;sid:83762141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899040)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"36.249.46.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899040/; classtype:trojan-activity;sid:83762140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899039)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.23.215.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899039/; classtype:trojan-activity;sid:83762139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899036)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"36.249.46.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899036/; classtype:trojan-activity;sid:83762136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899037)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.23.215.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899037/; classtype:trojan-activity;sid:83762137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899038)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"36.249.46.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899038/; classtype:trojan-activity;sid:83762138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899024)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.23.215.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899024/; classtype:trojan-activity;sid:83762124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899025)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.23.215.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899025/; classtype:trojan-activity;sid:83762125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899026)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"36.249.46.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899026/; classtype:trojan-activity;sid:83762126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899027)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.23.215.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899027/; classtype:trojan-activity;sid:83762127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899028)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.23.215.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899028/; classtype:trojan-activity;sid:83762128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899029)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"36.249.46.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899029/; classtype:trojan-activity;sid:83762129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899030)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"36.249.46.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899030/; classtype:trojan-activity;sid:83762130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899031)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.23.215.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899031/; classtype:trojan-activity;sid:83762131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899032)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"36.249.46.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899032/; classtype:trojan-activity;sid:83762132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899033)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.23.215.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899033/; classtype:trojan-activity;sid:83762133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899034)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"36.249.46.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899034/; classtype:trojan-activity;sid:83762134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899035)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.23.215.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899035/; classtype:trojan-activity;sid:83762135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899022)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"36.249.46.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899022/; classtype:trojan-activity;sid:83762122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899023)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.23.215.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899023/; classtype:trojan-activity;sid:83762123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899019)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.23.215.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899019/; classtype:trojan-activity;sid:83762119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899020)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.23.215.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899020/; classtype:trojan-activity;sid:83762120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899021)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.23.215.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899021/; classtype:trojan-activity;sid:83762121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899012)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.23.215.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899012/; classtype:trojan-activity;sid:83762112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899013)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.23.215.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899013/; classtype:trojan-activity;sid:83762113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899014)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"36.249.46.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899014/; classtype:trojan-activity;sid:83762114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899015)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.23.215.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899015/; classtype:trojan-activity;sid:83762115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899016)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"36.249.46.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899016/; classtype:trojan-activity;sid:83762116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899017)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.23.215.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899017/; classtype:trojan-activity;sid:83762117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899018)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"36.249.46.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899018/; classtype:trojan-activity;sid:83762118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899009)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.23.215.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899009/; classtype:trojan-activity;sid:83762109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899010)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.23.215.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899010/; classtype:trojan-activity;sid:83762110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899011)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.23.215.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899011/; classtype:trojan-activity;sid:83762111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899008)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.23.215.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899008/; classtype:trojan-activity;sid:83762108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899006)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"36.249.46.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899006/; classtype:trojan-activity;sid:83762106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899007)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.23.215.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899007/; classtype:trojan-activity;sid:83762107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899005)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"36.249.46.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899005/; classtype:trojan-activity;sid:83762105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899004)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"36.249.46.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899004/; classtype:trojan-activity;sid:83762104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899003)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.23.215.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899003/; classtype:trojan-activity;sid:83762103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898998)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.23.215.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898998/; classtype:trojan-activity;sid:83762098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898999)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.23.215.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898999/; classtype:trojan-activity;sid:83762099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899000)"; flow:established,from_client; content:"GET"; http_method; content:"/downdd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.23.215.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899000/; classtype:trojan-activity;sid:83762100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899001)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.23.215.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2899001/; classtype:trojan-activity;sid:83762101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898942)"; flow:established,from_client; content:"GET"; http_method; content:"//ssl/crt.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"lop.foxesjoy.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898942/; classtype:trojan-activity;sid:83762042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.230.28.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898887/; classtype:trojan-activity;sid:83761987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.230.28.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898863/; classtype:trojan-activity;sid:83761963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898841/; classtype:trojan-activity;sid:83761941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898814)"; flow:established,from_client; content:"GET"; http_method; content:"/fury-os/fury_kms/releases/download/v.1.6.0/furykms_v.1.6.0.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898814/; classtype:trojan-activity;sid:83761914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898705)"; flow:established,from_client; content:"GET"; http_method; content:"/wzoptup.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"36.249.46.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898705/; classtype:trojan-activity;sid:83761805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898703)"; flow:established,from_client; content:"GET"; http_method; content:"/wezoautoup.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"36.249.46.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898703/; classtype:trojan-activity;sid:83761803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898702)"; flow:established,from_client; content:"GET"; http_method; content:"/vncdbnt.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"36.249.46.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898702/; classtype:trojan-activity;sid:83761802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898700)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/kyhzi3xskc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pastebin.ai"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898700/; classtype:trojan-activity;sid:83761800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898687/; classtype:trojan-activity;sid:83761787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898307)"; flow:established,from_client; content:"GET"; http_method; content:"/downuhz.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"36.249.46.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898307/; classtype:trojan-activity;sid:83761407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898306)"; flow:established,from_client; content:"GET"; http_method; content:"/downchrome.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"36.249.46.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898306/; classtype:trojan-activity;sid:83761406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898305)"; flow:established,from_client; content:"GET"; http_method; content:"/downzhw.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"36.249.46.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898305/; classtype:trojan-activity;sid:83761405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898297)"; flow:established,from_client; content:"GET"; http_method; content:"/downggzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"36.249.46.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898297/; classtype:trojan-activity;sid:83761397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898298)"; flow:established,from_client; content:"GET"; http_method; content:"/downsyssoft.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"36.249.46.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898298/; classtype:trojan-activity;sid:83761398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898299)"; flow:established,from_client; content:"GET"; http_method; content:"/downcomgame.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"36.249.46.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898299/; classtype:trojan-activity;sid:83761399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898300)"; flow:established,from_client; content:"GET"; http_method; content:"/downxunyou.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"36.249.46.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898300/; classtype:trojan-activity;sid:83761400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898301)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzhup1.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"36.249.46.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898301/; classtype:trojan-activity;sid:83761401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898302)"; flow:established,from_client; content:"GET"; http_method; content:"/downty.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"36.249.46.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898302/; classtype:trojan-activity;sid:83761402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898303)"; flow:established,from_client; content:"GET"; http_method; content:"/downaqzh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"36.249.46.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898303/; classtype:trojan-activity;sid:83761403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898304)"; flow:established,from_client; content:"GET"; http_method; content:"/downsteamcommunity.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"36.249.46.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898304/; classtype:trojan-activity;sid:83761404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898295)"; flow:established,from_client; content:"GET"; http_method; content:"/culclientup.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"36.249.46.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898295/; classtype:trojan-activity;sid:83761395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898296)"; flow:established,from_client; content:"GET"; http_method; content:"/xunyouup.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"36.249.46.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898296/; classtype:trojan-activity;sid:83761396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898294)"; flow:established,from_client; content:"GET"; http_method; content:"/dbzclientupdate.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"36.249.46.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898294/; classtype:trojan-activity;sid:83761394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898293)"; flow:established,from_client; content:"GET"; http_method; content:"/clear.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.249.46.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898293/; classtype:trojan-activity;sid:83761393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898136)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.113.172.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898136/; classtype:trojan-activity;sid:83761236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2897980)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.100.106.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2897980/; classtype:trojan-activity;sid:83761080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2897402)"; flow:established,from_client; content:"GET"; http_method; content:"/zhw10.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.61.248.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2897402/; classtype:trojan-activity;sid:83760502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2897401)"; flow:established,from_client; content:"GET"; http_method; content:"/zhw11.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.61.248.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2897401/; classtype:trojan-activity;sid:83760501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2897332)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.202.101.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2897332/; classtype:trojan-activity;sid:83760432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2897167)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.56.250.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2897167/; classtype:trojan-activity;sid:83760267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2896954)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.72.254.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2896954/; classtype:trojan-activity;sid:83760054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2896955)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.72.254.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2896955/; classtype:trojan-activity;sid:83760055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2896956)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.72.254.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2896956/; classtype:trojan-activity;sid:83760056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2896950)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.72.254.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2896950/; classtype:trojan-activity;sid:83760050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2896951)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.72.254.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2896951/; classtype:trojan-activity;sid:83760051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2896948)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.72.254.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2896948/; classtype:trojan-activity;sid:83760048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2895458)"; flow:established,from_client; content:"GET"; http_method; content:"/%c4%a7%be%a7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"112.74.185.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_18; reference:url, urlhaus.abuse.ch/url/2895458/; classtype:trojan-activity;sid:83758558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2895457)"; flow:established,from_client; content:"GET"; http_method; content:"/3r%bc%bc%ca%f5.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"112.74.185.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_18; reference:url, urlhaus.abuse.ch/url/2895457/; classtype:trojan-activity;sid:83758557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2894473)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"198.255.193.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_17; reference:url, urlhaus.abuse.ch/url/2894473/; classtype:trojan-activity;sid:83757573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2894025)"; flow:established,from_client; content:"GET"; http_method; content:"/kailash-jakhar/webpack-v5-tutorial/main/quizpokemon.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_17; reference:url, urlhaus.abuse.ch/url/2894025/; classtype:trojan-activity;sid:83757125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2892223)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.19.13.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_16; reference:url, urlhaus.abuse.ch/url/2892223/; classtype:trojan-activity;sid:83755323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2891837)"; flow:established,from_client; content:"GET"; http_method; content:"/adobe.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.172.76.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_16; reference:url, urlhaus.abuse.ch/url/2891837/; classtype:trojan-activity;sid:83754937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2891765)"; flow:established,from_client; content:"GET"; http_method; content:"/hack"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.134.227.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_16; reference:url, urlhaus.abuse.ch/url/2891765/; classtype:trojan-activity;sid:83754865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2891764)"; flow:established,from_client; content:"GET"; http_method; content:"/diamorphine-master.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"43.134.227.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_16; reference:url, urlhaus.abuse.ch/url/2891764/; classtype:trojan-activity;sid:83754864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2891762)"; flow:established,from_client; content:"GET"; http_method; content:"/cc.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"43.134.227.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_16; reference:url, urlhaus.abuse.ch/url/2891762/; classtype:trojan-activity;sid:83754862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2891763)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"43.134.227.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_16; reference:url, urlhaus.abuse.ch/url/2891763/; classtype:trojan-activity;sid:83754863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2891705)"; flow:established,from_client; content:"GET"; http_method; content:"/backup/clientcaller.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_16; reference:url, urlhaus.abuse.ch/url/2891705/; classtype:trojan-activity;sid:83754805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2891703)"; flow:established,from_client; content:"GET"; http_method; content:"/clientcaller.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_16; reference:url, urlhaus.abuse.ch/url/2891703/; classtype:trojan-activity;sid:83754803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2890179)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%91%e9%80%8f.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"180.163.61.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_15; reference:url, urlhaus.abuse.ch/url/2890179/; classtype:trojan-activity;sid:83753279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2890090)"; flow:established,from_client; content:"GET"; http_method; content:"/a5d6cca28de4d6e521137acca4bc8d71.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"47.102.104.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_15; reference:url, urlhaus.abuse.ch/url/2890090/; classtype:trojan-activity;sid:83753190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2889183)"; flow:established,from_client; content:"GET"; http_method; content:"/aact.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.229.86.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2889183/; classtype:trojan-activity;sid:83752283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888893)"; flow:established,from_client; content:"GET"; http_method; content:"/c.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"212.70.149.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888893/; classtype:trojan-activity;sid:83751993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888657)"; flow:established,from_client; content:"GET"; http_method; content:"/nn.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.223.22.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888657/; classtype:trojan-activity;sid:83751757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888648)"; flow:established,from_client; content:"GET"; http_method; content:"/q.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"149.102.147.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888648/; classtype:trojan-activity;sid:83751748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888500)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"120.46.35.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888500/; classtype:trojan-activity;sid:83751600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888481)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.35.99.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888481/; classtype:trojan-activity;sid:83751581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888480)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"124.71.73.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888480/; classtype:trojan-activity;sid:83751580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888479)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"58.215.245.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888479/; classtype:trojan-activity;sid:83751579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888476)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"59.175.183.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888476/; classtype:trojan-activity;sid:83751576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888475)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.160.249.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888475/; classtype:trojan-activity;sid:83751575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888474)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.2.65.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888474/; classtype:trojan-activity;sid:83751574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888471)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"106.52.247.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888471/; classtype:trojan-activity;sid:83751571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888469)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"222.244.110.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888469/; classtype:trojan-activity;sid:83751569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888463)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"118.178.133.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888463/; classtype:trojan-activity;sid:83751563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888461)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"119.45.173.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888461/; classtype:trojan-activity;sid:83751561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888460)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.2.65.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888460/; classtype:trojan-activity;sid:83751560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888459)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"112.27.189.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888459/; classtype:trojan-activity;sid:83751559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888458)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.2.65.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888458/; classtype:trojan-activity;sid:83751558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888457)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"202.155.196.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888457/; classtype:trojan-activity;sid:83751557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888456)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.2.65.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888456/; classtype:trojan-activity;sid:83751556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888447)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"115.28.26.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888447/; classtype:trojan-activity;sid:83751547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888448)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.142.91.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888448/; classtype:trojan-activity;sid:83751548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888445)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.2.65.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888445/; classtype:trojan-activity;sid:83751545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888444)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"124.67.254.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888444/; classtype:trojan-activity;sid:83751544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888443)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"61.182.69.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888443/; classtype:trojan-activity;sid:83751543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888440)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"139.159.155.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888440/; classtype:trojan-activity;sid:83751540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888438)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"139.159.155.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888438/; classtype:trojan-activity;sid:83751538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888431)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"61.163.102.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888431/; classtype:trojan-activity;sid:83751531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888267)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.108.182.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888267/; classtype:trojan-activity;sid:83751367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888266)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.108.182.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888266/; classtype:trojan-activity;sid:83751366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888264)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.108.182.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888264/; classtype:trojan-activity;sid:83751364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888260)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.108.182.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888260/; classtype:trojan-activity;sid:83751360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888261)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.108.182.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888261/; classtype:trojan-activity;sid:83751361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888263)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.108.182.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888263/; classtype:trojan-activity;sid:83751363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888257)"; flow:established,from_client; content:"GET"; http_method; content:"/products/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.162.43.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888257/; classtype:trojan-activity;sid:83751357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888254)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.162.43.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888254/; classtype:trojan-activity;sid:83751354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888251)"; flow:established,from_client; content:"GET"; http_method; content:"/products/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"193.162.43.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888251/; classtype:trojan-activity;sid:83751351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888252)"; flow:established,from_client; content:"GET"; http_method; content:"/products/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.162.43.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888252/; classtype:trojan-activity;sid:83751352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888253)"; flow:established,from_client; content:"GET"; http_method; content:"/products/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"193.162.43.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888253/; classtype:trojan-activity;sid:83751353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888247)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.162.43.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888247/; classtype:trojan-activity;sid:83751347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888248)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.162.43.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888248/; classtype:trojan-activity;sid:83751348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888249)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.162.43.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888249/; classtype:trojan-activity;sid:83751349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888250)"; flow:established,from_client; content:"GET"; http_method; content:"/products/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"193.162.43.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888250/; classtype:trojan-activity;sid:83751350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888078)"; flow:established,from_client; content:"GET"; http_method; content:"/mybay1/hellminer-win64/main/hellminer.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888078/; classtype:trojan-activity;sid:83751178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888077)"; flow:established,from_client; content:"GET"; http_method; content:"/mybay1/hellminer-win64/raw/main/hellminer.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888077/; classtype:trojan-activity;sid:83751177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888072)"; flow:established,from_client; content:"GET"; http_method; content:"/mybay1/config/raw/main/advancedrun.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888072/; classtype:trojan-activity;sid:83751172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888073)"; flow:established,from_client; content:"GET"; http_method; content:"/mybay1/config/main/script-ps"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888073/; classtype:trojan-activity;sid:83751173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888074)"; flow:established,from_client; content:"GET"; http_method; content:"/mybay1/nircmd-nircmd/raw/main/nircmd.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888074/; classtype:trojan-activity;sid:83751174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888075)"; flow:established,from_client; content:"GET"; http_method; content:"/mybay1/hellminer-win64/raw/main/verus-solver.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888075/; classtype:trojan-activity;sid:83751175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888076)"; flow:established,from_client; content:"GET"; http_method; content:"/mybay1/hellminer-win64/main/verus-solver.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888076/; classtype:trojan-activity;sid:83751176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888067)"; flow:established,from_client; content:"GET"; http_method; content:"/mybay1/config/raw/main/disable_all_windows_security_notifications_for_all_users.reg"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888067/; classtype:trojan-activity;sid:83751167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888068)"; flow:established,from_client; content:"GET"; http_method; content:"/mybay1/config/main/start-miner.bat"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888068/; classtype:trojan-activity;sid:83751168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888070)"; flow:established,from_client; content:"GET"; http_method; content:"/mybay1/nircmd-nircmd/main/nircmd.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888070/; classtype:trojan-activity;sid:83751170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888071)"; flow:established,from_client; content:"GET"; http_method; content:"/mybay1/config/main/advancedrun.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888071/; classtype:trojan-activity;sid:83751171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888065)"; flow:established,from_client; content:"GET"; http_method; content:"/mybay1/config/main/disable_all_windows_security_notifications_for_all_users.reg"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888065/; classtype:trojan-activity;sid:83751165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888016)"; flow:established,from_client; content:"GET"; http_method; content:"/ade4f437.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"106.14.143.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888016/; classtype:trojan-activity;sid:83751116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888012)"; flow:established,from_client; content:"GET"; http_method; content:"/ade4f437.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"49.232.20.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888012/; classtype:trojan-activity;sid:83751112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888001)"; flow:established,from_client; content:"GET"; http_method; content:"/asusdebug.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"106.14.143.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888001/; classtype:trojan-activity;sid:83751101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2886550)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"24.109.148.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_13; reference:url, urlhaus.abuse.ch/url/2886550/; classtype:trojan-activity;sid:83749650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2886333)"; flow:established,from_client; content:"GET"; http_method; content:"/xcrtcuidlq29.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"109.248.151.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_13; reference:url, urlhaus.abuse.ch/url/2886333/; classtype:trojan-activity;sid:83749433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2885860)"; flow:established,from_client; content:"GET"; http_method; content:"/brunovale03/adegaads/main/offeredbuilt.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_13; reference:url, urlhaus.abuse.ch/url/2885860/; classtype:trojan-activity;sid:83748960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2885017)"; flow:established,from_client; content:"GET"; http_method; content:"/smug246/luna-grabber-injection/main/injection-obfuscated.js"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_12; reference:url, urlhaus.abuse.ch/url/2885017/; classtype:trojan-activity;sid:83748117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2885006)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.39.146.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_12; reference:url, urlhaus.abuse.ch/url/2885006/; classtype:trojan-activity;sid:83748106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2884532)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"147.45.47.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_12; reference:url, urlhaus.abuse.ch/url/2884532/; classtype:trojan-activity;sid:83747632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2884517)"; flow:established,from_client; content:"GET"; http_method; content:"/watchdog.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"147.45.47.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_12; reference:url, urlhaus.abuse.ch/url/2884517/; classtype:trojan-activity;sid:83747617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2883765)"; flow:established,from_client; content:"GET"; http_method; content:"/uphoarding.hhp"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.atordeg.com.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_06_11; reference:url, urlhaus.abuse.ch/url/2883765/; classtype:trojan-activity;sid:83746865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2883708)"; flow:established,from_client; content:"GET"; http_method; content:"/sirvivor32/sirvivor/main/lukejazz.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_11; reference:url, urlhaus.abuse.ch/url/2883708/; classtype:trojan-activity;sid:83746808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2883029)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1qjelrqkppetcr9jqmqsmjr0vgbpipvrh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_11; reference:url, urlhaus.abuse.ch/url/2883029/; classtype:trojan-activity;sid:83746129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2883027)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1the4ifkgjuyy5svnu6u_kmffxomo6y55"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_11; reference:url, urlhaus.abuse.ch/url/2883027/; classtype:trojan-activity;sid:83746127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2882403)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"171.247.215.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_10; reference:url, urlhaus.abuse.ch/url/2882403/; classtype:trojan-activity;sid:83745503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2882153)"; flow:established,from_client; content:"GET"; http_method; content:"/payloads/dmshell.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"172.105.66.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_10; reference:url, urlhaus.abuse.ch/url/2882153/; classtype:trojan-activity;sid:83745253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2881923)"; flow:established,from_client; content:"GET"; http_method; content:"/conhost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"147.45.47.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_10; reference:url, urlhaus.abuse.ch/url/2881923/; classtype:trojan-activity;sid:83745023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2881832)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/gravity_forms/h/d/b/g/xxfpgknqacxparvna127.bin"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"www.innovativebuildingsolutions.in"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_06_10; reference:url, urlhaus.abuse.ch/url/2881832/; classtype:trojan-activity;sid:83744932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2881830)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/gravity_forms/h/d/b/g/skilret158.emz"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"www.innovativebuildingsolutions.in"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_06_10; reference:url, urlhaus.abuse.ch/url/2881830/; classtype:trojan-activity;sid:83744930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2881768)"; flow:established,from_client; content:"GET"; http_method; content:"/cg100/update.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_06_10; reference:url, urlhaus.abuse.ch/url/2881768/; classtype:trojan-activity;sid:83744868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2881081)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.149.165.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_09; reference:url, urlhaus.abuse.ch/url/2881081/; classtype:trojan-activity;sid:83744181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2880903)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.225.84.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_09; reference:url, urlhaus.abuse.ch/url/2880903/; classtype:trojan-activity;sid:83744003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879955)"; flow:established,from_client; content:"GET"; http_method; content:"/unp%20setup.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"36.138.125.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879955/; classtype:trojan-activity;sid:83743055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879934)"; flow:established,from_client; content:"GET"; http_method; content:"/19288exe.rar"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"148.135.35.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879934/; classtype:trojan-activity;sid:83743034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879926)"; flow:established,from_client; content:"GET"; http_method; content:"/ladon401.rar"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"148.135.35.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879926/; classtype:trojan-activity;sid:83743026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879904)"; flow:established,from_client; content:"GET"; http_method; content:"//c.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.70.149.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879904/; classtype:trojan-activity;sid:83743004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879895)"; flow:established,from_client; content:"GET"; http_method; content:"/1001.jpg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"109.199.101.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879895/; classtype:trojan-activity;sid:83742995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879886)"; flow:established,from_client; content:"GET"; http_method; content:"/pwnkit"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.71.224.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879886/; classtype:trojan-activity;sid:83742986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879883)"; flow:established,from_client; content:"GET"; http_method; content:"/pwnkit"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.204.132.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879883/; classtype:trojan-activity;sid:83742983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879850)"; flow:established,from_client; content:"GET"; http_method; content:"/fscan_386"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.51.240.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879850/; classtype:trojan-activity;sid:83742950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879846)"; flow:established,from_client; content:"GET"; http_method; content:"/cve/cve-2021-4034"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879846/; classtype:trojan-activity;sid:83742946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879845)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/test.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879845/; classtype:trojan-activity;sid:83742945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879842)"; flow:established,from_client; content:"GET"; http_method; content:"/sqltools.rar"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"148.135.35.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879842/; classtype:trojan-activity;sid:83742942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879773)"; flow:established,from_client; content:"GET"; http_method; content:"/q.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"149.102.147.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879773/; classtype:trojan-activity;sid:83742873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879683)"; flow:established,from_client; content:"GET"; http_method; content:"/shellcode"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"101.101.160.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879683/; classtype:trojan-activity;sid:83742783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879655)"; flow:established,from_client; content:"GET"; http_method; content:"/sharphound.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"92.127.156.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879655/; classtype:trojan-activity;sid:83742755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879531)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"24.149.81.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879531/; classtype:trojan-activity;sid:83742631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879122)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.75.33.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879122/; classtype:trojan-activity;sid:83742222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2878143)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.106.91.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_07; reference:url, urlhaus.abuse.ch/url/2878143/; classtype:trojan-activity;sid:83741243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877962)"; flow:established,from_client; content:"GET"; http_method; content:"/images/8fc809.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"jtpdev.co.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_07; reference:url, urlhaus.abuse.ch/url/2877962/; classtype:trojan-activity;sid:83741062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877890)"; flow:established,from_client; content:"GET"; http_method; content:"/ustaxes/ustaxes/files/15421286/2022and2023taxdocuments.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_07; reference:url, urlhaus.abuse.ch/url/2877890/; classtype:trojan-activity;sid:83740990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877697)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"123.110.57.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_06; reference:url, urlhaus.abuse.ch/url/2877697/; classtype:trojan-activity;sid:83740797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877425)"; flow:established,from_client; content:"GET"; http_method; content:"/images/8fc809.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"jtpdev.co.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_06; reference:url, urlhaus.abuse.ch/url/2877425/; classtype:trojan-activity;sid:83740525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877333)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|resid=be74a2a80f46402f%21108|7c|26|7c|authkey=!apakrcjm7r_t5aa"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_06_06; reference:url, urlhaus.abuse.ch/url/2877333/; classtype:trojan-activity;sid:83740433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877319)"; flow:established,from_client; content:"GET"; http_method; content:"/slade107.psm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"karoonpc.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_06; reference:url, urlhaus.abuse.ch/url/2877319/; classtype:trojan-activity;sid:83740419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877305)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/1311"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.138.183.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_06; reference:url, urlhaus.abuse.ch/url/2877305/; classtype:trojan-activity;sid:83740405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2876256)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.132.102.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_05; reference:url, urlhaus.abuse.ch/url/2876256/; classtype:trojan-activity;sid:83739356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2876151)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.9.30.119"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_05; reference:url, urlhaus.abuse.ch/url/2876151/; classtype:trojan-activity;sid:83739251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2875723)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/zqwer/dllxf3.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_05; reference:url, urlhaus.abuse.ch/url/2875723/; classtype:trojan-activity;sid:83738823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2875722)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/zqwer/pef3dir.txt"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_05; reference:url, urlhaus.abuse.ch/url/2875722/; classtype:trojan-activity;sid:83738822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2875370)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.149.165.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_05; reference:url, urlhaus.abuse.ch/url/2875370/; classtype:trojan-activity;sid:83738470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874516)"; flow:established,from_client; content:"GET"; http_method; content:"/o.elf"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"reusable-flex.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874516/; classtype:trojan-activity;sid:83737616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874515)"; flow:established,from_client; content:"GET"; http_method; content:"/bao3125/32/main/d-obf.bat"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874515/; classtype:trojan-activity;sid:83737615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874191)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.217.109.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874191/; classtype:trojan-activity;sid:83737291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874113)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/gravity_forms/h/d/b/g/archvisitor.cur"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"www.innovativebuildingsolutions.in"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874113/; classtype:trojan-activity;sid:83737213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874107)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=19nonxskhmwbvfxpr2ccmwd9xrhz1ldco"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874107/; classtype:trojan-activity;sid:83737207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874102)"; flow:established,from_client; content:"GET"; http_method; content:"/walesboller.pcx"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"karoonpc.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874102/; classtype:trojan-activity;sid:83737202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2873811)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.118.112.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2873811/; classtype:trojan-activity;sid:83736911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2873022)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/wowpg1oatbah46366ug5n/cheatrun_is.zip|3f|rlkey=dbrm55ylg3gy4bby3zf9zxfih|7c|26|7c|st=0mn4yho2|7c|26|7c|dl=0"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_03; reference:url, urlhaus.abuse.ch/url/2873022/; classtype:trojan-activity;sid:83736122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2872943)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|resid=7eb674a88ccf381d%21552|7c|26|7c|authkey=!ah8ykhc8fseogq0"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_06_03; reference:url, urlhaus.abuse.ch/url/2872943/; classtype:trojan-activity;sid:83736043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2872938)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|resid=7eb674a88ccf381d%21554|7c|26|7c|authkey=!al2jzv2j-kuxnxi"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_06_03; reference:url, urlhaus.abuse.ch/url/2872938/; classtype:trojan-activity;sid:83736038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2872939)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|resid=7eb674a88ccf381d%21553|7c|26|7c|authkey=!am3kf8wmh98xn0y"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_06_03; reference:url, urlhaus.abuse.ch/url/2872939/; classtype:trojan-activity;sid:83736039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2872937)"; flow:established,from_client; content:"GET"; http_method; content:"/sakulya.ttf"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"criapediatria.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_06_03; reference:url, urlhaus.abuse.ch/url/2872937/; classtype:trojan-activity;sid:83736037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2872936)"; flow:established,from_client; content:"GET"; http_method; content:"/diucjt232.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"criapediatria.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_06_03; reference:url, urlhaus.abuse.ch/url/2872936/; classtype:trojan-activity;sid:83736036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2872931)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/gravity_forms/h/d/b/g/iyabkwohzxhpu151.bin"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"www.innovativebuildingsolutions.in"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_06_03; reference:url, urlhaus.abuse.ch/url/2872931/; classtype:trojan-activity;sid:83736031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2872929)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/gravity_forms/h/d/b/g/udplantningen.u32"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"www.innovativebuildingsolutions.in"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_06_03; reference:url, urlhaus.abuse.ch/url/2872929/; classtype:trojan-activity;sid:83736029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2872895)"; flow:established,from_client; content:"GET"; http_method; content:"/win.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"110.42.248.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_03; reference:url, urlhaus.abuse.ch/url/2872895/; classtype:trojan-activity;sid:83735995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2871943)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"39.174.238.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_02; reference:url, urlhaus.abuse.ch/url/2871943/; classtype:trojan-activity;sid:83735043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2871782)"; flow:established,from_client; content:"GET"; http_method; content:"/iterative/scp/3.7.1.0516/shared/scp.desktop.client.issueview.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"es-update.digiwincloud.com.cn"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_06_02; reference:url, urlhaus.abuse.ch/url/2871782/; classtype:trojan-activity;sid:83734882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2871411)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=18opq2_cuhgvezldmmbuzkt3tp3u8sgr_"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_01; reference:url, urlhaus.abuse.ch/url/2871411/; classtype:trojan-activity;sid:83734511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2871410)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12gxtnsqsjokneqetkvk1a99fni-es6ir"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_01; reference:url, urlhaus.abuse.ch/url/2871410/; classtype:trojan-activity;sid:83734510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870381)"; flow:established,from_client; content:"GET"; http_method; content:"/totalsecurity/360ts_setup_mini_ww.peter.cpi202405_6.6.0.1060.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"free.360totalsecurity.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870381/; classtype:trojan-activity;sid:83733481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.229.174.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870335/; classtype:trojan-activity;sid:83733435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.229.174.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870316/; classtype:trojan-activity;sid:83733416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870242)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1pvgvrcomccqllrfbaaxotcp-gyyh3onz"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870242/; classtype:trojan-activity;sid:83733342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870240)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ur2ibphmxipkxb5ernf34acfzzj2jga4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870240/; classtype:trojan-activity;sid:83733340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870241)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1mtywxnmyuae6tez8rxi5wguzpkogpolg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870241/; classtype:trojan-activity;sid:83733341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870238)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1q2fszfukk1d8mxwia7wy6u4fse2vz07h"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870238/; classtype:trojan-activity;sid:83733338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wsqkirdngjlt8uu2lv9mzciks4my12jh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870235/; classtype:trojan-activity;sid:83733335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870236)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=189v0fzraz5hlsqtg0u3kqk-8sytfofju"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870236/; classtype:trojan-activity;sid:83733336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870229)"; flow:established,from_client; content:"GET"; http_method; content:"/download/40/4a6ca328-7888-3279-b672-d1d9d0a46ee2/gta_v.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"softcatalog.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870229/; classtype:trojan-activity;sid:83733329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870209)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"220.92.223.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870209/; classtype:trojan-activity;sid:83733309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869849)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.91.25.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869849/; classtype:trojan-activity;sid:83732949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869844)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.91.25.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869844/; classtype:trojan-activity;sid:83732944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869702)"; flow:established,from_client; content:"GET"; http_method; content:"/sheksweet/sheksweet1/main/rambledmime.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869702/; classtype:trojan-activity;sid:83732802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869638)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.214.81.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869638/; classtype:trojan-activity;sid:83732738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869439)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/win"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"47.98.188.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2869439/; classtype:trojan-activity;sid:83732539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869436)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/rssh"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"222.88.186.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2869436/; classtype:trojan-activity;sid:83732536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868847)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/dahmfv126.bin"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"dnvk1.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868847/; classtype:trojan-activity;sid:83731947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868723)"; flow:established,from_client; content:"GET"; http_method; content:"/a.i_1003h.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"221.143.49.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868723/; classtype:trojan-activity;sid:83731823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868722)"; flow:established,from_client; content:"GET"; http_method; content:"/batch.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.99.131.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868722/; classtype:trojan-activity;sid:83731822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868720)"; flow:established,from_client; content:"GET"; http_method; content:"/coreminer-linux-x86_64.tar.gz"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"39.99.131.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868720/; classtype:trojan-activity;sid:83731820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868719)"; flow:established,from_client; content:"GET"; http_method; content:"/powershell/start-powershellfordopaddcrontab.psl"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"39.99.131.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868719/; classtype:trojan-activity;sid:83731819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868710)"; flow:established,from_client; content:"GET"; http_method; content:"/powershell/start-powershellfordop.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"39.99.131.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868710/; classtype:trojan-activity;sid:83731810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868714)"; flow:established,from_client; content:"GET"; http_method; content:"/powershell/start-powershellxlies.txt"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"39.99.131.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868714/; classtype:trojan-activity;sid:83731814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868624)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.185.229.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868624/; classtype:trojan-activity;sid:83731724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868531)"; flow:established,from_client; content:"GET"; http_method; content:"/zlibirarydztsg.apk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"1.bdl99down.kukulaa.cn"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868531/; classtype:trojan-activity;sid:83731631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868133)"; flow:established,from_client; content:"GET"; http_method; content:"/clearkhdyy.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"36.249.46.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_29; reference:url, urlhaus.abuse.ch/url/2868133/; classtype:trojan-activity;sid:83731233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868132)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/4887fro36c2bdkkhpysx6/cheatrun_is.zip|3f|rlkey=kxh3zmbphzh2pwgyuto8f3vcb|7c|26|7c|st=m241yvsn|7c|26|7c|dl=0"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_29; reference:url, urlhaus.abuse.ch/url/2868132/; classtype:trojan-activity;sid:83731232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868131)"; flow:established,from_client; content:"GET"; http_method; content:"/delhosts.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"36.249.46.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_29; reference:url, urlhaus.abuse.ch/url/2868131/; classtype:trojan-activity;sid:83731231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868079)"; flow:established,from_client; content:"GET"; http_method; content:"/delhosts.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.23.215.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_29; reference:url, urlhaus.abuse.ch/url/2868079/; classtype:trojan-activity;sid:83731179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868078)"; flow:established,from_client; content:"GET"; http_method; content:"/clearkhdyy.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"58.23.215.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_29; reference:url, urlhaus.abuse.ch/url/2868078/; classtype:trojan-activity;sid:83731178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867761)"; flow:established,from_client; content:"GET"; http_method; content:"/mipshell"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.141.35.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_29; reference:url, urlhaus.abuse.ch/url/2867761/; classtype:trojan-activity;sid:83730861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867758)"; flow:established,from_client; content:"GET"; http_method; content:"/mipselshell"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"209.141.35.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_29; reference:url, urlhaus.abuse.ch/url/2867758/; classtype:trojan-activity;sid:83730858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867270)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmed45sh/flutter-movie/master/crypted_c360a5b7.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867270/; classtype:trojan-activity;sid:83730370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867236)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmed45sh/apple-replica-starter-files/master/apple-replica/zintask.exe"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867236/; classtype:trojan-activity;sid:83730336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867204)"; flow:established,from_client; content:"GET"; http_method; content:"/111"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867204/; classtype:trojan-activity;sid:83730304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867194)"; flow:established,from_client; content:"GET"; http_method; content:"/bbb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867194/; classtype:trojan-activity;sid:83730294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867195)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867195/; classtype:trojan-activity;sid:83730295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867196)"; flow:established,from_client; content:"GET"; http_method; content:"/222"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867196/; classtype:trojan-activity;sid:83730296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867197)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867197/; classtype:trojan-activity;sid:83730297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867198)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867198/; classtype:trojan-activity;sid:83730298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867199)"; flow:established,from_client; content:"GET"; http_method; content:"/c6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867199/; classtype:trojan-activity;sid:83730299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867200)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867200/; classtype:trojan-activity;sid:83730300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867201)"; flow:established,from_client; content:"GET"; http_method; content:"/33"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867201/; classtype:trojan-activity;sid:83730301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867202)"; flow:established,from_client; content:"GET"; http_method; content:"/bb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867202/; classtype:trojan-activity;sid:83730302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867203)"; flow:established,from_client; content:"GET"; http_method; content:"/cc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867203/; classtype:trojan-activity;sid:83730303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2866516)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.215.248.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2866516/; classtype:trojan-activity;sid:83729616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865473)"; flow:established,from_client; content:"GET"; http_method; content:"/download/cli/latest/linux_armv7l/pawns-cli"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"cdn.pawns.app"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865473/; classtype:trojan-activity;sid:83728573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865442)"; flow:established,from_client; content:"GET"; http_method; content:"/ggws_upload.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865442/; classtype:trojan-activity;sid:83728542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865272)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthbq.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865272/; classtype:trojan-activity;sid:83728372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865273)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthupload.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865273/; classtype:trojan-activity;sid:83728373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865241)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthupdate.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865241/; classtype:trojan-activity;sid:83728341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864267)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864267/; classtype:trojan-activity;sid:83727367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864266)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.241.74.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864266/; classtype:trojan-activity;sid:83727366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864260)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"3.109.239.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864260/; classtype:trojan-activity;sid:83727360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864261)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.42.198.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864261/; classtype:trojan-activity;sid:83727361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864262)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.143.139.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864262/; classtype:trojan-activity;sid:83727362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864256)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"24.120.175.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864256/; classtype:trojan-activity;sid:83727356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864245)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.42.198.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864245/; classtype:trojan-activity;sid:83727345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864246)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.139.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864246/; classtype:trojan-activity;sid:83727346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864247)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864247/; classtype:trojan-activity;sid:83727347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864249)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864249/; classtype:trojan-activity;sid:83727349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864252)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.42.198.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864252/; classtype:trojan-activity;sid:83727352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864253)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"162.191.190.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864253/; classtype:trojan-activity;sid:83727353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864254)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864254/; classtype:trojan-activity;sid:83727354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864255)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.139.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864255/; classtype:trojan-activity;sid:83727355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864244)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.247.206.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864244/; classtype:trojan-activity;sid:83727344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863534)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863534/; classtype:trojan-activity;sid:83726634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863383)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"183.171.48.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863383/; classtype:trojan-activity;sid:83726483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863375)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"50.175.37.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863375/; classtype:trojan-activity;sid:83726475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863372)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"221.10.233.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863372/; classtype:trojan-activity;sid:83726472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863373)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.88.50.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863373/; classtype:trojan-activity;sid:83726473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863371)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863371/; classtype:trojan-activity;sid:83726471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863363)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.85.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863363/; classtype:trojan-activity;sid:83726463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863366)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863366/; classtype:trojan-activity;sid:83726466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863359)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.112.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863359/; classtype:trojan-activity;sid:83726459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863360)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863360/; classtype:trojan-activity;sid:83726460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863362)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.112.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863362/; classtype:trojan-activity;sid:83726462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863358)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863358/; classtype:trojan-activity;sid:83726458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863357)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"50.175.37.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863357/; classtype:trojan-activity;sid:83726457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863354)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.88.50.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863354/; classtype:trojan-activity;sid:83726454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863355)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.88.50.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863355/; classtype:trojan-activity;sid:83726455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863341)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.108.58.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863341/; classtype:trojan-activity;sid:83726441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863342)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863342/; classtype:trojan-activity;sid:83726442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863343)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"162.191.190.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863343/; classtype:trojan-activity;sid:83726443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863345)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863345/; classtype:trojan-activity;sid:83726445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863346)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.43.19.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863346/; classtype:trojan-activity;sid:83726446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863323)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863323/; classtype:trojan-activity;sid:83726423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863326)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863326/; classtype:trojan-activity;sid:83726426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863328)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.135.42.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863328/; classtype:trojan-activity;sid:83726428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863331)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863331/; classtype:trojan-activity;sid:83726431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863332)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.76.12.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863332/; classtype:trojan-activity;sid:83726432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863333)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.77.57.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863333/; classtype:trojan-activity;sid:83726433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863334)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.49.168.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863334/; classtype:trojan-activity;sid:83726434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863335)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.112.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863335/; classtype:trojan-activity;sid:83726435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863339)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.112.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863339/; classtype:trojan-activity;sid:83726439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863340)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863340/; classtype:trojan-activity;sid:83726440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863321)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.135.42.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863321/; classtype:trojan-activity;sid:83726421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863322)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.135.42.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863322/; classtype:trojan-activity;sid:83726422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862297)"; flow:established,from_client; content:"GET"; http_method; content:"/wxijgyp.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"bafybeicoo7kwhmnl6q7prd65aimf5byzrihrklgviebm2pkyzyepdaigf4.ipfs.dweb.link"; http_host; depth:74; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862297/; classtype:trojan-activity;sid:83725397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862260)"; flow:established,from_client; content:"GET"; http_method; content:"/twsyquusdi4tqgwyy527277727q7qq7qeuingyujo.doc"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"bafybeidc67axv337ni24dprmx7f42twqeqrvahpmhogdtawzng5eytszme.ipfs.dweb.link"; http_host; depth:74; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862260/; classtype:trojan-activity;sid:83725360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862108)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"182.239.84.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862108/; classtype:trojan-activity;sid:83725208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862101)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"182.239.84.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862101/; classtype:trojan-activity;sid:83725201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862102)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"182.239.84.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862102/; classtype:trojan-activity;sid:83725202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862103)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"194.105.59.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862103/; classtype:trojan-activity;sid:83725203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862104)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"182.239.84.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862104/; classtype:trojan-activity;sid:83725204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862105)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"182.239.84.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862105/; classtype:trojan-activity;sid:83725205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862106)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"182.239.84.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862106/; classtype:trojan-activity;sid:83725206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862107)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"125.168.166.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862107/; classtype:trojan-activity;sid:83725207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862050)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/8gikly"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862050/; classtype:trojan-activity;sid:83725150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862051)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/medjl1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862051/; classtype:trojan-activity;sid:83725151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862052)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/dy1f16"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862052/; classtype:trojan-activity;sid:83725152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862053)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/kx3wl4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862053/; classtype:trojan-activity;sid:83725153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862054)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/ppxodm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862054/; classtype:trojan-activity;sid:83725154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862055)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/e7opy8"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862055/; classtype:trojan-activity;sid:83725155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862056)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/7dhid7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862056/; classtype:trojan-activity;sid:83725156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862049)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/tbfvpd"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862049/; classtype:trojan-activity;sid:83725149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862046)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/6f2c5c"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862046/; classtype:trojan-activity;sid:83725146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862047)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/g2js91"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862047/; classtype:trojan-activity;sid:83725147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862044)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/lt00vw"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862044/; classtype:trojan-activity;sid:83725144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862045)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/i7tdbr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862045/; classtype:trojan-activity;sid:83725145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862043)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/3a9xj1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862043/; classtype:trojan-activity;sid:83725143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862042)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/wyg3h5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862042/; classtype:trojan-activity;sid:83725142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862022)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.3.211.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862022/; classtype:trojan-activity;sid:83725122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862020)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.216.105.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862020/; classtype:trojan-activity;sid:83725120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862018)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.62.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862018/; classtype:trojan-activity;sid:83725118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862016)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.147.175.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862016/; classtype:trojan-activity;sid:83725116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862017)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862017/; classtype:trojan-activity;sid:83725117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862002)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.239.84.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862002/; classtype:trojan-activity;sid:83725102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862004)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862004/; classtype:trojan-activity;sid:83725104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862005)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.202.0.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862005/; classtype:trojan-activity;sid:83725105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862007)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862007/; classtype:trojan-activity;sid:83725107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862009)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862009/; classtype:trojan-activity;sid:83725109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862010)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"166.144.131.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862010/; classtype:trojan-activity;sid:83725110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862011)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.223.106.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862011/; classtype:trojan-activity;sid:83725111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862013)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"39.175.56.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862013/; classtype:trojan-activity;sid:83725113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862014)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862014/; classtype:trojan-activity;sid:83725114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861994)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.113.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861994/; classtype:trojan-activity;sid:83725094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861995)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.158.46.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861995/; classtype:trojan-activity;sid:83725095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861996)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.127.22.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861996/; classtype:trojan-activity;sid:83725096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861998)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.85.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861998/; classtype:trojan-activity;sid:83725098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861999)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.112.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861999/; classtype:trojan-activity;sid:83725099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861990)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.158.46.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861990/; classtype:trojan-activity;sid:83725090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861992)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.76.12.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861992/; classtype:trojan-activity;sid:83725092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861988)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.30.201.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861988/; classtype:trojan-activity;sid:83725088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861989)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861989/; classtype:trojan-activity;sid:83725089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861986)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.147.175.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861986/; classtype:trojan-activity;sid:83725086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861987)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861987/; classtype:trojan-activity;sid:83725087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861977)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.239.84.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861977/; classtype:trojan-activity;sid:83725077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861978)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.165.122.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861978/; classtype:trojan-activity;sid:83725078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861980)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.223.106.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861980/; classtype:trojan-activity;sid:83725080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861982)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861982/; classtype:trojan-activity;sid:83725082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861985)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.147.175.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861985/; classtype:trojan-activity;sid:83725085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861962)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.125.243.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861962/; classtype:trojan-activity;sid:83725062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861967)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.145.144.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861967/; classtype:trojan-activity;sid:83725067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861968)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.76.12.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861968/; classtype:trojan-activity;sid:83725068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861969)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"39.175.56.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861969/; classtype:trojan-activity;sid:83725069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861970)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.220.108.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861970/; classtype:trojan-activity;sid:83725070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861971)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"132.255.192.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861971/; classtype:trojan-activity;sid:83725071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861972)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"39.175.56.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861972/; classtype:trojan-activity;sid:83725072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861974)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861974/; classtype:trojan-activity;sid:83725074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861953)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.113.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861953/; classtype:trojan-activity;sid:83725053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861956)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.26.194.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861956/; classtype:trojan-activity;sid:83725056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861958)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861958/; classtype:trojan-activity;sid:83725058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861959)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861959/; classtype:trojan-activity;sid:83725059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861951)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.84.167.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861951/; classtype:trojan-activity;sid:83725051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861950)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.47.248.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861950/; classtype:trojan-activity;sid:83725050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861946)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861946/; classtype:trojan-activity;sid:83725046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861948)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861948/; classtype:trojan-activity;sid:83725048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861949)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14stirling.dyndns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861949/; classtype:trojan-activity;sid:83725049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861916)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.254.244.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861916/; classtype:trojan-activity;sid:83725016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861917)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.199.4.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861917/; classtype:trojan-activity;sid:83725017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861918)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.113.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861918/; classtype:trojan-activity;sid:83725018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861919)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861919/; classtype:trojan-activity;sid:83725019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861922)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.196.96.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861922/; classtype:trojan-activity;sid:83725022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861923)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861923/; classtype:trojan-activity;sid:83725023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861925)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.60.186.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861925/; classtype:trojan-activity;sid:83725025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861929)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.230.215.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861929/; classtype:trojan-activity;sid:83725029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861930)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.134.214.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861930/; classtype:trojan-activity;sid:83725030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861931)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861931/; classtype:trojan-activity;sid:83725031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861932)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861932/; classtype:trojan-activity;sid:83725032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861933)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.239.84.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861933/; classtype:trojan-activity;sid:83725033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861934)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.239.84.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861934/; classtype:trojan-activity;sid:83725034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861935)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861935/; classtype:trojan-activity;sid:83725035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861938)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.99.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861938/; classtype:trojan-activity;sid:83725038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861939)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861939/; classtype:trojan-activity;sid:83725039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861940)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861940/; classtype:trojan-activity;sid:83725040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861941)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861941/; classtype:trojan-activity;sid:83725041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861943)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861943/; classtype:trojan-activity;sid:83725043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861944)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.234.218.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861944/; classtype:trojan-activity;sid:83725044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861945)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861945/; classtype:trojan-activity;sid:83725045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861913)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.23.174.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861913/; classtype:trojan-activity;sid:83725013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861914)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.85.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861914/; classtype:trojan-activity;sid:83725014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861915)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.112.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861915/; classtype:trojan-activity;sid:83725015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861910)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861910/; classtype:trojan-activity;sid:83725010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861888)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/dvbcvt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861888/; classtype:trojan-activity;sid:83724988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861887)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/exw2o1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861887/; classtype:trojan-activity;sid:83724987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861856)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861856/; classtype:trojan-activity;sid:83724956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861841)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861841/; classtype:trojan-activity;sid:83724941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861842)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861842/; classtype:trojan-activity;sid:83724942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861843)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861843/; classtype:trojan-activity;sid:83724943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861844)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861844/; classtype:trojan-activity;sid:83724944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861845)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861845/; classtype:trojan-activity;sid:83724945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861846)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"96.76.18.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861846/; classtype:trojan-activity;sid:83724946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861848)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"86.121.112.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861848/; classtype:trojan-activity;sid:83724948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861850)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861850/; classtype:trojan-activity;sid:83724950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861852)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.176.204.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861852/; classtype:trojan-activity;sid:83724952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861854)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861854/; classtype:trojan-activity;sid:83724954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861835)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"102.23.88.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861835/; classtype:trojan-activity;sid:83724935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861837)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"188.147.175.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861837/; classtype:trojan-activity;sid:83724937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861838)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861838/; classtype:trojan-activity;sid:83724938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861839)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861839/; classtype:trojan-activity;sid:83724939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861834)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.3.248.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861834/; classtype:trojan-activity;sid:83724934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861831)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.176.204.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861831/; classtype:trojan-activity;sid:83724931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861830)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"193.160.86.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861830/; classtype:trojan-activity;sid:83724930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861828)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"141.134.214.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861828/; classtype:trojan-activity;sid:83724928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861826)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861826/; classtype:trojan-activity;sid:83724926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861827)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"68.107.218.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861827/; classtype:trojan-activity;sid:83724927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861823)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.43.16.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861823/; classtype:trojan-activity;sid:83724923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861824)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861824/; classtype:trojan-activity;sid:83724924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861820)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861820/; classtype:trojan-activity;sid:83724920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861821)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"66.214.27.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861821/; classtype:trojan-activity;sid:83724921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861822)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861822/; classtype:trojan-activity;sid:83724922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861819)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861819/; classtype:trojan-activity;sid:83724919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861817)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"124.19.79.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861817/; classtype:trojan-activity;sid:83724917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861818)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.64.76.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861818/; classtype:trojan-activity;sid:83724918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861814)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861814/; classtype:trojan-activity;sid:83724914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861815)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"204.11.227.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861815/; classtype:trojan-activity;sid:83724915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861816)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.156.181.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861816/; classtype:trojan-activity;sid:83724916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861810)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"1.179.62.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861810/; classtype:trojan-activity;sid:83724910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861811)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.234.218.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861811/; classtype:trojan-activity;sid:83724911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861812)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861812/; classtype:trojan-activity;sid:83724912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861804)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"86.221.95.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861804/; classtype:trojan-activity;sid:83724904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861806)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.15.181.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861806/; classtype:trojan-activity;sid:83724906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861808)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861808/; classtype:trojan-activity;sid:83724908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861801)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"107.145.144.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861801/; classtype:trojan-activity;sid:83724901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861802)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861802/; classtype:trojan-activity;sid:83724902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861799)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861799/; classtype:trojan-activity;sid:83724899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861800)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861800/; classtype:trojan-activity;sid:83724900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861798)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"132.255.192.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861798/; classtype:trojan-activity;sid:83724898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861796)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861796/; classtype:trojan-activity;sid:83724896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861794)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861794/; classtype:trojan-activity;sid:83724894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861790)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861790/; classtype:trojan-activity;sid:83724890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861788)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.21.148.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861788/; classtype:trojan-activity;sid:83724888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861789)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.231.190.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861789/; classtype:trojan-activity;sid:83724889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861787)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"86.121.113.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861787/; classtype:trojan-activity;sid:83724887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861785)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861785/; classtype:trojan-activity;sid:83724885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861786)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861786/; classtype:trojan-activity;sid:83724886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861783)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.152.114.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861783/; classtype:trojan-activity;sid:83724883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861781)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861781/; classtype:trojan-activity;sid:83724881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861776)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861776/; classtype:trojan-activity;sid:83724876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861777)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861777/; classtype:trojan-activity;sid:83724877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861778)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861778/; classtype:trojan-activity;sid:83724878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861779)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861779/; classtype:trojan-activity;sid:83724879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861766)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"86.221.95.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861766/; classtype:trojan-activity;sid:83724866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861767)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"83.220.108.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861767/; classtype:trojan-activity;sid:83724867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861768)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"83.220.108.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861768/; classtype:trojan-activity;sid:83724868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861769)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"102.165.122.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861769/; classtype:trojan-activity;sid:83724869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861770)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861770/; classtype:trojan-activity;sid:83724870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861773)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861773/; classtype:trojan-activity;sid:83724873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861774)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"86.121.112.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861774/; classtype:trojan-activity;sid:83724874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861775)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.60.186.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861775/; classtype:trojan-activity;sid:83724875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861758)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861758/; classtype:trojan-activity;sid:83724858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861759)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.23.174.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861759/; classtype:trojan-activity;sid:83724859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861760)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"188.147.175.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861760/; classtype:trojan-activity;sid:83724860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861761)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861761/; classtype:trojan-activity;sid:83724861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861763)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861763/; classtype:trojan-activity;sid:83724863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861754)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.183.85.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861754/; classtype:trojan-activity;sid:83724854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861755)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861755/; classtype:trojan-activity;sid:83724855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861752)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.127.22.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861752/; classtype:trojan-activity;sid:83724852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861750)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861750/; classtype:trojan-activity;sid:83724850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861748)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"124.19.92.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861748/; classtype:trojan-activity;sid:83724848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861749)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861749/; classtype:trojan-activity;sid:83724849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861745)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861745/; classtype:trojan-activity;sid:83724845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861743)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861743/; classtype:trojan-activity;sid:83724843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861744)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"39.175.56.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861744/; classtype:trojan-activity;sid:83724844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861735)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861735/; classtype:trojan-activity;sid:83724835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861736)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861736/; classtype:trojan-activity;sid:83724836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861737)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861737/; classtype:trojan-activity;sid:83724837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861740)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861740/; classtype:trojan-activity;sid:83724840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861729)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861729/; classtype:trojan-activity;sid:83724829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861730)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.200.171.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861730/; classtype:trojan-activity;sid:83724830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861731)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"166.144.131.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861731/; classtype:trojan-activity;sid:83724831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861733)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861733/; classtype:trojan-activity;sid:83724833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861734)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861734/; classtype:trojan-activity;sid:83724834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861721)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861721/; classtype:trojan-activity;sid:83724821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861722)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"89.31.226.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861722/; classtype:trojan-activity;sid:83724822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861723)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"86.121.113.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861723/; classtype:trojan-activity;sid:83724823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861724)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"188.30.201.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861724/; classtype:trojan-activity;sid:83724824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861725)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861725/; classtype:trojan-activity;sid:83724825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861726)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861726/; classtype:trojan-activity;sid:83724826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861728)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"117.202.0.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861728/; classtype:trojan-activity;sid:83724828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861717)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"39.175.56.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861717/; classtype:trojan-activity;sid:83724817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861719)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"87.251.249.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861719/; classtype:trojan-activity;sid:83724819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861715)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"82.76.12.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861715/; classtype:trojan-activity;sid:83724815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861716)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"188.170.32.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861716/; classtype:trojan-activity;sid:83724816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861710)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.14.38.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861710/; classtype:trojan-activity;sid:83724810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861708)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.84.167.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861708/; classtype:trojan-activity;sid:83724808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861707)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"209.162.229.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861707/; classtype:trojan-activity;sid:83724807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861695)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"102.216.105.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861695/; classtype:trojan-activity;sid:83724795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861697)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"222.252.15.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861697/; classtype:trojan-activity;sid:83724797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861699)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"188.147.175.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861699/; classtype:trojan-activity;sid:83724799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861700)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"14stirling.dyndns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861700/; classtype:trojan-activity;sid:83724800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861702)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"188.147.175.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861702/; classtype:trojan-activity;sid:83724802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861703)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861703/; classtype:trojan-activity;sid:83724803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861682)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861682/; classtype:trojan-activity;sid:83724782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861683)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"117.202.0.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861683/; classtype:trojan-activity;sid:83724783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861684)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"62.45.143.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861684/; classtype:trojan-activity;sid:83724784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861685)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861685/; classtype:trojan-activity;sid:83724785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861686)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861686/; classtype:trojan-activity;sid:83724786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861687)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"124.19.77.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861687/; classtype:trojan-activity;sid:83724787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861688)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861688/; classtype:trojan-activity;sid:83724788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861689)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.125.243.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861689/; classtype:trojan-activity;sid:83724789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861692)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861692/; classtype:trojan-activity;sid:83724792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861693)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.3.248.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861693/; classtype:trojan-activity;sid:83724793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861680)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861680/; classtype:trojan-activity;sid:83724780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861674)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"84.199.4.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861674/; classtype:trojan-activity;sid:83724774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861675)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861675/; classtype:trojan-activity;sid:83724775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861676)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"209.162.229.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861676/; classtype:trojan-activity;sid:83724776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861677)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861677/; classtype:trojan-activity;sid:83724777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861678)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"96.76.18.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861678/; classtype:trojan-activity;sid:83724778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861671)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861671/; classtype:trojan-activity;sid:83724771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861672)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"36.95.166.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861672/; classtype:trojan-activity;sid:83724772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861670)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861670/; classtype:trojan-activity;sid:83724770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861669)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"86.221.95.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861669/; classtype:trojan-activity;sid:83724769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861668)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861668/; classtype:trojan-activity;sid:83724768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861666)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861666/; classtype:trojan-activity;sid:83724766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861667)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861667/; classtype:trojan-activity;sid:83724767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861662)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861662/; classtype:trojan-activity;sid:83724762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861663)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861663/; classtype:trojan-activity;sid:83724763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861664)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861664/; classtype:trojan-activity;sid:83724764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861652)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861652/; classtype:trojan-activity;sid:83724752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861655)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"36.67.155.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861655/; classtype:trojan-activity;sid:83724755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861657)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.173.70.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861657/; classtype:trojan-activity;sid:83724757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861659)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861659/; classtype:trojan-activity;sid:83724759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861660)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"39.175.56.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861660/; classtype:trojan-activity;sid:83724760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861661)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"212.3.211.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861661/; classtype:trojan-activity;sid:83724761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861643)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861643/; classtype:trojan-activity;sid:83724743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861644)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"84.29.231.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861644/; classtype:trojan-activity;sid:83724744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861640)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861640/; classtype:trojan-activity;sid:83724740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861641)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861641/; classtype:trojan-activity;sid:83724741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861632)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"86.122.141.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861632/; classtype:trojan-activity;sid:83724732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861633)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861633/; classtype:trojan-activity;sid:83724733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861634)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"83.220.108.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861634/; classtype:trojan-activity;sid:83724734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861636)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.47.248.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861636/; classtype:trojan-activity;sid:83724736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861637)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"102.223.106.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861637/; classtype:trojan-activity;sid:83724737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861629)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861629/; classtype:trojan-activity;sid:83724729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861630)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"109.158.46.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861630/; classtype:trojan-activity;sid:83724730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861627)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"86.121.113.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861627/; classtype:trojan-activity;sid:83724727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861628)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861628/; classtype:trojan-activity;sid:83724728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861626)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861626/; classtype:trojan-activity;sid:83724726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861611)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.23.174.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861611/; classtype:trojan-activity;sid:83724711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861612)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"102.23.88.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861612/; classtype:trojan-activity;sid:83724712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861613)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861613/; classtype:trojan-activity;sid:83724713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861614)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861614/; classtype:trojan-activity;sid:83724714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861615)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861615/; classtype:trojan-activity;sid:83724715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861616)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861616/; classtype:trojan-activity;sid:83724716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861617)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"161.43.205.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861617/; classtype:trojan-activity;sid:83724717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861619)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861619/; classtype:trojan-activity;sid:83724719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861620)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861620/; classtype:trojan-activity;sid:83724720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861622)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861622/; classtype:trojan-activity;sid:83724722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861624)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"1.179.62.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861624/; classtype:trojan-activity;sid:83724724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861595)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"82.148.194.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861595/; classtype:trojan-activity;sid:83724695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861597)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"69.75.168.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861597/; classtype:trojan-activity;sid:83724697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861598)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861598/; classtype:trojan-activity;sid:83724698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861601)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861601/; classtype:trojan-activity;sid:83724701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861602)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.21.148.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861602/; classtype:trojan-activity;sid:83724702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861603)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"188.147.175.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861603/; classtype:trojan-activity;sid:83724703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861605)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.152.114.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861605/; classtype:trojan-activity;sid:83724705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861606)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861606/; classtype:trojan-activity;sid:83724706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861607)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.183.99.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861607/; classtype:trojan-activity;sid:83724707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861609)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861609/; classtype:trojan-activity;sid:83724709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861591)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"109.158.46.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861591/; classtype:trojan-activity;sid:83724691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861592)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861592/; classtype:trojan-activity;sid:83724692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861594)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861594/; classtype:trojan-activity;sid:83724694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861587)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.254.244.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861587/; classtype:trojan-activity;sid:83724687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861588)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"93.63.154.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861588/; classtype:trojan-activity;sid:83724688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861586)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.84.167.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861586/; classtype:trojan-activity;sid:83724686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861582)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861582/; classtype:trojan-activity;sid:83724682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861583)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"83.220.108.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861583/; classtype:trojan-activity;sid:83724683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861565)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861565/; classtype:trojan-activity;sid:83724665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861567)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861567/; classtype:trojan-activity;sid:83724667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861568)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861568/; classtype:trojan-activity;sid:83724668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861569)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"113.160.251.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861569/; classtype:trojan-activity;sid:83724669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861570)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861570/; classtype:trojan-activity;sid:83724670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861573)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861573/; classtype:trojan-activity;sid:83724673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861577)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861577/; classtype:trojan-activity;sid:83724677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861579)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861579/; classtype:trojan-activity;sid:83724679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861580)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"59.154.252.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861580/; classtype:trojan-activity;sid:83724680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861556)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.183.85.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861556/; classtype:trojan-activity;sid:83724656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861557)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"83.220.108.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861557/; classtype:trojan-activity;sid:83724657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861559)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"68.226.36.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861559/; classtype:trojan-activity;sid:83724659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861561)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"86.221.95.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861561/; classtype:trojan-activity;sid:83724661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861562)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861562/; classtype:trojan-activity;sid:83724662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861563)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"102.223.106.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861563/; classtype:trojan-activity;sid:83724663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861564)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"172.115.81.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861564/; classtype:trojan-activity;sid:83724664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861551)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"82.76.12.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861551/; classtype:trojan-activity;sid:83724651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861552)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"109.69.8.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861552/; classtype:trojan-activity;sid:83724652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861553)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.230.215.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861553/; classtype:trojan-activity;sid:83724653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861554)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"87.26.194.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861554/; classtype:trojan-activity;sid:83724654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861555)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"88.123.92.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861555/; classtype:trojan-activity;sid:83724655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861549)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861549/; classtype:trojan-activity;sid:83724649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861548)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.196.96.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861548/; classtype:trojan-activity;sid:83724648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861547)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861547/; classtype:trojan-activity;sid:83724647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861543)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.231.190.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861543/; classtype:trojan-activity;sid:83724643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861538)"; flow:established,from_client; content:"GET"; http_method; content:"/tsaplqyj.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"bafybeicnmx2fcaolinpdaiqjo7hgsourg3qzaxf57psdrbqic4qrm4pf3i.ipfs.dweb.link"; http_host; depth:74; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861538/; classtype:trojan-activity;sid:83724638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2860721)"; flow:established,from_client; content:"GET"; http_method; content:"/srbijasetuphokej.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_23; reference:url, urlhaus.abuse.ch/url/2860721/; classtype:trojan-activity;sid:83723821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2860121)"; flow:established,from_client; content:"GET"; http_method; content:"/ipfs/bafybeihztxwimpjrjtlr3djk5sxcxnyiubceso2zkoijuplsccegiceqya/ngown.exe"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"ipfs.io"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2024_05_23; reference:url, urlhaus.abuse.ch/url/2860121/; classtype:trojan-activity;sid:83723221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859870)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1cpyrauziryvuorqqdqezflraxwfj7xvq"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_22; reference:url, urlhaus.abuse.ch/url/2859870/; classtype:trojan-activity;sid:83722970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859510)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.45.143.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_22; reference:url, urlhaus.abuse.ch/url/2859510/; classtype:trojan-activity;sid:83722610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859508)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.148.194.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_22; reference:url, urlhaus.abuse.ch/url/2859508/; classtype:trojan-activity;sid:83722608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859117)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/raw/main/arm"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2859117/; classtype:trojan-activity;sid:83722217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859027)"; flow:established,from_client; content:"GET"; http_method; content:"/ustaxes/ustaxes/files/15378217/all.2023.tax.documents.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2859027/; classtype:trojan-activity;sid:83722127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2858898)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.225.186.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2858898/; classtype:trojan-activity;sid:83721998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2858681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.217.109.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2858681/; classtype:trojan-activity;sid:83721781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2858670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.217.109.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2858670/; classtype:trojan-activity;sid:83721770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2858526)"; flow:established,from_client; content:"GET"; http_method; content:"/ssl/crt.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"lop.foxesjoy.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2858526/; classtype:trojan-activity;sid:83721626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2858226)"; flow:established,from_client; content:"GET"; http_method; content:"/zara/brainstorminger.smi"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"joccupationalscience.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2858226/; classtype:trojan-activity;sid:83721326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2858227)"; flow:established,from_client; content:"GET"; http_method; content:"/zara/hovedhensyns.pcz"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"joccupationalscience.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2858227/; classtype:trojan-activity;sid:83721327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2858223)"; flow:established,from_client; content:"GET"; http_method; content:"/zara/jssvxtwbtby146.bin"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"joccupationalscience.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2858223/; classtype:trojan-activity;sid:83721323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2858217)"; flow:established,from_client; content:"GET"; http_method; content:"/zara/mayxw.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"joccupationalscience.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2858217/; classtype:trojan-activity;sid:83721317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2858218)"; flow:established,from_client; content:"GET"; http_method; content:"/zara/hzwhcbjuyz238.bin"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"joccupationalscience.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2858218/; classtype:trojan-activity;sid:83721318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857905)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"50.175.37.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857905/; classtype:trojan-activity;sid:83721005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857904)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857904/; classtype:trojan-activity;sid:83721004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857902)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"50.175.37.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857902/; classtype:trojan-activity;sid:83721002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857899)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857899/; classtype:trojan-activity;sid:83720999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857893)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.139.21.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857893/; classtype:trojan-activity;sid:83720993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857896)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857896/; classtype:trojan-activity;sid:83720996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857898)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.29.231.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857898/; classtype:trojan-activity;sid:83720998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857892)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.3.248.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857892/; classtype:trojan-activity;sid:83720992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857888)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857888/; classtype:trojan-activity;sid:83720988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857884)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.62.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857884/; classtype:trojan-activity;sid:83720984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857881)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857881/; classtype:trojan-activity;sid:83720981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857874)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.86.136.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857874/; classtype:trojan-activity;sid:83720974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857875)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857875/; classtype:trojan-activity;sid:83720975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857878)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.122.141.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857878/; classtype:trojan-activity;sid:83720978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857871)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857871/; classtype:trojan-activity;sid:83720971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857872)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.196.121.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857872/; classtype:trojan-activity;sid:83720972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857873)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.234.124.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857873/; classtype:trojan-activity;sid:83720973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857867)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.220.108.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857867/; classtype:trojan-activity;sid:83720967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857868)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857868/; classtype:trojan-activity;sid:83720968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857870)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857870/; classtype:trojan-activity;sid:83720970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857865)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.154.122.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857865/; classtype:trojan-activity;sid:83720965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857866)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857866/; classtype:trojan-activity;sid:83720966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857861)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857861/; classtype:trojan-activity;sid:83720961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857859)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857859/; classtype:trojan-activity;sid:83720959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857854)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.154.67.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857854/; classtype:trojan-activity;sid:83720954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857850)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857850/; classtype:trojan-activity;sid:83720950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857851)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.6.87.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857851/; classtype:trojan-activity;sid:83720951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857848)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857848/; classtype:trojan-activity;sid:83720948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857849)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857849/; classtype:trojan-activity;sid:83720949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857844)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.2.229.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857844/; classtype:trojan-activity;sid:83720944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857846)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857846/; classtype:trojan-activity;sid:83720946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857842)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.156.181.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857842/; classtype:trojan-activity;sid:83720942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857837)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857837/; classtype:trojan-activity;sid:83720937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857838)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"149.62.200.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857838/; classtype:trojan-activity;sid:83720938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857834)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857834/; classtype:trojan-activity;sid:83720934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857835)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857835/; classtype:trojan-activity;sid:83720935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857836)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"36.95.166.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857836/; classtype:trojan-activity;sid:83720936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857833)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"36.67.155.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857833/; classtype:trojan-activity;sid:83720933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857831)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"98.180.230.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857831/; classtype:trojan-activity;sid:83720931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857832)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.156.181.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857832/; classtype:trojan-activity;sid:83720932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857824)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"47.152.114.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857824/; classtype:trojan-activity;sid:83720924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857822)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.176.204.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857822/; classtype:trojan-activity;sid:83720922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857820)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.31.226.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857820/; classtype:trojan-activity;sid:83720920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857821)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.176.204.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857821/; classtype:trojan-activity;sid:83720921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857817)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"194.105.59.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857817/; classtype:trojan-activity;sid:83720917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857813)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857813/; classtype:trojan-activity;sid:83720913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857814)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.221.95.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857814/; classtype:trojan-activity;sid:83720914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857809)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857809/; classtype:trojan-activity;sid:83720909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857810)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"124.19.79.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857810/; classtype:trojan-activity;sid:83720910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857806)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857806/; classtype:trojan-activity;sid:83720906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857807)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.3.248.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857807/; classtype:trojan-activity;sid:83720907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857804)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857804/; classtype:trojan-activity;sid:83720904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857802)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857802/; classtype:trojan-activity;sid:83720902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857795)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857795/; classtype:trojan-activity;sid:83720895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857797)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857797/; classtype:trojan-activity;sid:83720897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857794)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"68.107.218.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857794/; classtype:trojan-activity;sid:83720894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857788)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"68.226.36.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857788/; classtype:trojan-activity;sid:83720888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857789)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.69.8.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857789/; classtype:trojan-activity;sid:83720889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857785)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857785/; classtype:trojan-activity;sid:83720885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857780)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857780/; classtype:trojan-activity;sid:83720880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857778)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857778/; classtype:trojan-activity;sid:83720878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857775)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.23.88.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857775/; classtype:trojan-activity;sid:83720875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857776)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.202.20.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857776/; classtype:trojan-activity;sid:83720876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857770)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857770/; classtype:trojan-activity;sid:83720870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857771)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857771/; classtype:trojan-activity;sid:83720871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857772)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"69.75.168.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857772/; classtype:trojan-activity;sid:83720872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857773)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857773/; classtype:trojan-activity;sid:83720873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857768)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.15.181.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857768/; classtype:trojan-activity;sid:83720868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857763)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857763/; classtype:trojan-activity;sid:83720863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857762)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857762/; classtype:trojan-activity;sid:83720862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857760)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"47.152.114.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857760/; classtype:trojan-activity;sid:83720860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857758)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857758/; classtype:trojan-activity;sid:83720858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857752)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857752/; classtype:trojan-activity;sid:83720852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857753)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857753/; classtype:trojan-activity;sid:83720853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857754)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.123.92.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857754/; classtype:trojan-activity;sid:83720854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857755)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857755/; classtype:trojan-activity;sid:83720855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857757)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857757/; classtype:trojan-activity;sid:83720857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857750)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"125.168.166.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857750/; classtype:trojan-activity;sid:83720850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857747)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857747/; classtype:trojan-activity;sid:83720847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857748)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"50.175.37.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857748/; classtype:trojan-activity;sid:83720848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857749)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857749/; classtype:trojan-activity;sid:83720849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857743)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"50.175.37.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857743/; classtype:trojan-activity;sid:83720843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857746)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857746/; classtype:trojan-activity;sid:83720846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857739)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.23.174.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857739/; classtype:trojan-activity;sid:83720839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857734)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.156.181.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857734/; classtype:trojan-activity;sid:83720834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857736)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.154.122.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857736/; classtype:trojan-activity;sid:83720836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857730)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857730/; classtype:trojan-activity;sid:83720830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857731)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857731/; classtype:trojan-activity;sid:83720831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857726)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.220.108.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857726/; classtype:trojan-activity;sid:83720826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857724)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857724/; classtype:trojan-activity;sid:83720824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857722)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.139.20.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857722/; classtype:trojan-activity;sid:83720822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857720)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"184.180.131.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857720/; classtype:trojan-activity;sid:83720820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857721)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.200.171.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857721/; classtype:trojan-activity;sid:83720821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857717)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.86.136.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857717/; classtype:trojan-activity;sid:83720817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857719)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857719/; classtype:trojan-activity;sid:83720819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857710)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.160.185.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857710/; classtype:trojan-activity;sid:83720810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857712)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.162.229.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857712/; classtype:trojan-activity;sid:83720812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857713)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.220.108.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857713/; classtype:trojan-activity;sid:83720813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857708)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857708/; classtype:trojan-activity;sid:83720808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857706)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857706/; classtype:trojan-activity;sid:83720806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857707)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"161.43.205.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857707/; classtype:trojan-activity;sid:83720807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857702)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.221.95.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857702/; classtype:trojan-activity;sid:83720802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857704)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857704/; classtype:trojan-activity;sid:83720804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857697)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857697/; classtype:trojan-activity;sid:83720797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857698)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.239.84.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857698/; classtype:trojan-activity;sid:83720798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857699)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857699/; classtype:trojan-activity;sid:83720799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857696)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.241.90.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857696/; classtype:trojan-activity;sid:83720796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857694)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.212.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857694/; classtype:trojan-activity;sid:83720794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857692)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.173.70.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857692/; classtype:trojan-activity;sid:83720792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857693)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.160.10.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857693/; classtype:trojan-activity;sid:83720793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857689)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857689/; classtype:trojan-activity;sid:83720789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857687)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.160.251.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857687/; classtype:trojan-activity;sid:83720787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857685)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857685/; classtype:trojan-activity;sid:83720785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857679)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.154.123.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857679/; classtype:trojan-activity;sid:83720779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857680)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857680/; classtype:trojan-activity;sid:83720780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857682)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"50.175.37.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857682/; classtype:trojan-activity;sid:83720782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857674)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857674/; classtype:trojan-activity;sid:83720774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857676)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"204.11.227.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857676/; classtype:trojan-activity;sid:83720776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857678)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857678/; classtype:trojan-activity;sid:83720778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857670)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857670/; classtype:trojan-activity;sid:83720770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857671)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857671/; classtype:trojan-activity;sid:83720771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857672)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857672/; classtype:trojan-activity;sid:83720772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857669)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857669/; classtype:trojan-activity;sid:83720769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857665)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.156.181.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857665/; classtype:trojan-activity;sid:83720765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857666)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857666/; classtype:trojan-activity;sid:83720766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857662)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857662/; classtype:trojan-activity;sid:83720762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857663)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.23.88.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857663/; classtype:trojan-activity;sid:83720763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857660)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.251.249.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857660/; classtype:trojan-activity;sid:83720760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857653)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.6.87.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857653/; classtype:trojan-activity;sid:83720753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857654)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857654/; classtype:trojan-activity;sid:83720754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857655)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.139.20.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857655/; classtype:trojan-activity;sid:83720755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857651)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857651/; classtype:trojan-activity;sid:83720751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857652)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.170.32.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857652/; classtype:trojan-activity;sid:83720752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857645)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857645/; classtype:trojan-activity;sid:83720745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857642)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857642/; classtype:trojan-activity;sid:83720742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857644)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"50.175.37.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857644/; classtype:trojan-activity;sid:83720744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857633)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857633/; classtype:trojan-activity;sid:83720733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857634)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857634/; classtype:trojan-activity;sid:83720734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857635)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"204.11.227.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857635/; classtype:trojan-activity;sid:83720735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857636)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.122.207.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857636/; classtype:trojan-activity;sid:83720736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857640)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857640/; classtype:trojan-activity;sid:83720740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857628)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857628/; classtype:trojan-activity;sid:83720728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857630)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857630/; classtype:trojan-activity;sid:83720730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857626)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.147.175.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857626/; classtype:trojan-activity;sid:83720726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857627)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.156.181.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857627/; classtype:trojan-activity;sid:83720727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857624)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857624/; classtype:trojan-activity;sid:83720724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857620)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857620/; classtype:trojan-activity;sid:83720720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857621)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857621/; classtype:trojan-activity;sid:83720721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857616)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857616/; classtype:trojan-activity;sid:83720716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857613)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.86.136.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857613/; classtype:trojan-activity;sid:83720713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857614)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.154.252.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857614/; classtype:trojan-activity;sid:83720714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857610)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.176.204.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857610/; classtype:trojan-activity;sid:83720710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857609)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857609/; classtype:trojan-activity;sid:83720709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857603)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"96.76.18.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857603/; classtype:trojan-activity;sid:83720703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857606)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.214.27.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857606/; classtype:trojan-activity;sid:83720706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857607)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.86.136.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857607/; classtype:trojan-activity;sid:83720707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857600)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857600/; classtype:trojan-activity;sid:83720700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857601)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.93.103.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857601/; classtype:trojan-activity;sid:83720701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857602)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"112.4.110.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857602/; classtype:trojan-activity;sid:83720702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857590)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.160.10.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857590/; classtype:trojan-activity;sid:83720690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857592)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857592/; classtype:trojan-activity;sid:83720692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857585)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857585/; classtype:trojan-activity;sid:83720685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857586)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857586/; classtype:trojan-activity;sid:83720686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857587)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857587/; classtype:trojan-activity;sid:83720687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857583)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857583/; classtype:trojan-activity;sid:83720683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857584)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.108.58.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857584/; classtype:trojan-activity;sid:83720684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857580)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857580/; classtype:trojan-activity;sid:83720680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857582)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857582/; classtype:trojan-activity;sid:83720682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857579)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.160.86.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857579/; classtype:trojan-activity;sid:83720679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857576)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857576/; classtype:trojan-activity;sid:83720676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857575)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.156.181.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857575/; classtype:trojan-activity;sid:83720675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857573)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.14.38.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857573/; classtype:trojan-activity;sid:83720673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857574)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857574/; classtype:trojan-activity;sid:83720674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857568)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857568/; classtype:trojan-activity;sid:83720668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857570)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857570/; classtype:trojan-activity;sid:83720670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857564)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.251.62.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857564/; classtype:trojan-activity;sid:83720664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857566)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857566/; classtype:trojan-activity;sid:83720666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857567)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.156.181.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857567/; classtype:trojan-activity;sid:83720667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857561)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857561/; classtype:trojan-activity;sid:83720661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857553)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857553/; classtype:trojan-activity;sid:83720653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857556)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.139.21.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857556/; classtype:trojan-activity;sid:83720656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857558)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.220.108.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857558/; classtype:trojan-activity;sid:83720658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857550)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.21.148.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857550/; classtype:trojan-activity;sid:83720650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857551)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857551/; classtype:trojan-activity;sid:83720651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857545)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857545/; classtype:trojan-activity;sid:83720645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857542)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857542/; classtype:trojan-activity;sid:83720642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857543)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857543/; classtype:trojan-activity;sid:83720643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857541)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857541/; classtype:trojan-activity;sid:83720641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857539)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.160.10.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857539/; classtype:trojan-activity;sid:83720639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857535)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.139.20.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857535/; classtype:trojan-activity;sid:83720635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857533)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"50.175.37.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857533/; classtype:trojan-activity;sid:83720633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857530)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.21.148.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857530/; classtype:trojan-activity;sid:83720630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857526)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857526/; classtype:trojan-activity;sid:83720626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857527)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857527/; classtype:trojan-activity;sid:83720627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857521)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"164.126.129.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857521/; classtype:trojan-activity;sid:83720621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857522)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.64.76.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857522/; classtype:trojan-activity;sid:83720622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857524)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857524/; classtype:trojan-activity;sid:83720624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857525)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.162.229.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857525/; classtype:trojan-activity;sid:83720625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857516)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.239.84.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857516/; classtype:trojan-activity;sid:83720616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857517)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.21.148.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857517/; classtype:trojan-activity;sid:83720617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857518)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"50.175.37.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857518/; classtype:trojan-activity;sid:83720618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857513)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857513/; classtype:trojan-activity;sid:83720613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857510)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.93.103.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857510/; classtype:trojan-activity;sid:83720610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857511)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.202.0.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857511/; classtype:trojan-activity;sid:83720611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857509)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857509/; classtype:trojan-activity;sid:83720609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857506)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"172.115.81.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857506/; classtype:trojan-activity;sid:83720606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857507)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857507/; classtype:trojan-activity;sid:83720607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857508)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"124.19.77.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857508/; classtype:trojan-activity;sid:83720608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857501)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857501/; classtype:trojan-activity;sid:83720601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857502)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.108.58.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857502/; classtype:trojan-activity;sid:83720602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857495)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"124.19.92.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857495/; classtype:trojan-activity;sid:83720595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857498)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857498/; classtype:trojan-activity;sid:83720598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857499)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.43.16.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857499/; classtype:trojan-activity;sid:83720599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857500)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857500/; classtype:trojan-activity;sid:83720600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857491)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.122.207.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857491/; classtype:trojan-activity;sid:83720591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857492)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.63.154.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857492/; classtype:trojan-activity;sid:83720592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857493)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857493/; classtype:trojan-activity;sid:83720593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857488)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857488/; classtype:trojan-activity;sid:83720588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857483)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857483/; classtype:trojan-activity;sid:83720583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857484)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857484/; classtype:trojan-activity;sid:83720584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857485)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.196.121.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857485/; classtype:trojan-activity;sid:83720585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857486)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857486/; classtype:trojan-activity;sid:83720586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857487)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.221.95.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857487/; classtype:trojan-activity;sid:83720587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857481)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.147.175.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857481/; classtype:trojan-activity;sid:83720581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857474)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.23.174.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857474/; classtype:trojan-activity;sid:83720574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857475)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857475/; classtype:trojan-activity;sid:83720575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857472)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857472/; classtype:trojan-activity;sid:83720572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857471)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.23.174.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857471/; classtype:trojan-activity;sid:83720571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857468)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.222.113.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857468/; classtype:trojan-activity;sid:83720568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857464)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857464/; classtype:trojan-activity;sid:83720564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857465)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.68.74.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857465/; classtype:trojan-activity;sid:83720565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857462)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"222.252.15.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857462/; classtype:trojan-activity;sid:83720562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857463)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857463/; classtype:trojan-activity;sid:83720563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857442)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.68.74.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857442/; classtype:trojan-activity;sid:83720542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857444)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857444/; classtype:trojan-activity;sid:83720544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857447)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857447/; classtype:trojan-activity;sid:83720547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857448)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"68.226.36.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857448/; classtype:trojan-activity;sid:83720548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857450)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.23.174.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857450/; classtype:trojan-activity;sid:83720550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857454)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857454/; classtype:trojan-activity;sid:83720554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857455)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857455/; classtype:trojan-activity;sid:83720555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857456)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.19.190.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857456/; classtype:trojan-activity;sid:83720556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857457)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857457/; classtype:trojan-activity;sid:83720557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857458)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.160.185.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857458/; classtype:trojan-activity;sid:83720558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857459)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.65.37.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857459/; classtype:trojan-activity;sid:83720559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857437)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.238.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857437/; classtype:trojan-activity;sid:83720537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857439)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857439/; classtype:trojan-activity;sid:83720539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857440)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"96.76.18.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857440/; classtype:trojan-activity;sid:83720540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857433)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.221.95.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857433/; classtype:trojan-activity;sid:83720533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857337)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.201.148.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857337/; classtype:trojan-activity;sid:83720437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857230)"; flow:established,from_client; content:"GET"; http_method; content:"/main"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"205.185.123.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857230/; classtype:trojan-activity;sid:83720330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857169)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.84.167.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857169/; classtype:trojan-activity;sid:83720269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2856969)"; flow:established,from_client; content:"GET"; http_method; content:"/curl-aarch64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2856969/; classtype:trojan-activity;sid:83720069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2856551)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.223.60.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2856551/; classtype:trojan-activity;sid:83719651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2855074)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.113.68.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_19; reference:url, urlhaus.abuse.ch/url/2855074/; classtype:trojan-activity;sid:83718174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2854705)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=10qzzrvc0u1j3ha4ajh6xb64gvyaxwhag"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_18; reference:url, urlhaus.abuse.ch/url/2854705/; classtype:trojan-activity;sid:83717805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2854636)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig-6.18.0-linux-x64.tar.gz"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"46.231.32.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_18; reference:url, urlhaus.abuse.ch/url/2854636/; classtype:trojan-activity;sid:83717736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2854622)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig0.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"14.224.174.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_18; reference:url, urlhaus.abuse.ch/url/2854622/; classtype:trojan-activity;sid:83717722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2854623)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig0.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"14.224.174.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_18; reference:url, urlhaus.abuse.ch/url/2854623/; classtype:trojan-activity;sid:83717723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2854611)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig-6.19.3-linux-x64.tar.gz"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"31.186.217.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_18; reference:url, urlhaus.abuse.ch/url/2854611/; classtype:trojan-activity;sid:83717711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2853223)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_17; reference:url, urlhaus.abuse.ch/url/2853223/; classtype:trojan-activity;sid:83716323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2852337)"; flow:established,from_client; content:"GET"; http_method; content:"/hgdfhdfgd/test/downloads/new_image.jpg"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_16; reference:url, urlhaus.abuse.ch/url/2852337/; classtype:trojan-activity;sid:83715437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2852329)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/sabellarian.xtp"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ranchoboscardin.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_05_16; reference:url, urlhaus.abuse.ch/url/2852329/; classtype:trojan-activity;sid:83715429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2852327)"; flow:established,from_client; content:"GET"; http_method; content:"/df/hcyopoxewimegkyisrqesi103.bin"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"joccupationalscience.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_05_16; reference:url, urlhaus.abuse.ch/url/2852327/; classtype:trojan-activity;sid:83715427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2852328)"; flow:established,from_client; content:"GET"; http_method; content:"/df/vivianite.psp"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"joccupationalscience.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_05_16; reference:url, urlhaus.abuse.ch/url/2852328/; classtype:trojan-activity;sid:83715428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2852325)"; flow:established,from_client; content:"GET"; http_method; content:"/dc/pspyggxvupqvs252.bin"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ranchoboscardin.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_05_16; reference:url, urlhaus.abuse.ch/url/2852325/; classtype:trojan-activity;sid:83715425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2851755)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uiaxivybdf4ag1xr9v_kun9qf6rtg8wl"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_16; reference:url, urlhaus.abuse.ch/url/2851755/; classtype:trojan-activity;sid:83714855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2851722)"; flow:established,from_client; content:"GET"; http_method; content:"/exploit.class"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"47.97.18.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_16; reference:url, urlhaus.abuse.ch/url/2851722/; classtype:trojan-activity;sid:83714822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2851681)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/1.hta"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.rockcreekdds.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_05_16; reference:url, urlhaus.abuse.ch/url/2851681/; classtype:trojan-activity;sid:83714781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2850765)"; flow:established,from_client; content:"GET"; http_method; content:"/x103.log"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"zffsg.oss-ap-northeast-2.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_05_15; reference:url, urlhaus.abuse.ch/url/2850765/; classtype:trojan-activity;sid:83713865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2850173)"; flow:established,from_client; content:"GET"; http_method; content:"/990_ota.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"59.59.6.86"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_14; reference:url, urlhaus.abuse.ch/url/2850173/; classtype:trojan-activity;sid:83713273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2848923)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.131.74.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_13; reference:url, urlhaus.abuse.ch/url/2848923/; classtype:trojan-activity;sid:83712023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2848580)"; flow:established,from_client; content:"GET"; http_method; content:"/setthreadexecutionstate/modifieddiscordclient/raw/main/yar.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_13; reference:url, urlhaus.abuse.ch/url/2848580/; classtype:trojan-activity;sid:83711680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2848534)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.70.203.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_13; reference:url, urlhaus.abuse.ch/url/2848534/; classtype:trojan-activity;sid:83711634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2847032)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.117.209.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_11; reference:url, urlhaus.abuse.ch/url/2847032/; classtype:trojan-activity;sid:83710132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845989)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"52.83.32.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845989/; classtype:trojan-activity;sid:83709089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845988)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"52.83.32.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845988/; classtype:trojan-activity;sid:83709088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845981)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"52.83.32.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845981/; classtype:trojan-activity;sid:83709081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845979)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.164.41.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845979/; classtype:trojan-activity;sid:83709079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845969)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"52.83.32.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845969/; classtype:trojan-activity;sid:83709069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845964)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.164.41.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845964/; classtype:trojan-activity;sid:83709064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845952)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"52.83.32.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845952/; classtype:trojan-activity;sid:83709052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845958)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"52.83.32.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845958/; classtype:trojan-activity;sid:83709058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845945)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.164.41.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845945/; classtype:trojan-activity;sid:83709045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845947)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.164.41.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845947/; classtype:trojan-activity;sid:83709047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845940)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.164.41.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845940/; classtype:trojan-activity;sid:83709040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845935)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.164.41.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845935/; classtype:trojan-activity;sid:83709035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845932)"; flow:established,from_client; content:"GET"; http_method; content:"/av_downloader.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.240.65.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845932/; classtype:trojan-activity;sid:83709032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845931)"; flow:established,from_client; content:"GET"; http_method; content:"/install_python3.sh"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"43.240.65.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845931/; classtype:trojan-activity;sid:83709031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845913)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.187.188.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845913/; classtype:trojan-activity;sid:83709013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845821)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.90.122.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845821/; classtype:trojan-activity;sid:83708921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845822)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.90.122.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845822/; classtype:trojan-activity;sid:83708922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845820)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.90.122.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845820/; classtype:trojan-activity;sid:83708920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845819)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.90.122.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845819/; classtype:trojan-activity;sid:83708919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845817)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.90.122.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845817/; classtype:trojan-activity;sid:83708917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845818)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.90.122.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845818/; classtype:trojan-activity;sid:83708918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845814)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"165.132.228.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845814/; classtype:trojan-activity;sid:83708914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845815)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"165.132.228.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845815/; classtype:trojan-activity;sid:83708915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845816)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"165.132.228.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845816/; classtype:trojan-activity;sid:83708916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845350)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|resid=8950d94f9949f870%213505|7c|26|7c|authkey=!afhuotcjydvf6pg"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845350/; classtype:trojan-activity;sid:83708450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2844680)"; flow:established,from_client; content:"GET"; http_method; content:"/443"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.114.141.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_09; reference:url, urlhaus.abuse.ch/url/2844680/; classtype:trojan-activity;sid:83707780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2844681)"; flow:established,from_client; content:"GET"; http_method; content:"/8"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.114.141.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_09; reference:url, urlhaus.abuse.ch/url/2844681/; classtype:trojan-activity;sid:83707781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2844675)"; flow:established,from_client; content:"GET"; http_method; content:"/fr"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.114.141.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_09; reference:url, urlhaus.abuse.ch/url/2844675/; classtype:trojan-activity;sid:83707775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2844672)"; flow:established,from_client; content:"GET"; http_method; content:"/fff"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.114.141.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_09; reference:url, urlhaus.abuse.ch/url/2844672/; classtype:trojan-activity;sid:83707772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2844673)"; flow:established,from_client; content:"GET"; http_method; content:"/fs"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.114.141.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_09; reference:url, urlhaus.abuse.ch/url/2844673/; classtype:trojan-activity;sid:83707773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2844674)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.114.141.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_09; reference:url, urlhaus.abuse.ch/url/2844674/; classtype:trojan-activity;sid:83707774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2844671)"; flow:established,from_client; content:"GET"; http_method; content:"/aa"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.114.141.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_09; reference:url, urlhaus.abuse.ch/url/2844671/; classtype:trojan-activity;sid:83707771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2844669)"; flow:established,from_client; content:"GET"; http_method; content:"/mcs"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.114.141.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_09; reference:url, urlhaus.abuse.ch/url/2844669/; classtype:trojan-activity;sid:83707769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2844667)"; flow:established,from_client; content:"GET"; http_method; content:"/fsa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.114.141.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_09; reference:url, urlhaus.abuse.ch/url/2844667/; classtype:trojan-activity;sid:83707767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2844665)"; flow:established,from_client; content:"GET"; http_method; content:"/ff"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.114.141.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_09; reference:url, urlhaus.abuse.ch/url/2844665/; classtype:trojan-activity;sid:83707765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2844666)"; flow:established,from_client; content:"GET"; http_method; content:"/at"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.114.141.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_09; reference:url, urlhaus.abuse.ch/url/2844666/; classtype:trojan-activity;sid:83707766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2844652)"; flow:established,from_client; content:"GET"; http_method; content:"/min.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.14.48.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_09; reference:url, urlhaus.abuse.ch/url/2844652/; classtype:trojan-activity;sid:83707752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2844653)"; flow:established,from_client; content:"GET"; http_method; content:"/a.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.14.48.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_09; reference:url, urlhaus.abuse.ch/url/2844653/; classtype:trojan-activity;sid:83707753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2844654)"; flow:established,from_client; content:"GET"; http_method; content:"/miner.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.14.48.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_09; reference:url, urlhaus.abuse.ch/url/2844654/; classtype:trojan-activity;sid:83707754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2844640)"; flow:established,from_client; content:"GET"; http_method; content:"/xxx"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.14.48.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_09; reference:url, urlhaus.abuse.ch/url/2844640/; classtype:trojan-activity;sid:83707740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2844639)"; flow:established,from_client; content:"GET"; http_method; content:"/scan"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.14.48.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_09; reference:url, urlhaus.abuse.ch/url/2844639/; classtype:trojan-activity;sid:83707739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2844633)"; flow:established,from_client; content:"GET"; http_method; content:"/git"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.14.48.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_09; reference:url, urlhaus.abuse.ch/url/2844633/; classtype:trojan-activity;sid:83707733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2844634)"; flow:established,from_client; content:"GET"; http_method; content:"/slb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.14.48.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_09; reference:url, urlhaus.abuse.ch/url/2844634/; classtype:trojan-activity;sid:83707734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2844635)"; flow:established,from_client; content:"GET"; http_method; content:"/slo"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.14.48.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_09; reference:url, urlhaus.abuse.ch/url/2844635/; classtype:trojan-activity;sid:83707735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2844636)"; flow:established,from_client; content:"GET"; http_method; content:"/hol"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.14.48.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_09; reference:url, urlhaus.abuse.ch/url/2844636/; classtype:trojan-activity;sid:83707736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2844637)"; flow:established,from_client; content:"GET"; http_method; content:"/div"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.14.48.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_09; reference:url, urlhaus.abuse.ch/url/2844637/; classtype:trojan-activity;sid:83707737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2844638)"; flow:established,from_client; content:"GET"; http_method; content:"/spi"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.14.48.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_09; reference:url, urlhaus.abuse.ch/url/2844638/; classtype:trojan-activity;sid:83707738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2844632)"; flow:established,from_client; content:"GET"; http_method; content:"/ss"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.14.48.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_09; reference:url, urlhaus.abuse.ch/url/2844632/; classtype:trojan-activity;sid:83707732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2844631)"; flow:established,from_client; content:"GET"; http_method; content:"/ubu"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.14.48.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_09; reference:url, urlhaus.abuse.ch/url/2844631/; classtype:trojan-activity;sid:83707731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2844628)"; flow:established,from_client; content:"GET"; http_method; content:"/pwn"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.14.48.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_09; reference:url, urlhaus.abuse.ch/url/2844628/; classtype:trojan-activity;sid:83707728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2844626)"; flow:established,from_client; content:"GET"; http_method; content:"/pro.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.14.48.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_09; reference:url, urlhaus.abuse.ch/url/2844626/; classtype:trojan-activity;sid:83707726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2844624)"; flow:established,from_client; content:"GET"; http_method; content:"/cata.jpg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.14.48.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_09; reference:url, urlhaus.abuse.ch/url/2844624/; classtype:trojan-activity;sid:83707724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2844623)"; flow:established,from_client; content:"GET"; http_method; content:"/brute"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.14.48.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_09; reference:url, urlhaus.abuse.ch/url/2844623/; classtype:trojan-activity;sid:83707723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843561)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.150.209.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843561/; classtype:trojan-activity;sid:83706661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843387)"; flow:established,from_client; content:"GET"; http_method; content:"/kinsing2"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843387/; classtype:trojan-activity;sid:83706487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843373)"; flow:established,from_client; content:"GET"; http_method; content:"/ni.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843373/; classtype:trojan-activity;sid:83706473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843374)"; flow:established,from_client; content:"GET"; http_method; content:"/cp.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843374/; classtype:trojan-activity;sid:83706474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843375)"; flow:established,from_client; content:"GET"; http_method; content:"/mo.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843375/; classtype:trojan-activity;sid:83706475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843376)"; flow:established,from_client; content:"GET"; http_method; content:"/vm.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843376/; classtype:trojan-activity;sid:83706476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843377)"; flow:established,from_client; content:"GET"; http_method; content:"/py.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843377/; classtype:trojan-activity;sid:83706477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843378)"; flow:established,from_client; content:"GET"; http_method; content:"/tr.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843378/; classtype:trojan-activity;sid:83706478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843379)"; flow:established,from_client; content:"GET"; http_method; content:"/mi.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843379/; classtype:trojan-activity;sid:83706479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843380)"; flow:established,from_client; content:"GET"; http_method; content:"/se.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843380/; classtype:trojan-activity;sid:83706480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843381)"; flow:established,from_client; content:"GET"; http_method; content:"/ph.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843381/; classtype:trojan-activity;sid:83706481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843382)"; flow:established,from_client; content:"GET"; http_method; content:"/ci.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843382/; classtype:trojan-activity;sid:83706482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843384)"; flow:established,from_client; content:"GET"; http_method; content:"/st.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843384/; classtype:trojan-activity;sid:83706484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843386)"; flow:established,from_client; content:"GET"; http_method; content:"/al.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843386/; classtype:trojan-activity;sid:83706486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843363)"; flow:established,from_client; content:"GET"; http_method; content:"/spr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843363/; classtype:trojan-activity;sid:83706463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843364)"; flow:established,from_client; content:"GET"; http_method; content:"/lr.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843364/; classtype:trojan-activity;sid:83706464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843365)"; flow:established,from_client; content:"GET"; http_method; content:"/kn.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843365/; classtype:trojan-activity;sid:83706465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843366)"; flow:established,from_client; content:"GET"; http_method; content:"/pg.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843366/; classtype:trojan-activity;sid:83706466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843367)"; flow:established,from_client; content:"GET"; http_method; content:"/md.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843367/; classtype:trojan-activity;sid:83706467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843368)"; flow:established,from_client; content:"GET"; http_method; content:"/wb.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843368/; classtype:trojan-activity;sid:83706468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843369)"; flow:established,from_client; content:"GET"; http_method; content:"/sp.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843369/; classtype:trojan-activity;sid:83706469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843370)"; flow:established,from_client; content:"GET"; http_method; content:"/ae.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843370/; classtype:trojan-activity;sid:83706470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843371)"; flow:established,from_client; content:"GET"; http_method; content:"/lf.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843371/; classtype:trojan-activity;sid:83706471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843372)"; flow:established,from_client; content:"GET"; http_method; content:"/ge.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843372/; classtype:trojan-activity;sid:83706472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843353)"; flow:established,from_client; content:"GET"; http_method; content:"/rm.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843353/; classtype:trojan-activity;sid:83706453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843354)"; flow:established,from_client; content:"GET"; http_method; content:"/pa.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843354/; classtype:trojan-activity;sid:83706454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843355)"; flow:established,from_client; content:"GET"; http_method; content:"/tc.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843355/; classtype:trojan-activity;sid:83706455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843356)"; flow:established,from_client; content:"GET"; http_method; content:"/an.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843356/; classtype:trojan-activity;sid:83706456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843357)"; flow:established,from_client; content:"GET"; http_method; content:"/gi.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843357/; classtype:trojan-activity;sid:83706457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843358)"; flow:established,from_client; content:"GET"; http_method; content:"/vb.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843358/; classtype:trojan-activity;sid:83706458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843359)"; flow:established,from_client; content:"GET"; http_method; content:"/sa.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843359/; classtype:trojan-activity;sid:83706459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843360)"; flow:established,from_client; content:"GET"; http_method; content:"/xx.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843360/; classtype:trojan-activity;sid:83706460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843361)"; flow:established,from_client; content:"GET"; http_method; content:"/ws.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843361/; classtype:trojan-activity;sid:83706461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843362)"; flow:established,from_client; content:"GET"; http_method; content:"/ce.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843362/; classtype:trojan-activity;sid:83706462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843345)"; flow:established,from_client; content:"GET"; http_method; content:"/acb.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843345/; classtype:trojan-activity;sid:83706445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843346)"; flow:established,from_client; content:"GET"; http_method; content:"/pg2.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843346/; classtype:trojan-activity;sid:83706446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843347)"; flow:established,from_client; content:"GET"; http_method; content:"/ku.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843347/; classtype:trojan-activity;sid:83706447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843348)"; flow:established,from_client; content:"GET"; http_method; content:"/bg.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843348/; classtype:trojan-activity;sid:83706448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843349)"; flow:established,from_client; content:"GET"; http_method; content:"/hb.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843349/; classtype:trojan-activity;sid:83706449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843350)"; flow:established,from_client; content:"GET"; http_method; content:"/sc.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843350/; classtype:trojan-activity;sid:83706450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843351)"; flow:established,from_client; content:"GET"; http_method; content:"/do.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843351/; classtype:trojan-activity;sid:83706451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843352)"; flow:established,from_client; content:"GET"; http_method; content:"/tm.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843352/; classtype:trojan-activity;sid:83706452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843337)"; flow:established,from_client; content:"GET"; http_method; content:"/mt.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843337/; classtype:trojan-activity;sid:83706437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843338)"; flow:established,from_client; content:"GET"; http_method; content:"/gl.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843338/; classtype:trojan-activity;sid:83706438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843339)"; flow:established,from_client; content:"GET"; http_method; content:"/ap.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843339/; classtype:trojan-activity;sid:83706439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843340)"; flow:established,from_client; content:"GET"; http_method; content:"/rv.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843340/; classtype:trojan-activity;sid:83706440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843341)"; flow:established,from_client; content:"GET"; http_method; content:"/cf.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843341/; classtype:trojan-activity;sid:83706441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843342)"; flow:established,from_client; content:"GET"; http_method; content:"/ki.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843342/; classtype:trojan-activity;sid:83706442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843343)"; flow:established,from_client; content:"GET"; http_method; content:"/scg.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843343/; classtype:trojan-activity;sid:83706443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843344)"; flow:established,from_client; content:"GET"; http_method; content:"/sm.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843344/; classtype:trojan-activity;sid:83706444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843333)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843333/; classtype:trojan-activity;sid:83706433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843334)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843334/; classtype:trojan-activity;sid:83706434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843329)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843329/; classtype:trojan-activity;sid:83706429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843330)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.i486"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843330/; classtype:trojan-activity;sid:83706430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843331)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843331/; classtype:trojan-activity;sid:83706431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843332)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.mips64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843332/; classtype:trojan-activity;sid:83706432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843309)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843309/; classtype:trojan-activity;sid:83706409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843310)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i486"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843310/; classtype:trojan-activity;sid:83706410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843311)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843311/; classtype:trojan-activity;sid:83706411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843313)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843313/; classtype:trojan-activity;sid:83706413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843315)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843315/; classtype:trojan-activity;sid:83706415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843304)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843304/; classtype:trojan-activity;sid:83706404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843305)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/aarch64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843305/; classtype:trojan-activity;sid:83706405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843306)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843306/; classtype:trojan-activity;sid:83706406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843307)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843307/; classtype:trojan-activity;sid:83706407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843308)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843308/; classtype:trojan-activity;sid:83706408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843303)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843303/; classtype:trojan-activity;sid:83706403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843130)"; flow:established,from_client; content:"GET"; http_method; content:"/download.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843130/; classtype:trojan-activity;sid:83706230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843131)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843131/; classtype:trojan-activity;sid:83706231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843117)"; flow:established,from_client; content:"GET"; http_method; content:"/o.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843117/; classtype:trojan-activity;sid:83706217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843106)"; flow:established,from_client; content:"GET"; http_method; content:"/t.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843106/; classtype:trojan-activity;sid:83706206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843107)"; flow:established,from_client; content:"GET"; http_method; content:"/n.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843107/; classtype:trojan-activity;sid:83706207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843108)"; flow:established,from_client; content:"GET"; http_method; content:"/j.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843108/; classtype:trojan-activity;sid:83706208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843109)"; flow:established,from_client; content:"GET"; http_method; content:"/r.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843109/; classtype:trojan-activity;sid:83706209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843110)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843110/; classtype:trojan-activity;sid:83706210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843111)"; flow:established,from_client; content:"GET"; http_method; content:"/m.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843111/; classtype:trojan-activity;sid:83706211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843112)"; flow:established,from_client; content:"GET"; http_method; content:"/s.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843112/; classtype:trojan-activity;sid:83706212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843113)"; flow:established,from_client; content:"GET"; http_method; content:"/h.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843113/; classtype:trojan-activity;sid:83706213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843114)"; flow:established,from_client; content:"GET"; http_method; content:"/f.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843114/; classtype:trojan-activity;sid:83706214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842725)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.231.14.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842725/; classtype:trojan-activity;sid:83705825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842724)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.119.193.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842724/; classtype:trojan-activity;sid:83705824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842722)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.116.62.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842722/; classtype:trojan-activity;sid:83705822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842723)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.119.151.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842723/; classtype:trojan-activity;sid:83705823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842721)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.204.59.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842721/; classtype:trojan-activity;sid:83705821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842720)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.201.7.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842720/; classtype:trojan-activity;sid:83705820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842719)"; flow:established,from_client; content:"GET"; http_method; content:"//.i"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"90.176.171.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842719/; classtype:trojan-activity;sid:83705819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842712)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"86.38.173.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842712/; classtype:trojan-activity;sid:83705812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842685)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.163.18.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842685/; classtype:trojan-activity;sid:83705785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842683)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.163.18.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842683/; classtype:trojan-activity;sid:83705783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842684)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.163.18.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842684/; classtype:trojan-activity;sid:83705784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842682)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.26.216.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842682/; classtype:trojan-activity;sid:83705782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842681)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.163.18.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842681/; classtype:trojan-activity;sid:83705781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842669)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.45.130.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842669/; classtype:trojan-activity;sid:83705769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842668)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.230.158.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842668/; classtype:trojan-activity;sid:83705768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842667)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.69.57.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842667/; classtype:trojan-activity;sid:83705767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842661)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.53.164.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842661/; classtype:trojan-activity;sid:83705761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842662)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"139.5.152.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842662/; classtype:trojan-activity;sid:83705762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842663)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"162.194.8.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842663/; classtype:trojan-activity;sid:83705763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842665)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.169.235.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842665/; classtype:trojan-activity;sid:83705765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842655)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.92.29.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842655/; classtype:trojan-activity;sid:83705755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842650)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.35.49.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842650/; classtype:trojan-activity;sid:83705750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.255.216.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842416/; classtype:trojan-activity;sid:83705516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.169.235.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842417/; classtype:trojan-activity;sid:83705517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.69.57.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842414/; classtype:trojan-activity;sid:83705514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.28.38.135"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842413/; classtype:trojan-activity;sid:83705513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.53.164.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842401/; classtype:trojan-activity;sid:83705501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.35.49.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842402/; classtype:trojan-activity;sid:83705502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.92.29.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842405/; classtype:trojan-activity;sid:83705505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.45.130.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842410/; classtype:trojan-activity;sid:83705510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842087)"; flow:established,from_client; content:"GET"; http_method; content:"//.i"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"41.180.49.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842087/; classtype:trojan-activity;sid:83705187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842082)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.255.216.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842082/; classtype:trojan-activity;sid:83705182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842081)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.205.81.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842081/; classtype:trojan-activity;sid:83705181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842070)"; flow:established,from_client; content:"GET"; http_method; content:"//.i"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.43.16.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842070/; classtype:trojan-activity;sid:83705170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842062)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.151.34.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842062/; classtype:trojan-activity;sid:83705162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842053)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.4.51.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842053/; classtype:trojan-activity;sid:83705153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842035)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.108.131.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842035/; classtype:trojan-activity;sid:83705135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842036)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.245.220.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842036/; classtype:trojan-activity;sid:83705136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842037)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.37.170.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842037/; classtype:trojan-activity;sid:83705137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842040)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.38.157.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842040/; classtype:trojan-activity;sid:83705140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842033)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.192.22.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842033/; classtype:trojan-activity;sid:83705133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842018)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.80.77.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842018/; classtype:trojan-activity;sid:83705118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842020)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.187.118.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842020/; classtype:trojan-activity;sid:83705120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842021)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.14.11.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842021/; classtype:trojan-activity;sid:83705121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842023)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.39.247.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842023/; classtype:trojan-activity;sid:83705123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842026)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.110.206.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842026/; classtype:trojan-activity;sid:83705126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842010)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.145.205.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842010/; classtype:trojan-activity;sid:83705110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842012)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.255.42.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842012/; classtype:trojan-activity;sid:83705112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842015)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.151.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842015/; classtype:trojan-activity;sid:83705115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842002)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.128.76.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842002/; classtype:trojan-activity;sid:83705102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842003)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"177.8.227.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842003/; classtype:trojan-activity;sid:83705103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842004)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.43.113.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842004/; classtype:trojan-activity;sid:83705104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842006)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.58.51.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842006/; classtype:trojan-activity;sid:83705106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841989)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.180.25.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841989/; classtype:trojan-activity;sid:83705089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841991)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"117.121.229.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841991/; classtype:trojan-activity;sid:83705091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841994)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"139.255.32.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841994/; classtype:trojan-activity;sid:83705094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841995)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.115.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841995/; classtype:trojan-activity;sid:83705095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841996)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.176.27.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841996/; classtype:trojan-activity;sid:83705096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841987)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.87.223.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841987/; classtype:trojan-activity;sid:83705087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841988)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.148.5.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841988/; classtype:trojan-activity;sid:83705088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841978)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.46.255.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841978/; classtype:trojan-activity;sid:83705078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841979)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.107.78.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841979/; classtype:trojan-activity;sid:83705079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841983)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"144.48.170.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841983/; classtype:trojan-activity;sid:83705083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841972)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.36.11.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841972/; classtype:trojan-activity;sid:83705072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841974)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"151.236.247.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841974/; classtype:trojan-activity;sid:83705074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841960)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.4.34.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841960/; classtype:trojan-activity;sid:83705060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841962)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.239.254.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841962/; classtype:trojan-activity;sid:83705062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841963)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.101.191.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841963/; classtype:trojan-activity;sid:83705063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841967)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.123.53.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841967/; classtype:trojan-activity;sid:83705067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841953)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.209.184.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841953/; classtype:trojan-activity;sid:83705053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841954)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.209.184.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841954/; classtype:trojan-activity;sid:83705054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841942)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.9.14.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841942/; classtype:trojan-activity;sid:83705042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841945)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"179.189.254.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841945/; classtype:trojan-activity;sid:83705045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841949)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.64.209.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841949/; classtype:trojan-activity;sid:83705049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841940)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.86.151.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841940/; classtype:trojan-activity;sid:83705040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841941)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.115.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841941/; classtype:trojan-activity;sid:83705041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841929)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"159.224.143.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841929/; classtype:trojan-activity;sid:83705029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841931)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.169.136.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841931/; classtype:trojan-activity;sid:83705031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841932)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.145.123.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841932/; classtype:trojan-activity;sid:83705032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841926)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.119.87.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841926/; classtype:trojan-activity;sid:83705026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841917)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.28.38.135"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841917/; classtype:trojan-activity;sid:83705017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841914)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.188.165.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841914/; classtype:trojan-activity;sid:83705014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841913)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.188.165.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841913/; classtype:trojan-activity;sid:83705013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841807)"; flow:established,from_client; content:"GET"; http_method; content:"/cryptography_module_windows.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"122.170.110.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841807/; classtype:trojan-activity;sid:83704907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.110.206.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841726/; classtype:trojan-activity;sid:83704826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.37.170.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841721/; classtype:trojan-activity;sid:83704821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.169.136.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841716/; classtype:trojan-activity;sid:83704816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.123.53.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841713/; classtype:trojan-activity;sid:83704813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.148.5.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841714/; classtype:trojan-activity;sid:83704814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.115.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841712/; classtype:trojan-activity;sid:83704812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.9.14.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841706/; classtype:trojan-activity;sid:83704806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.46.255.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841697/; classtype:trojan-activity;sid:83704797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.87.223.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841705/; classtype:trojan-activity;sid:83704805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.128.76.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841687/; classtype:trojan-activity;sid:83704787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.4.34.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841689/; classtype:trojan-activity;sid:83704789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.108.131.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841694/; classtype:trojan-activity;sid:83704794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.43.113.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841695/; classtype:trojan-activity;sid:83704795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.151.34.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841683/; classtype:trojan-activity;sid:83704783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.255.42.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841686/; classtype:trojan-activity;sid:83704786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.101.191.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841679/; classtype:trojan-activity;sid:83704779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.36.11.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841676/; classtype:trojan-activity;sid:83704776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.98.26.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841674/; classtype:trojan-activity;sid:83704774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.86.151.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841671/; classtype:trojan-activity;sid:83704771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"139.255.32.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841672/; classtype:trojan-activity;sid:83704772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.119.87.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841673/; classtype:trojan-activity;sid:83704773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.239.254.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841666/; classtype:trojan-activity;sid:83704766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.39.247.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841667/; classtype:trojan-activity;sid:83704767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.121.229.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841661/; classtype:trojan-activity;sid:83704761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.80.77.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841656/; classtype:trojan-activity;sid:83704756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.236.247.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841650/; classtype:trojan-activity;sid:83704750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.180.25.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841652/; classtype:trojan-activity;sid:83704752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.241.14.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841647/; classtype:trojan-activity;sid:83704747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.4.51.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841636/; classtype:trojan-activity;sid:83704736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.79.48.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841639/; classtype:trojan-activity;sid:83704739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.145.123.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841644/; classtype:trojan-activity;sid:83704744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.115.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841631/; classtype:trojan-activity;sid:83704731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.188.4.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841632/; classtype:trojan-activity;sid:83704732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.38.157.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841633/; classtype:trojan-activity;sid:83704733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.209.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841625/; classtype:trojan-activity;sid:83704725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.151.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841621/; classtype:trojan-activity;sid:83704721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.209.184.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841624/; classtype:trojan-activity;sid:83704724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.127.92.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841616/; classtype:trojan-activity;sid:83704716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.189.254.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841617/; classtype:trojan-activity;sid:83704717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.245.220.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841613/; classtype:trojan-activity;sid:83704713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.192.22.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841604/; classtype:trojan-activity;sid:83704704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.187.118.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841606/; classtype:trojan-activity;sid:83704706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.209.184.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841608/; classtype:trojan-activity;sid:83704708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.16.63.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841610/; classtype:trojan-activity;sid:83704710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.58.51.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841602/; classtype:trojan-activity;sid:83704702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.8.227.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841587/; classtype:trojan-activity;sid:83704687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"144.48.170.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841594/; classtype:trojan-activity;sid:83704694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.14.11.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841596/; classtype:trojan-activity;sid:83704696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.107.78.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841582/; classtype:trojan-activity;sid:83704682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.176.27.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841584/; classtype:trojan-activity;sid:83704684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"159.224.143.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841581/; classtype:trojan-activity;sid:83704681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.145.205.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841570/; classtype:trojan-activity;sid:83704670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841312)"; flow:established,from_client; content:"GET"; http_method; content:"/aioc_5.0.0.63_it.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"912648.aioc.qbgxl.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841312/; classtype:trojan-activity;sid:83704412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2840617)"; flow:established,from_client; content:"GET"; http_method; content:"/ngrok.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.234.216.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_06; reference:url, urlhaus.abuse.ch/url/2840617/; classtype:trojan-activity;sid:83703717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2840616)"; flow:established,from_client; content:"GET"; http_method; content:"/ph32.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.234.216.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_06; reference:url, urlhaus.abuse.ch/url/2840616/; classtype:trojan-activity;sid:83703716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2840615)"; flow:established,from_client; content:"GET"; http_method; content:"/dcontrol.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.234.216.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_06; reference:url, urlhaus.abuse.ch/url/2840615/; classtype:trojan-activity;sid:83703715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2840614)"; flow:established,from_client; content:"GET"; http_method; content:"/vmmanagedsetup.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.234.216.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_06; reference:url, urlhaus.abuse.ch/url/2840614/; classtype:trojan-activity;sid:83703714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2840605)"; flow:established,from_client; content:"GET"; http_method; content:"/hyp.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.234.216.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_06; reference:url, urlhaus.abuse.ch/url/2840605/; classtype:trojan-activity;sid:83703705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2840606)"; flow:established,from_client; content:"GET"; http_method; content:"/clearlog.bat"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.234.216.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_06; reference:url, urlhaus.abuse.ch/url/2840606/; classtype:trojan-activity;sid:83703706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2840607)"; flow:established,from_client; content:"GET"; http_method; content:"/backup.bat"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.234.216.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_06; reference:url, urlhaus.abuse.ch/url/2840607/; classtype:trojan-activity;sid:83703707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2840608)"; flow:established,from_client; content:"GET"; http_method; content:"/logofall1.bat"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.234.216.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_06; reference:url, urlhaus.abuse.ch/url/2840608/; classtype:trojan-activity;sid:83703708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2840609)"; flow:established,from_client; content:"GET"; http_method; content:"/z1.bat"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.234.216.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_06; reference:url, urlhaus.abuse.ch/url/2840609/; classtype:trojan-activity;sid:83703709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2840610)"; flow:established,from_client; content:"GET"; http_method; content:"/shadow.bat"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.234.216.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_06; reference:url, urlhaus.abuse.ch/url/2840610/; classtype:trojan-activity;sid:83703710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2840611)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowguru.bat"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.234.216.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_06; reference:url, urlhaus.abuse.ch/url/2840611/; classtype:trojan-activity;sid:83703711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2840612)"; flow:established,from_client; content:"GET"; http_method; content:"/z.bat"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.234.216.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_06; reference:url, urlhaus.abuse.ch/url/2840612/; classtype:trojan-activity;sid:83703712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2840613)"; flow:established,from_client; content:"GET"; http_method; content:"/logofall.bat"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.234.216.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_06; reference:url, urlhaus.abuse.ch/url/2840613/; classtype:trojan-activity;sid:83703713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2840603)"; flow:established,from_client; content:"GET"; http_method; content:"/pchunter64_pps.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.234.216.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_06; reference:url, urlhaus.abuse.ch/url/2840603/; classtype:trojan-activity;sid:83703703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2840604)"; flow:established,from_client; content:"GET"; http_method; content:"/pchunter64_new.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.234.216.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_06; reference:url, urlhaus.abuse.ch/url/2840604/; classtype:trojan-activity;sid:83703704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2840470)"; flow:established,from_client; content:"GET"; http_method; content:"/lidiyakamalova89/www/raw/main/ver.1.4.1.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_06; reference:url, urlhaus.abuse.ch/url/2840470/; classtype:trojan-activity;sid:83703570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2840335)"; flow:established,from_client; content:"GET"; http_method; content:"/coolismoney/laughing-octo-tribble/releases/download/v6/crazycore.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_06; reference:url, urlhaus.abuse.ch/url/2840335/; classtype:trojan-activity;sid:83703435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2839963)"; flow:established,from_client; content:"GET"; http_method; content:"/aioc_5.0.0.63_it.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"139520.aioc.qbgxl.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_06; reference:url, urlhaus.abuse.ch/url/2839963/; classtype:trojan-activity;sid:83703063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837970)"; flow:established,from_client; content:"GET"; http_method; content:"/zhw10.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.61.248.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837970/; classtype:trojan-activity;sid:83701070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837968)"; flow:established,from_client; content:"GET"; http_method; content:"/dd.rar"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.61.248.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837968/; classtype:trojan-activity;sid:83701068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837696)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"129.144.180.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837696/; classtype:trojan-activity;sid:83700796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837116)"; flow:established,from_client; content:"GET"; http_method; content:"/ag_injector_latest.apk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"dl.aginjector.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837116/; classtype:trojan-activity;sid:83700216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836854)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.146.202.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836854/; classtype:trojan-activity;sid:83699954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836844)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"195.211.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836844/; classtype:trojan-activity;sid:83699944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836849)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"200.54.37.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836849/; classtype:trojan-activity;sid:83699949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836794)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/raw/main/bots_mips"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836794/; classtype:trojan-activity;sid:83699894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836249)"; flow:established,from_client; content:"GET"; http_method; content:"/curl-amd64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836249/; classtype:trojan-activity;sid:83699349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835795)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/images/images/img.jpg"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"totalhorsehealth.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835795/; classtype:trojan-activity;sid:83698895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834964)"; flow:established,from_client; content:"GET"; http_method; content:"/kinsing"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834964/; classtype:trojan-activity;sid:83698064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834963)"; flow:established,from_client; content:"GET"; http_method; content:"/kinsing_aarch64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834963/; classtype:trojan-activity;sid:83698063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834957)"; flow:established,from_client; content:"GET"; http_method; content:"/libsystem.so"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834957/; classtype:trojan-activity;sid:83698057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834958)"; flow:established,from_client; content:"GET"; http_method; content:"/ex.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834958/; classtype:trojan-activity;sid:83698058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834959)"; flow:established,from_client; content:"GET"; http_method; content:"/a.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834959/; classtype:trojan-activity;sid:83698059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834960)"; flow:established,from_client; content:"GET"; http_method; content:"/d.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834960/; classtype:trojan-activity;sid:83698060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834961)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834961/; classtype:trojan-activity;sid:83698061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834962)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834962/; classtype:trojan-activity;sid:83698062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834955)"; flow:established,from_client; content:"GET"; http_method; content:"/tf.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834955/; classtype:trojan-activity;sid:83698055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834956)"; flow:established,from_client; content:"GET"; http_method; content:"/lh.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834956/; classtype:trojan-activity;sid:83698056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834945)"; flow:established,from_client; content:"GET"; http_method; content:"/p.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834945/; classtype:trojan-activity;sid:83698045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834506)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.129.31.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834506/; classtype:trojan-activity;sid:83697606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834471)"; flow:established,from_client; content:"GET"; http_method; content:"/telnetd"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.114.145.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834471/; classtype:trojan-activity;sid:83697571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834467)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.249.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834467/; classtype:trojan-activity;sid:83697567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834442)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834442/; classtype:trojan-activity;sid:83697542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834400)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834400/; classtype:trojan-activity;sid:83697500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834387)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834387/; classtype:trojan-activity;sid:83697487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834383)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.114.141.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834383/; classtype:trojan-activity;sid:83697483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834372)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834372/; classtype:trojan-activity;sid:83697472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834333)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.14.48.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834333/; classtype:trojan-activity;sid:83697433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833916)"; flow:established,from_client; content:"GET"; http_method; content:"/frexoff/efefwefwwf/main/cock.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833916/; classtype:trojan-activity;sid:83697016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833904)"; flow:established,from_client; content:"GET"; http_method; content:"/frexoff/efefwefwwf/raw/main/cock.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833904/; classtype:trojan-activity;sid:83697004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833893)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833893/; classtype:trojan-activity;sid:83696993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833829)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/raw/main/disbot"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833829/; classtype:trojan-activity;sid:83696929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833648)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/arm7"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833648/; classtype:trojan-activity;sid:83696748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833649)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/arm6"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833649/; classtype:trojan-activity;sid:83696749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833650)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/mips"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833650/; classtype:trojan-activity;sid:83696750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833651)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/x86_64"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833651/; classtype:trojan-activity;sid:83696751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833643)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/arm5"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833643/; classtype:trojan-activity;sid:83696743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833644)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/m68k"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833644/; classtype:trojan-activity;sid:83696744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833645)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/sh4"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833645/; classtype:trojan-activity;sid:83696745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833646)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/mpsl"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833646/; classtype:trojan-activity;sid:83696746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833647)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/arm"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833647/; classtype:trojan-activity;sid:83696747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833642)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/x86_32"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833642/; classtype:trojan-activity;sid:83696742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833217)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/raw/main/386"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833217/; classtype:trojan-activity;sid:83696317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833216)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/raw/main/mips"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833216/; classtype:trojan-activity;sid:83696316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833213)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/raw/main/mpsl"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833213/; classtype:trojan-activity;sid:83696313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832385)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|resid=59261c7e41b6478a%21212|7c|26|7c|authkey=!agx6xu7a8tjfwjs"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832385/; classtype:trojan-activity;sid:83695485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832383)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|resid=59261c7e41b6478a%21215|7c|26|7c|authkey=!ailxsvzlzbop3io"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832383/; classtype:trojan-activity;sid:83695483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831040)"; flow:established,from_client; content:"GET"; http_method; content:"/scdsshfk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hfs.t1linux.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831040/; classtype:trojan-activity;sid:83694140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830963)"; flow:established,from_client; content:"GET"; http_method; content:"/kampfkarren/roblox/files/15001743/roexec.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830963/; classtype:trojan-activity;sid:83694063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830955)"; flow:established,from_client; content:"GET"; http_method; content:"/delta-io/delta/files/15016110/delta.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830955/; classtype:trojan-activity;sid:83694055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829189)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.177.251.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829189/; classtype:trojan-activity;sid:83692289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828091)"; flow:established,from_client; content:"GET"; http_method; content:"/apk/imtoken-intl-v2.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"154.23.240.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828091/; classtype:trojan-activity;sid:83691191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828012)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"180.178.32.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828012/; classtype:trojan-activity;sid:83691112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827881)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/fkqcdjc473843.apk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"lh.yjjxz.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827881/; classtype:trojan-activity;sid:83690981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.106.91.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827860/; classtype:trojan-activity;sid:83690960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.146.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825993/; classtype:trojan-activity;sid:83689093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825975)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|resid=b24528e77689f9ac%21162|7c|26|7c|authkey=!apfh4vxvdjek1qc"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825975/; classtype:trojan-activity;sid:83689075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825003)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|resid=fdb0512de793b32e%21192|7c|26|7c|authkey=!aabmannkbvjdxgc"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825003/; classtype:trojan-activity;sid:83688103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825002)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/45.64.rar"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.167.2.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825002/; classtype:trojan-activity;sid:83688102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824999)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/45.64.json"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"121.167.2.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824999/; classtype:trojan-activity;sid:83688099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825000)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/45.6472.txt"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"121.167.2.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825000/; classtype:trojan-activity;sid:83688100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824981)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824981/; classtype:trojan-activity;sid:83688081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824688)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"24.79.48.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824688/; classtype:trojan-activity;sid:83687788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824078)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-win64-setup-unsigned.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824078/; classtype:trojan-activity;sid:83687178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824079)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-osx-unsigned.dmg"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824079/; classtype:trojan-activity;sid:83687179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824077)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-win32-setup-unsigned.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824077/; classtype:trojan-activity;sid:83687177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823973)"; flow:established,from_client; content:"GET"; http_method; content:"/g1/589/steamworks.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"by.haory.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823973/; classtype:trojan-activity;sid:83687073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823716)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imtoken-v2.apk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"token.im"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823716/; classtype:trojan-activity;sid:83686816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823284)"; flow:established,from_client; content:"GET"; http_method; content:"/acestream.apk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sportvision.app"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823284/; classtype:trojan-activity;sid:83686384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823257)"; flow:established,from_client; content:"GET"; http_method; content:"/imtoken-v2.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"imtoken8.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823257/; classtype:trojan-activity;sid:83686357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823256)"; flow:established,from_client; content:"GET"; http_method; content:"/imtoken.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"imtoken8.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823256/; classtype:trojan-activity;sid:83686356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823150)"; flow:established,from_client; content:"GET"; http_method; content:"/y-steamworks.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"117.50.194.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823150/; classtype:trojan-activity;sid:83686250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822910)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.150.253.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822910/; classtype:trojan-activity;sid:83686010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822909)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.89.188.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822909/; classtype:trojan-activity;sid:83686009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822908)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.30.85.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822908/; classtype:trojan-activity;sid:83686008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822907)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.159.1.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822907/; classtype:trojan-activity;sid:83686007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822890)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.50.148.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822890/; classtype:trojan-activity;sid:83685990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822893)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"112.120.173.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822893/; classtype:trojan-activity;sid:83685993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822894)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.136.240.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822894/; classtype:trojan-activity;sid:83685994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822895)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.252.66.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822895/; classtype:trojan-activity;sid:83685995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822898)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"173.215.77.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822898/; classtype:trojan-activity;sid:83685998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822899)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.18.223.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822899/; classtype:trojan-activity;sid:83685999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822886)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.92.222.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822886/; classtype:trojan-activity;sid:83685986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822887)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.30.245.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822887/; classtype:trojan-activity;sid:83685987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822889)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.244.120.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822889/; classtype:trojan-activity;sid:83685989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822881)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.154.131.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822881/; classtype:trojan-activity;sid:83685981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822882)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.141.135.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822882/; classtype:trojan-activity;sid:83685982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822883)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.248.150.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822883/; classtype:trojan-activity;sid:83685983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822876)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.76.195.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822876/; classtype:trojan-activity;sid:83685976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822877)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.13.221.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822877/; classtype:trojan-activity;sid:83685977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822864)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"141.105.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822864/; classtype:trojan-activity;sid:83685964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822866)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.254.173.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822866/; classtype:trojan-activity;sid:83685966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822868)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.215.163.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822868/; classtype:trojan-activity;sid:83685968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822869)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.114.137.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822869/; classtype:trojan-activity;sid:83685969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822870)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"201.184.84.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822870/; classtype:trojan-activity;sid:83685970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822873)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.148.20.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822873/; classtype:trojan-activity;sid:83685973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822874)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.120.179.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822874/; classtype:trojan-activity;sid:83685974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822851)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.127.76.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822851/; classtype:trojan-activity;sid:83685951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822861)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.189.172.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822861/; classtype:trojan-activity;sid:83685961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822862)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.128.195.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822862/; classtype:trojan-activity;sid:83685962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822863)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.77.74.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822863/; classtype:trojan-activity;sid:83685963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822844)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.248.81.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822844/; classtype:trojan-activity;sid:83685944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822846)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.67.251.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822846/; classtype:trojan-activity;sid:83685946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822847)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.242.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822847/; classtype:trojan-activity;sid:83685947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822849)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"70.166.80.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822849/; classtype:trojan-activity;sid:83685949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822839)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"163.53.205.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822839/; classtype:trojan-activity;sid:83685939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822833)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.253.241.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822833/; classtype:trojan-activity;sid:83685933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822834)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.154.187.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822834/; classtype:trojan-activity;sid:83685934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822820)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"101.161.231.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822820/; classtype:trojan-activity;sid:83685920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822821)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.210.217.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822821/; classtype:trojan-activity;sid:83685921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822823)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.88.180.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822823/; classtype:trojan-activity;sid:83685923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822826)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.170.168.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822826/; classtype:trojan-activity;sid:83685926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822828)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"122.201.25.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822828/; classtype:trojan-activity;sid:83685928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822832)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.57.128.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822832/; classtype:trojan-activity;sid:83685932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822808)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.254.223.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822808/; classtype:trojan-activity;sid:83685908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822809)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.116.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822809/; classtype:trojan-activity;sid:83685909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822810)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.201.184.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822810/; classtype:trojan-activity;sid:83685910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822811)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.200.72.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822811/; classtype:trojan-activity;sid:83685911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822812)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.89.11.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822812/; classtype:trojan-activity;sid:83685912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822814)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.34.20.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822814/; classtype:trojan-activity;sid:83685914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822815)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.189.125.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822815/; classtype:trojan-activity;sid:83685915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822819)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.114.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822819/; classtype:trojan-activity;sid:83685919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822801)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"146.196.97.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822801/; classtype:trojan-activity;sid:83685901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822802)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.96.214.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822802/; classtype:trojan-activity;sid:83685902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822806)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.116.68.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822806/; classtype:trojan-activity;sid:83685906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822797)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.131.81.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822797/; classtype:trojan-activity;sid:83685897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822800)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.69.88.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822800/; classtype:trojan-activity;sid:83685900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822794)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.72.6.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822794/; classtype:trojan-activity;sid:83685894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822781)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.158.175.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822781/; classtype:trojan-activity;sid:83685881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822782)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.154.135.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822782/; classtype:trojan-activity;sid:83685882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822783)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.91.37.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822783/; classtype:trojan-activity;sid:83685883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822784)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.237.174.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822784/; classtype:trojan-activity;sid:83685884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822785)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.202.83.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822785/; classtype:trojan-activity;sid:83685885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822787)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.41.91.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822787/; classtype:trojan-activity;sid:83685887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822789)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.120.179.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822789/; classtype:trojan-activity;sid:83685889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822790)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.227.118.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822790/; classtype:trojan-activity;sid:83685890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822791)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.101.130.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822791/; classtype:trojan-activity;sid:83685891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822792)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.78.201.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822792/; classtype:trojan-activity;sid:83685892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822770)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.252.66.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822770/; classtype:trojan-activity;sid:83685870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822772)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.210.50.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822772/; classtype:trojan-activity;sid:83685872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822774)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.5.61.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822774/; classtype:trojan-activity;sid:83685874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822762)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"139.60.191.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822762/; classtype:trojan-activity;sid:83685862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822763)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822763/; classtype:trojan-activity;sid:83685863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822764)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.246.177.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822764/; classtype:trojan-activity;sid:83685864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822768)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.34.7.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822768/; classtype:trojan-activity;sid:83685868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822757)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.244.112.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822757/; classtype:trojan-activity;sid:83685857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822754)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.175.223.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822754/; classtype:trojan-activity;sid:83685854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822755)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.1.157.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822755/; classtype:trojan-activity;sid:83685855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822751)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.42.201.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822751/; classtype:trojan-activity;sid:83685851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822746)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.190.142.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822746/; classtype:trojan-activity;sid:83685846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822747)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.58.21.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822747/; classtype:trojan-activity;sid:83685847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822734)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.28.58.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822734/; classtype:trojan-activity;sid:83685834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822735)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.21.223.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822735/; classtype:trojan-activity;sid:83685835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822736)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.63.242.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822736/; classtype:trojan-activity;sid:83685836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822737)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"177.242.106.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822737/; classtype:trojan-activity;sid:83685837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822740)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"168.228.6.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822740/; classtype:trojan-activity;sid:83685840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822741)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.248.150.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822741/; classtype:trojan-activity;sid:83685841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822743)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.7.153.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822743/; classtype:trojan-activity;sid:83685843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822744)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"201.184.231.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822744/; classtype:trojan-activity;sid:83685844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822727)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"138.19.251.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822727/; classtype:trojan-activity;sid:83685827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822728)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.75.222.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822728/; classtype:trojan-activity;sid:83685828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822733)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.70.242.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822733/; classtype:trojan-activity;sid:83685833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822719)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"102.216.69.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822719/; classtype:trojan-activity;sid:83685819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822721)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.193.120.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822721/; classtype:trojan-activity;sid:83685821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822724)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.179.121.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822724/; classtype:trojan-activity;sid:83685824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822726)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.41.63.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822726/; classtype:trojan-activity;sid:83685826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822711)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822711/; classtype:trojan-activity;sid:83685811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822706)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.215.61.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822706/; classtype:trojan-activity;sid:83685806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822695)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.228.135.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822695/; classtype:trojan-activity;sid:83685795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822699)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.236.114.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822699/; classtype:trojan-activity;sid:83685799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822702)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.238.132.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822702/; classtype:trojan-activity;sid:83685802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822704)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.91.171.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822704/; classtype:trojan-activity;sid:83685804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822705)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.52.164.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822705/; classtype:trojan-activity;sid:83685805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822685)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.191.16.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822685/; classtype:trojan-activity;sid:83685785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822688)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.224.100.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822688/; classtype:trojan-activity;sid:83685788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822689)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.43.201.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822689/; classtype:trojan-activity;sid:83685789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822691)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.129.106.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822691/; classtype:trojan-activity;sid:83685791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822692)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.111.182.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822692/; classtype:trojan-activity;sid:83685792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822694)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.140.105.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822694/; classtype:trojan-activity;sid:83685794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822676)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.49.4.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822676/; classtype:trojan-activity;sid:83685776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822678)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.212.109.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822678/; classtype:trojan-activity;sid:83685778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822681)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"146.196.120.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822681/; classtype:trojan-activity;sid:83685781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822674)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.156.46.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822674/; classtype:trojan-activity;sid:83685774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822673)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"164.215.113.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822673/; classtype:trojan-activity;sid:83685773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822671)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.197.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822671/; classtype:trojan-activity;sid:83685771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822670)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.58.78.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822670/; classtype:trojan-activity;sid:83685770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822669)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.151.82.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822669/; classtype:trojan-activity;sid:83685769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822663)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.42.121.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822663/; classtype:trojan-activity;sid:83685763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822646)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.19.172.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822646/; classtype:trojan-activity;sid:83685746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822647)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.93.245.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822647/; classtype:trojan-activity;sid:83685747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822650)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.129.2.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822650/; classtype:trojan-activity;sid:83685750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822651)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"65.132.139.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822651/; classtype:trojan-activity;sid:83685751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822652)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.99.201.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822652/; classtype:trojan-activity;sid:83685752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822653)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"221.120.98.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822653/; classtype:trojan-activity;sid:83685753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822655)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.247.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822655/; classtype:trojan-activity;sid:83685755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822657)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.49.100.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822657/; classtype:trojan-activity;sid:83685757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822637)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"189.204.177.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822637/; classtype:trojan-activity;sid:83685737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822638)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.183.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822638/; classtype:trojan-activity;sid:83685738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822639)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"218.86.123.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822639/; classtype:trojan-activity;sid:83685739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822618)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.195.160.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822618/; classtype:trojan-activity;sid:83685718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822619)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.154.93.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822619/; classtype:trojan-activity;sid:83685719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822620)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"150.129.202.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822620/; classtype:trojan-activity;sid:83685720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822621)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.89.129.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822621/; classtype:trojan-activity;sid:83685721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822622)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.25.214.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822622/; classtype:trojan-activity;sid:83685722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822600)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.236.113.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822600/; classtype:trojan-activity;sid:83685700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822601)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.94.29.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822601/; classtype:trojan-activity;sid:83685701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822602)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.248.150.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822602/; classtype:trojan-activity;sid:83685702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822606)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.216.100.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822606/; classtype:trojan-activity;sid:83685706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822607)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.49.214.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822607/; classtype:trojan-activity;sid:83685707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822608)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.42.98.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822608/; classtype:trojan-activity;sid:83685708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822609)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.159.0.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822609/; classtype:trojan-activity;sid:83685709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822611)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.34.22.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822611/; classtype:trojan-activity;sid:83685711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822612)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"63.78.214.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822612/; classtype:trojan-activity;sid:83685712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822615)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"125.20.254.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822615/; classtype:trojan-activity;sid:83685715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822616)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.109.201.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822616/; classtype:trojan-activity;sid:83685716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822590)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.22.48.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822590/; classtype:trojan-activity;sid:83685690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822592)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.211.252.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822592/; classtype:trojan-activity;sid:83685692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822595)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.210.198.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822595/; classtype:trojan-activity;sid:83685695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822596)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.140.99.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822596/; classtype:trojan-activity;sid:83685696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822597)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.69.89.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822597/; classtype:trojan-activity;sid:83685697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822577)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.77.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822577/; classtype:trojan-activity;sid:83685677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822578)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.175.134.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822578/; classtype:trojan-activity;sid:83685678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822580)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.43.59.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822580/; classtype:trojan-activity;sid:83685680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822581)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.171.80.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822581/; classtype:trojan-activity;sid:83685681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822583)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.245.10.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822583/; classtype:trojan-activity;sid:83685683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822585)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.89.199.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822585/; classtype:trojan-activity;sid:83685685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822586)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"144.48.169.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822586/; classtype:trojan-activity;sid:83685686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822587)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.179.41.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822587/; classtype:trojan-activity;sid:83685687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822565)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.212.51.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822565/; classtype:trojan-activity;sid:83685665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822566)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.104.195.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822566/; classtype:trojan-activity;sid:83685666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822570)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.5.19.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822570/; classtype:trojan-activity;sid:83685670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822571)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.249.140.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822571/; classtype:trojan-activity;sid:83685671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822572)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.115.174.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822572/; classtype:trojan-activity;sid:83685672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822574)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"147.91.249.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822574/; classtype:trojan-activity;sid:83685674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822556)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"209.42.55.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822556/; classtype:trojan-activity;sid:83685656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822557)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.41.225.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822557/; classtype:trojan-activity;sid:83685657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822559)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.9.192.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822559/; classtype:trojan-activity;sid:83685659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822560)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.192.33.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822560/; classtype:trojan-activity;sid:83685660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822564)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.249.52.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822564/; classtype:trojan-activity;sid:83685664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822551)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"98.124.87.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822551/; classtype:trojan-activity;sid:83685651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822552)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.202.9.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822552/; classtype:trojan-activity;sid:83685652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822547)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.73.70.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822547/; classtype:trojan-activity;sid:83685647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822548)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.92.82.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822548/; classtype:trojan-activity;sid:83685648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822549)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.254.255.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822549/; classtype:trojan-activity;sid:83685649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822544)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.53.164.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822544/; classtype:trojan-activity;sid:83685644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822545)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"139.255.17.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822545/; classtype:trojan-activity;sid:83685645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822546)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.69.219.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822546/; classtype:trojan-activity;sid:83685646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822536)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.228.134.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822536/; classtype:trojan-activity;sid:83685636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822537)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822537/; classtype:trojan-activity;sid:83685637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822542)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"179.190.109.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822542/; classtype:trojan-activity;sid:83685642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822543)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.119.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822543/; classtype:trojan-activity;sid:83685643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822523)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.167.25.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822523/; classtype:trojan-activity;sid:83685623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822524)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.136.195.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822524/; classtype:trojan-activity;sid:83685624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822525)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.232.241.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822525/; classtype:trojan-activity;sid:83685625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822526)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"90.182.214.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822526/; classtype:trojan-activity;sid:83685626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822530)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.64.96.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822530/; classtype:trojan-activity;sid:83685630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822532)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.140.100.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822532/; classtype:trojan-activity;sid:83685632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822533)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"146.120.241.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822533/; classtype:trojan-activity;sid:83685633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822522)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.140.32.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822522/; classtype:trojan-activity;sid:83685622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822512)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.12.6.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822512/; classtype:trojan-activity;sid:83685612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822514)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"136.169.119.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822514/; classtype:trojan-activity;sid:83685614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822515)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.248.145.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822515/; classtype:trojan-activity;sid:83685615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822516)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.239.22.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822516/; classtype:trojan-activity;sid:83685616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822517)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.66.105.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822517/; classtype:trojan-activity;sid:83685617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822511)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.116.1.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822511/; classtype:trojan-activity;sid:83685611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822507)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.141.122.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822507/; classtype:trojan-activity;sid:83685607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822510)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.67.251.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822510/; classtype:trojan-activity;sid:83685610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822501)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.189.188.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822501/; classtype:trojan-activity;sid:83685601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822505)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.219.119.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822505/; classtype:trojan-activity;sid:83685605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822498)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.80.242.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822498/; classtype:trojan-activity;sid:83685598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822495)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.28.123.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822495/; classtype:trojan-activity;sid:83685595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822497)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.184.249.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822497/; classtype:trojan-activity;sid:83685597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822493)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.84.131.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822493/; classtype:trojan-activity;sid:83685593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822494)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.253.154.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822494/; classtype:trojan-activity;sid:83685594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822491)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.176.138.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822491/; classtype:trojan-activity;sid:83685591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822487)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.49.124.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822487/; classtype:trojan-activity;sid:83685587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822488)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.187.82.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822488/; classtype:trojan-activity;sid:83685588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822478)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.200.106.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822478/; classtype:trojan-activity;sid:83685578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822481)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.224.243.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822481/; classtype:trojan-activity;sid:83685581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822466)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.160.3.5"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822466/; classtype:trojan-activity;sid:83685566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822467)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.126.186.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822467/; classtype:trojan-activity;sid:83685567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822468)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.91.144.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822468/; classtype:trojan-activity;sid:83685568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822469)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.79.114.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822469/; classtype:trojan-activity;sid:83685569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822470)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.130.41.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822470/; classtype:trojan-activity;sid:83685570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822471)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.2.237.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822471/; classtype:trojan-activity;sid:83685571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822472)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"86.63.108.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822472/; classtype:trojan-activity;sid:83685572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822473)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"42.98.254.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822473/; classtype:trojan-activity;sid:83685573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822474)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.4.110.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822474/; classtype:trojan-activity;sid:83685574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822475)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.71.250.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822475/; classtype:trojan-activity;sid:83685575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822476)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.115.114.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822476/; classtype:trojan-activity;sid:83685576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822460)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.69.79.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822460/; classtype:trojan-activity;sid:83685560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822461)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.152.23.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822461/; classtype:trojan-activity;sid:83685561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822462)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.61.163.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822462/; classtype:trojan-activity;sid:83685562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822455)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.130.70.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822455/; classtype:trojan-activity;sid:83685555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822451)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.214.241.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822451/; classtype:trojan-activity;sid:83685551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822435)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.222.45.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822435/; classtype:trojan-activity;sid:83685535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822436)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"90.182.214.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822436/; classtype:trojan-activity;sid:83685536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822437)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.218.249.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822437/; classtype:trojan-activity;sid:83685537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822439)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.114.109.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822439/; classtype:trojan-activity;sid:83685539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822441)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.90.207.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822441/; classtype:trojan-activity;sid:83685541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822442)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"71.83.248.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822442/; classtype:trojan-activity;sid:83685542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822443)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"151.237.4.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822443/; classtype:trojan-activity;sid:83685543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822445)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.93.177.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822445/; classtype:trojan-activity;sid:83685545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822426)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.228.134.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822426/; classtype:trojan-activity;sid:83685526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822430)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.112.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822430/; classtype:trojan-activity;sid:83685530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822432)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.71.69.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822432/; classtype:trojan-activity;sid:83685532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822416)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.6.74.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822416/; classtype:trojan-activity;sid:83685516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822417)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.15.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822417/; classtype:trojan-activity;sid:83685517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822418)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.92.98.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822418/; classtype:trojan-activity;sid:83685518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822421)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.43.34.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822421/; classtype:trojan-activity;sid:83685521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822423)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.54.15.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822423/; classtype:trojan-activity;sid:83685523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822411)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.111.14.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822411/; classtype:trojan-activity;sid:83685511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822414)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.7.158.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822414/; classtype:trojan-activity;sid:83685514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822415)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.193.118.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822415/; classtype:trojan-activity;sid:83685515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822409)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.140.176.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822409/; classtype:trojan-activity;sid:83685509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822406)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.10.211.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822406/; classtype:trojan-activity;sid:83685506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822407)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.106.58.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822407/; classtype:trojan-activity;sid:83685507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822398)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.77.128.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822398/; classtype:trojan-activity;sid:83685498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822399)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"216.155.93.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822399/; classtype:trojan-activity;sid:83685499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822401)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.189.222.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822401/; classtype:trojan-activity;sid:83685501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822402)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"102.36.229.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822402/; classtype:trojan-activity;sid:83685502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822388)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.252.69.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822388/; classtype:trojan-activity;sid:83685488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822389)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.7.27.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822389/; classtype:trojan-activity;sid:83685489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822394)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.89.178.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822394/; classtype:trojan-activity;sid:83685494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822395)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"47.50.169.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822395/; classtype:trojan-activity;sid:83685495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822377)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.101.81.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822377/; classtype:trojan-activity;sid:83685477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822379)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.14.11.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822379/; classtype:trojan-activity;sid:83685479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822382)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.217.148.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822382/; classtype:trojan-activity;sid:83685482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822384)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.113.124.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822384/; classtype:trojan-activity;sid:83685484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822385)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.114.200.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822385/; classtype:trojan-activity;sid:83685485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822371)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.108.84.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822371/; classtype:trojan-activity;sid:83685471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822372)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.84.212.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822372/; classtype:trojan-activity;sid:83685472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822374)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.140.100.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822374/; classtype:trojan-activity;sid:83685474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822376)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.147.120.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822376/; classtype:trojan-activity;sid:83685476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822369)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.252.167.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822369/; classtype:trojan-activity;sid:83685469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822367)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.88.244.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822367/; classtype:trojan-activity;sid:83685467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822356)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.143.133.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822356/; classtype:trojan-activity;sid:83685456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822358)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.190.76.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822358/; classtype:trojan-activity;sid:83685458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822361)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"66.198.199.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822361/; classtype:trojan-activity;sid:83685461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822363)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.176.113.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822363/; classtype:trojan-activity;sid:83685463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822364)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.211.197.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822364/; classtype:trojan-activity;sid:83685464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822350)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.111.213.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822350/; classtype:trojan-activity;sid:83685450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822352)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"104.192.201.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822352/; classtype:trojan-activity;sid:83685452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822353)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.29.14.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822353/; classtype:trojan-activity;sid:83685453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822354)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.99.218.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822354/; classtype:trojan-activity;sid:83685454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822355)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.127.105.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822355/; classtype:trojan-activity;sid:83685455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822343)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.58.145.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822343/; classtype:trojan-activity;sid:83685443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822347)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"210.56.21.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822347/; classtype:trojan-activity;sid:83685447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822349)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.2.213.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822349/; classtype:trojan-activity;sid:83685449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822336)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.79.233.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822336/; classtype:trojan-activity;sid:83685436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822337)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.68.95.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822337/; classtype:trojan-activity;sid:83685437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822342)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.111.116.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822342/; classtype:trojan-activity;sid:83685442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822332)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.29.162.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822332/; classtype:trojan-activity;sid:83685432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822334)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.207.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822334/; classtype:trojan-activity;sid:83685434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822329)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.193.88.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822329/; classtype:trojan-activity;sid:83685429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822325)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.193.62.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822325/; classtype:trojan-activity;sid:83685425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822318)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"66.198.193.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822318/; classtype:trojan-activity;sid:83685418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822320)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"108.162.187.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822320/; classtype:trojan-activity;sid:83685420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822321)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.175.42.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822321/; classtype:trojan-activity;sid:83685421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822322)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"83.234.218.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822322/; classtype:trojan-activity;sid:83685422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822323)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.240.37.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822323/; classtype:trojan-activity;sid:83685423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822314)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.218.142.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822314/; classtype:trojan-activity;sid:83685414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822315)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.115.232.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822315/; classtype:trojan-activity;sid:83685415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822316)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.73.242.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822316/; classtype:trojan-activity;sid:83685416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822310)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.186.115.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822310/; classtype:trojan-activity;sid:83685410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822303)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"146.66.164.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822303/; classtype:trojan-activity;sid:83685403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822304)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.28.11.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822304/; classtype:trojan-activity;sid:83685404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822306)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.181.44.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822306/; classtype:trojan-activity;sid:83685406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822308)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"115.245.112.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822308/; classtype:trojan-activity;sid:83685408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822298)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"66.18.162.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822298/; classtype:trojan-activity;sid:83685398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822302)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.73.49.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822302/; classtype:trojan-activity;sid:83685402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822288)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.29.19.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822288/; classtype:trojan-activity;sid:83685388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822291)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.239.120.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822291/; classtype:trojan-activity;sid:83685391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822294)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"75.136.50.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822294/; classtype:trojan-activity;sid:83685394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822295)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.0.131.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822295/; classtype:trojan-activity;sid:83685395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822282)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.197.209.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822282/; classtype:trojan-activity;sid:83685382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822283)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.207.203.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822283/; classtype:trojan-activity;sid:83685383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822284)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"173.235.65.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822284/; classtype:trojan-activity;sid:83685384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822286)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.237.250.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822286/; classtype:trojan-activity;sid:83685386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822287)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.236.46.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822287/; classtype:trojan-activity;sid:83685387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822274)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.43.16.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822274/; classtype:trojan-activity;sid:83685374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822275)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.131.244.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822275/; classtype:trojan-activity;sid:83685375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822278)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.212.49.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822278/; classtype:trojan-activity;sid:83685378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822280)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.64.210.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822280/; classtype:trojan-activity;sid:83685380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822272)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"117.120.28.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822272/; classtype:trojan-activity;sid:83685372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822266)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.117.133.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822266/; classtype:trojan-activity;sid:83685366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822267)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"120.31.135.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822267/; classtype:trojan-activity;sid:83685367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822268)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.122.96.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822268/; classtype:trojan-activity;sid:83685368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822262)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.172.170.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822262/; classtype:trojan-activity;sid:83685362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822263)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.228.64.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822263/; classtype:trojan-activity;sid:83685363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822265)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.199.144.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822265/; classtype:trojan-activity;sid:83685365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822255)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.159.74.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822255/; classtype:trojan-activity;sid:83685355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822257)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.57.135.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822257/; classtype:trojan-activity;sid:83685357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822258)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.237.174.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822258/; classtype:trojan-activity;sid:83685358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822248)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.50.146.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822248/; classtype:trojan-activity;sid:83685348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822249)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.215.23.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822249/; classtype:trojan-activity;sid:83685349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822250)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.117.210.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822250/; classtype:trojan-activity;sid:83685350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822253)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.83.245.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822253/; classtype:trojan-activity;sid:83685353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822240)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.28.58.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822240/; classtype:trojan-activity;sid:83685340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822242)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"102.218.172.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822242/; classtype:trojan-activity;sid:83685342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822245)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"146.196.120.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822245/; classtype:trojan-activity;sid:83685345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822236)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.24.131.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822236/; classtype:trojan-activity;sid:83685336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822237)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.202.245.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822237/; classtype:trojan-activity;sid:83685337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822225)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.246.214.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822225/; classtype:trojan-activity;sid:83685325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822226)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.189.199.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822226/; classtype:trojan-activity;sid:83685326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822227)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.155.64.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822227/; classtype:trojan-activity;sid:83685327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822229)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"208.89.168.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822229/; classtype:trojan-activity;sid:83685329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822230)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.254.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822230/; classtype:trojan-activity;sid:83685330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822219)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.153.22.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822219/; classtype:trojan-activity;sid:83685319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822223)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"165.165.183.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822223/; classtype:trojan-activity;sid:83685323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822224)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"24.202.206.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822224/; classtype:trojan-activity;sid:83685324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822211)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.93.83.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822211/; classtype:trojan-activity;sid:83685311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822212)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.17.61.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822212/; classtype:trojan-activity;sid:83685312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822214)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.217.148.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822214/; classtype:trojan-activity;sid:83685314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822204)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.157.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822204/; classtype:trojan-activity;sid:83685304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822207)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.244.169.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822207/; classtype:trojan-activity;sid:83685307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822196)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.40.84.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822196/; classtype:trojan-activity;sid:83685296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822197)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.186.54.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822197/; classtype:trojan-activity;sid:83685297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822198)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.163.57.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822198/; classtype:trojan-activity;sid:83685298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822199)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.52.94.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822199/; classtype:trojan-activity;sid:83685299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822194)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.254.192.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822194/; classtype:trojan-activity;sid:83685294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822195)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.248.150.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822195/; classtype:trojan-activity;sid:83685295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822192)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.255.164.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822192/; classtype:trojan-activity;sid:83685292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822191)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"177.84.237.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822191/; classtype:trojan-activity;sid:83685291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822186)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.168.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822186/; classtype:trojan-activity;sid:83685286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822187)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"180.211.169.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822187/; classtype:trojan-activity;sid:83685287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822189)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.145.168.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822189/; classtype:trojan-activity;sid:83685289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822190)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.162.113.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822190/; classtype:trojan-activity;sid:83685290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822184)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"194.187.151.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822184/; classtype:trojan-activity;sid:83685284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822174)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.177.98.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822174/; classtype:trojan-activity;sid:83685274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822178)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.60.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822178/; classtype:trojan-activity;sid:83685278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822160)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.64.4.199"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822160/; classtype:trojan-activity;sid:83685260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822161)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.159.4.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822161/; classtype:trojan-activity;sid:83685261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822162)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.62.233.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822162/; classtype:trojan-activity;sid:83685262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822163)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"180.250.160.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822163/; classtype:trojan-activity;sid:83685263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822165)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"211.186.82.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822165/; classtype:trojan-activity;sid:83685265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822167)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.173.173.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822167/; classtype:trojan-activity;sid:83685267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822168)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.190.20.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822168/; classtype:trojan-activity;sid:83685268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822169)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.34.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822169/; classtype:trojan-activity;sid:83685269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822159)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"177.66.105.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822159/; classtype:trojan-activity;sid:83685259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822153)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.52.86.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822153/; classtype:trojan-activity;sid:83685253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822155)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.18.223.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822155/; classtype:trojan-activity;sid:83685255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822156)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.91.186.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822156/; classtype:trojan-activity;sid:83685256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822148)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.129.195.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822148/; classtype:trojan-activity;sid:83685248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822149)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.129.2.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822149/; classtype:trojan-activity;sid:83685249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822150)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.246.165.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822150/; classtype:trojan-activity;sid:83685250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822142)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.44.110.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822142/; classtype:trojan-activity;sid:83685242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822144)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"102.0.4.86"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822144/; classtype:trojan-activity;sid:83685244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822145)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.215.69.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822145/; classtype:trojan-activity;sid:83685245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822140)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.211.8.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822140/; classtype:trojan-activity;sid:83685240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822138)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.191.123.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822138/; classtype:trojan-activity;sid:83685238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822129)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"150.107.205.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822129/; classtype:trojan-activity;sid:83685229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822130)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.21.132.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822130/; classtype:trojan-activity;sid:83685230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822131)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.162.141.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822131/; classtype:trojan-activity;sid:83685231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822132)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"150.129.202.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822132/; classtype:trojan-activity;sid:83685232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822133)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.154.84.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822133/; classtype:trojan-activity;sid:83685233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822134)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.89.240.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822134/; classtype:trojan-activity;sid:83685234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822137)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.174.152.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822137/; classtype:trojan-activity;sid:83685237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822125)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.17.23.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822125/; classtype:trojan-activity;sid:83685225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822126)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.105.205.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822126/; classtype:trojan-activity;sid:83685226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822127)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.200.63.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822127/; classtype:trojan-activity;sid:83685227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822116)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.115.254.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822116/; classtype:trojan-activity;sid:83685216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822121)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.247.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822121/; classtype:trojan-activity;sid:83685221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822123)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.92.143.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822123/; classtype:trojan-activity;sid:83685223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822124)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.237.162.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822124/; classtype:trojan-activity;sid:83685224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822109)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"201.234.253.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822109/; classtype:trojan-activity;sid:83685209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822111)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.204.218.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822111/; classtype:trojan-activity;sid:83685211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822112)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.248.150.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822112/; classtype:trojan-activity;sid:83685212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822113)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.199.179.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822113/; classtype:trojan-activity;sid:83685213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822114)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"86.101.187.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822114/; classtype:trojan-activity;sid:83685214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822100)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"83.147.93.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822100/; classtype:trojan-activity;sid:83685200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822101)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.65.35.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822101/; classtype:trojan-activity;sid:83685201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822102)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"138.122.43.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822102/; classtype:trojan-activity;sid:83685202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822103)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.248.150.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822103/; classtype:trojan-activity;sid:83685203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822106)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.174.99.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822106/; classtype:trojan-activity;sid:83685206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822098)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.10.183.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822098/; classtype:trojan-activity;sid:83685198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822083)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.162.70.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822083/; classtype:trojan-activity;sid:83685183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822084)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.20.51.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822084/; classtype:trojan-activity;sid:83685184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822086)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.118.45.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822086/; classtype:trojan-activity;sid:83685186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822088)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.122.210.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822088/; classtype:trojan-activity;sid:83685188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822091)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.62.179.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822091/; classtype:trojan-activity;sid:83685191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822092)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.70.204.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822092/; classtype:trojan-activity;sid:83685192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822093)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.89.206.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822093/; classtype:trojan-activity;sid:83685193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822073)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.121.161.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822073/; classtype:trojan-activity;sid:83685173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822074)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.52.72.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822074/; classtype:trojan-activity;sid:83685174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822076)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.115.254.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822076/; classtype:trojan-activity;sid:83685176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822077)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.4.44.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822077/; classtype:trojan-activity;sid:83685177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822080)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.199.144.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822080/; classtype:trojan-activity;sid:83685180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822065)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.29.147.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822065/; classtype:trojan-activity;sid:83685165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822066)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.173.163.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822066/; classtype:trojan-activity;sid:83685166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822067)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.203.218.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822067/; classtype:trojan-activity;sid:83685167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822072)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"174.78.254.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822072/; classtype:trojan-activity;sid:83685172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822058)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.137.36.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822058/; classtype:trojan-activity;sid:83685158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822060)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.171.55.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822060/; classtype:trojan-activity;sid:83685160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822054)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.0.129.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822054/; classtype:trojan-activity;sid:83685154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822048)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.73.121.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822048/; classtype:trojan-activity;sid:83685148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822052)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.69.88.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822052/; classtype:trojan-activity;sid:83685152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822042)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.113.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822042/; classtype:trojan-activity;sid:83685142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822044)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822044/; classtype:trojan-activity;sid:83685144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822046)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.175.189.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822046/; classtype:trojan-activity;sid:83685146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822047)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.29.249.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822047/; classtype:trojan-activity;sid:83685147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822031)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.120.179.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822031/; classtype:trojan-activity;sid:83685131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822035)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.208.145.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822035/; classtype:trojan-activity;sid:83685135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822039)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.48.119.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822039/; classtype:trojan-activity;sid:83685139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822040)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.114.97.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822040/; classtype:trojan-activity;sid:83685140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822041)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.115.103.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822041/; classtype:trojan-activity;sid:83685141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822020)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.98.13.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822020/; classtype:trojan-activity;sid:83685120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822022)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.186.22.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822022/; classtype:trojan-activity;sid:83685122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822023)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.84.143.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822023/; classtype:trojan-activity;sid:83685123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822026)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"187.33.225.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822026/; classtype:trojan-activity;sid:83685126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822027)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.100.241.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822027/; classtype:trojan-activity;sid:83685127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822017)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.194.25.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822017/; classtype:trojan-activity;sid:83685117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822018)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.192.78.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822018/; classtype:trojan-activity;sid:83685118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822019)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.73.244.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822019/; classtype:trojan-activity;sid:83685119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822013)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"69.70.215.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822013/; classtype:trojan-activity;sid:83685113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822014)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.119.95.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822014/; classtype:trojan-activity;sid:83685114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822011)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.237.157.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822011/; classtype:trojan-activity;sid:83685111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822007)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.122.211.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822007/; classtype:trojan-activity;sid:83685107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822008)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.205.131.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822008/; classtype:trojan-activity;sid:83685108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821996)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.230.158.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821996/; classtype:trojan-activity;sid:83685096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821998)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.29.162.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821998/; classtype:trojan-activity;sid:83685098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822001)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.101.130.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822001/; classtype:trojan-activity;sid:83685101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822003)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"86.38.171.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822003/; classtype:trojan-activity;sid:83685103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822004)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.251.5.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822004/; classtype:trojan-activity;sid:83685104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822005)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.223.44.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822005/; classtype:trojan-activity;sid:83685105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822006)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.89.245.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822006/; classtype:trojan-activity;sid:83685106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821994)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.15.233.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821994/; classtype:trojan-activity;sid:83685094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821981)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.58.83.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821981/; classtype:trojan-activity;sid:83685081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821982)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"134.249.186.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821982/; classtype:trojan-activity;sid:83685082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821983)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.242.106.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821983/; classtype:trojan-activity;sid:83685083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821984)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.109.168.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821984/; classtype:trojan-activity;sid:83685084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821985)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.17.36.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821985/; classtype:trojan-activity;sid:83685085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821986)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.171.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821986/; classtype:trojan-activity;sid:83685086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821976)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.188.30.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821976/; classtype:trojan-activity;sid:83685076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821977)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.68.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821977/; classtype:trojan-activity;sid:83685077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821979)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.94.100.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821979/; classtype:trojan-activity;sid:83685079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821980)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.32.86.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821980/; classtype:trojan-activity;sid:83685080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821971)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.248.41.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821971/; classtype:trojan-activity;sid:83685071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821966)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.189.218.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821966/; classtype:trojan-activity;sid:83685066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821968)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.93.92.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821968/; classtype:trojan-activity;sid:83685068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821969)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.34.22.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821969/; classtype:trojan-activity;sid:83685069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821970)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.247.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821970/; classtype:trojan-activity;sid:83685070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821961)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.93.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821961/; classtype:trojan-activity;sid:83685061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821958)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.254.23.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821958/; classtype:trojan-activity;sid:83685058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821959)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.151.56.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821959/; classtype:trojan-activity;sid:83685059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821960)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.133.95.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821960/; classtype:trojan-activity;sid:83685060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821957)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.0.69.42"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821957/; classtype:trojan-activity;sid:83685057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821951)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.121.80.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821951/; classtype:trojan-activity;sid:83685051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821952)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.139.153.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821952/; classtype:trojan-activity;sid:83685052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821953)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.231.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821953/; classtype:trojan-activity;sid:83685053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821954)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"189.71.131.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821954/; classtype:trojan-activity;sid:83685054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821955)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.66.125.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821955/; classtype:trojan-activity;sid:83685055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821942)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"76.76.195.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821942/; classtype:trojan-activity;sid:83685042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821944)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.177.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821944/; classtype:trojan-activity;sid:83685044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821945)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"191.103.250.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821945/; classtype:trojan-activity;sid:83685045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821946)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.212.237.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821946/; classtype:trojan-activity;sid:83685046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821948)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.11.95.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821948/; classtype:trojan-activity;sid:83685048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821949)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.0.129.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821949/; classtype:trojan-activity;sid:83685049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821928)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.88.109.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821928/; classtype:trojan-activity;sid:83685028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821929)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.30.234.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821929/; classtype:trojan-activity;sid:83685029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821930)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.16.143.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821930/; classtype:trojan-activity;sid:83685030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821931)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.2.23.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821931/; classtype:trojan-activity;sid:83685031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821935)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.127.112.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821935/; classtype:trojan-activity;sid:83685035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821937)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.18.148.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821937/; classtype:trojan-activity;sid:83685037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821938)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.67.4.139"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821938/; classtype:trojan-activity;sid:83685038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821939)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.193.59.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821939/; classtype:trojan-activity;sid:83685039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821940)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.98.86.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821940/; classtype:trojan-activity;sid:83685040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821922)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.238.118.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821922/; classtype:trojan-activity;sid:83685022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821923)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.254.46.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821923/; classtype:trojan-activity;sid:83685023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821925)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.111.119.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821925/; classtype:trojan-activity;sid:83685025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821926)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"210.4.69.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821926/; classtype:trojan-activity;sid:83685026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821917)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.195.191.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821917/; classtype:trojan-activity;sid:83685017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821918)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.126.195.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821918/; classtype:trojan-activity;sid:83685018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821914)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"86.101.187.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821914/; classtype:trojan-activity;sid:83685014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821915)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.43.228.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821915/; classtype:trojan-activity;sid:83685015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821910)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.248.150.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821910/; classtype:trojan-activity;sid:83685010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821911)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"120.50.10.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821911/; classtype:trojan-activity;sid:83685011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.196.97.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821871/; classtype:trojan-activity;sid:83684971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.184.249.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821869/; classtype:trojan-activity;sid:83684969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.189.188.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821857/; classtype:trojan-activity;sid:83684957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.10.211.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821858/; classtype:trojan-activity;sid:83684958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.53.205.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821859/; classtype:trojan-activity;sid:83684959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.29.162.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821861/; classtype:trojan-activity;sid:83684961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.43.228.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821854/; classtype:trojan-activity;sid:83684954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.114.137.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821850/; classtype:trojan-activity;sid:83684950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.166.220.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821842/; classtype:trojan-activity;sid:83684942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.246.165.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821843/; classtype:trojan-activity;sid:83684943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.162.70.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821844/; classtype:trojan-activity;sid:83684944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.191.16.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821845/; classtype:trojan-activity;sid:83684945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.116.1.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821846/; classtype:trojan-activity;sid:83684946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.155.64.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821838/; classtype:trojan-activity;sid:83684938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.95.254.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821828/; classtype:trojan-activity;sid:83684928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.148.20.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821829/; classtype:trojan-activity;sid:83684929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.19.183.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821831/; classtype:trojan-activity;sid:83684931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.196.120.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821825/; classtype:trojan-activity;sid:83684925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.190.57.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821826/; classtype:trojan-activity;sid:83684926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.0.131.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821818/; classtype:trojan-activity;sid:83684918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.195.191.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821821/; classtype:trojan-activity;sid:83684921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.14.11.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821822/; classtype:trojan-activity;sid:83684922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.91.37.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821823/; classtype:trojan-activity;sid:83684923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.129.2.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821811/; classtype:trojan-activity;sid:83684911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.77.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821813/; classtype:trojan-activity;sid:83684913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.0.129.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821806/; classtype:trojan-activity;sid:83684906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.41.63.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821800/; classtype:trojan-activity;sid:83684900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.193.62.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821801/; classtype:trojan-activity;sid:83684901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.159.1.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821802/; classtype:trojan-activity;sid:83684902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.185.119.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821804/; classtype:trojan-activity;sid:83684904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.147.120.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821793/; classtype:trojan-activity;sid:83684893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.187.149.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821794/; classtype:trojan-activity;sid:83684894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.164.132.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821797/; classtype:trojan-activity;sid:83684897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.7.158.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821787/; classtype:trojan-activity;sid:83684887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.7.20.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821789/; classtype:trojan-activity;sid:83684889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"75.136.50.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821790/; classtype:trojan-activity;sid:83684890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.66.125.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821782/; classtype:trojan-activity;sid:83684882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.149.127.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821783/; classtype:trojan-activity;sid:83684883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.248.41.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821785/; classtype:trojan-activity;sid:83684885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.175.134.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821776/; classtype:trojan-activity;sid:83684876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.212.49.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821778/; classtype:trojan-activity;sid:83684878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.66.105.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821781/; classtype:trojan-activity;sid:83684881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.236.46.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821772/; classtype:trojan-activity;sid:83684872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.197.209.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821773/; classtype:trojan-activity;sid:83684873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.49.124.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821769/; classtype:trojan-activity;sid:83684869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.34.20.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821770/; classtype:trojan-activity;sid:83684870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.190.20.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821765/; classtype:trojan-activity;sid:83684865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.96.214.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821759/; classtype:trojan-activity;sid:83684859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.72.6.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821760/; classtype:trojan-activity;sid:83684860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.129.2.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821762/; classtype:trojan-activity;sid:83684862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.29.162.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821752/; classtype:trojan-activity;sid:83684852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"173.235.65.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821753/; classtype:trojan-activity;sid:83684853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.129.202.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821754/; classtype:trojan-activity;sid:83684854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.211.252.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821755/; classtype:trojan-activity;sid:83684855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.237.162.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821756/; classtype:trojan-activity;sid:83684856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.204.218.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821758/; classtype:trojan-activity;sid:83684858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.2.23.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821747/; classtype:trojan-activity;sid:83684847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.109.113.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821748/; classtype:trojan-activity;sid:83684848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.239.120.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821749/; classtype:trojan-activity;sid:83684849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.18.223.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821751/; classtype:trojan-activity;sid:83684851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.151.143.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821740/; classtype:trojan-activity;sid:83684840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.205.131.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821743/; classtype:trojan-activity;sid:83684843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.126.195.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821744/; classtype:trojan-activity;sid:83684844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.104.195.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821745/; classtype:trojan-activity;sid:83684845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.4.44.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821735/; classtype:trojan-activity;sid:83684835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.49.100.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821736/; classtype:trojan-activity;sid:83684836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.188.30.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821737/; classtype:trojan-activity;sid:83684837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.150.253.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821738/; classtype:trojan-activity;sid:83684838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.57.135.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821730/; classtype:trojan-activity;sid:83684830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.154.187.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821732/; classtype:trojan-activity;sid:83684832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.59.133.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821734/; classtype:trojan-activity;sid:83684834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.159.4.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821721/; classtype:trojan-activity;sid:83684821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.5.19.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821722/; classtype:trojan-activity;sid:83684822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.115.103.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821723/; classtype:trojan-activity;sid:83684823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"147.91.249.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821726/; classtype:trojan-activity;sid:83684826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.199.179.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821728/; classtype:trojan-activity;sid:83684828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.126.178.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821714/; classtype:trojan-activity;sid:83684814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.254.23.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821716/; classtype:trojan-activity;sid:83684816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.237.4.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821706/; classtype:trojan-activity;sid:83684806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.117.210.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821710/; classtype:trojan-activity;sid:83684810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.173.173.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821711/; classtype:trojan-activity;sid:83684811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.84.237.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821701/; classtype:trojan-activity;sid:83684801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.93.245.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821703/; classtype:trojan-activity;sid:83684803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.246.177.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821690/; classtype:trojan-activity;sid:83684790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.159.0.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821692/; classtype:trojan-activity;sid:83684792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.121.80.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821696/; classtype:trojan-activity;sid:83684796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.106.58.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821697/; classtype:trojan-activity;sid:83684797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.186.82.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821699/; classtype:trojan-activity;sid:83684799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.224.243.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821700/; classtype:trojan-activity;sid:83684800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.63.242.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821679/; classtype:trojan-activity;sid:83684779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.224.242.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821680/; classtype:trojan-activity;sid:83684780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.136.195.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821681/; classtype:trojan-activity;sid:83684781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.86.123.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821685/; classtype:trojan-activity;sid:83684785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"168.228.6.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821687/; classtype:trojan-activity;sid:83684787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.0.129.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821676/; classtype:trojan-activity;sid:83684776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.184.231.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821677/; classtype:trojan-activity;sid:83684777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.190.109.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821678/; classtype:trojan-activity;sid:83684778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.22.237.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821669/; classtype:trojan-activity;sid:83684769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.137.36.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821670/; classtype:trojan-activity;sid:83684770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.211.169.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821665/; classtype:trojan-activity;sid:83684765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.117.133.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821662/; classtype:trojan-activity;sid:83684762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.200.106.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821660/; classtype:trojan-activity;sid:83684760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.242.106.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821656/; classtype:trojan-activity;sid:83684756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.78.201.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821657/; classtype:trojan-activity;sid:83684757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.109.201.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821659/; classtype:trojan-activity;sid:83684759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.248.145.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821654/; classtype:trojan-activity;sid:83684754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.254.46.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821647/; classtype:trojan-activity;sid:83684747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.20.254.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821650/; classtype:trojan-activity;sid:83684750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"210.56.21.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821651/; classtype:trojan-activity;sid:83684751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.252.66.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821646/; classtype:trojan-activity;sid:83684746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.193.59.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821639/; classtype:trojan-activity;sid:83684739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.205.125.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821643/; classtype:trojan-activity;sid:83684743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.57.128.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821644/; classtype:trojan-activity;sid:83684744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.12.6.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821629/; classtype:trojan-activity;sid:83684729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.65.35.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821634/; classtype:trojan-activity;sid:83684734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.158.95.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821636/; classtype:trojan-activity;sid:83684736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.177.98.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821638/; classtype:trojan-activity;sid:83684738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.61.163.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821619/; classtype:trojan-activity;sid:83684719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.15.176.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821620/; classtype:trojan-activity;sid:83684720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.207.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821622/; classtype:trojan-activity;sid:83684722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.15.233.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821623/; classtype:trojan-activity;sid:83684723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.237.250.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821625/; classtype:trojan-activity;sid:83684725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.2.237.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821616/; classtype:trojan-activity;sid:83684716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.208.56.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821617/; classtype:trojan-activity;sid:83684717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.16.143.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821611/; classtype:trojan-activity;sid:83684711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.129.202.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821597/; classtype:trojan-activity;sid:83684697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.68.95.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821599/; classtype:trojan-activity;sid:83684699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.42.98.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821603/; classtype:trojan-activity;sid:83684703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.163.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821591/; classtype:trojan-activity;sid:83684691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.196.120.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821594/; classtype:trojan-activity;sid:83684694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.134.42.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821595/; classtype:trojan-activity;sid:83684695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.184.54.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821587/; classtype:trojan-activity;sid:83684687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.66.105.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821583/; classtype:trojan-activity;sid:83684683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.101.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821580/; classtype:trojan-activity;sid:83684680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.218.152.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820658/; classtype:trojan-activity;sid:83683758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820346)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.188.4.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820346/; classtype:trojan-activity;sid:83683446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.200.63.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818999/; classtype:trojan-activity;sid:83682099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.126.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818992/; classtype:trojan-activity;sid:83682092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.224.100.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818993/; classtype:trojan-activity;sid:83682093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.89.206.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818990/; classtype:trojan-activity;sid:83682090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.52.86.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818988/; classtype:trojan-activity;sid:83682088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.30.245.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818987/; classtype:trojan-activity;sid:83682087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.252.66.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818981/; classtype:trojan-activity;sid:83682081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.15.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818983/; classtype:trojan-activity;sid:83682083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.254.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818984/; classtype:trojan-activity;sid:83682084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.38.24.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818967/; classtype:trojan-activity;sid:83682067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.76.195.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818969/; classtype:trojan-activity;sid:83682069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.49.4.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818973/; classtype:trojan-activity;sid:83682073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.71.250.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818974/; classtype:trojan-activity;sid:83682074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.140.32.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818975/; classtype:trojan-activity;sid:83682075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.242.106.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818977/; classtype:trojan-activity;sid:83682077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.43.16.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818978/; classtype:trojan-activity;sid:83682078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.170.168.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818962/; classtype:trojan-activity;sid:83682062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.114.191.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818966/; classtype:trojan-activity;sid:83682066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"98.14.183.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818954/; classtype:trojan-activity;sid:83682054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.161.231.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818950/; classtype:trojan-activity;sid:83682050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.252.69.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818946/; classtype:trojan-activity;sid:83682046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.167.25.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818948/; classtype:trojan-activity;sid:83682048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.67.60.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818949/; classtype:trojan-activity;sid:83682049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.182.214.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818943/; classtype:trojan-activity;sid:83682043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.207.203.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818944/; classtype:trojan-activity;sid:83682044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.137.36.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818930/; classtype:trojan-activity;sid:83682030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.90.207.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818939/; classtype:trojan-activity;sid:83682039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.135.142.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818940/; classtype:trojan-activity;sid:83682040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.21.132.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818922/; classtype:trojan-activity;sid:83682022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.160.3.5"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818924/; classtype:trojan-activity;sid:83682024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.50.148.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818926/; classtype:trojan-activity;sid:83682026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.41.225.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818915/; classtype:trojan-activity;sid:83682015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818917/; classtype:trojan-activity;sid:83682017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.64.200.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818919/; classtype:trojan-activity;sid:83682019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.143.133.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818920/; classtype:trojan-activity;sid:83682020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.58.78.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818911/; classtype:trojan-activity;sid:83682011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.73.244.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818912/; classtype:trojan-activity;sid:83682012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.73.49.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818905/; classtype:trojan-activity;sid:83682005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.254.192.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818906/; classtype:trojan-activity;sid:83682006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.70.242.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818907/; classtype:trojan-activity;sid:83682007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.202.49.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818899/; classtype:trojan-activity;sid:83681999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.98.254.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818901/; classtype:trojan-activity;sid:83682001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.133.95.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818884/; classtype:trojan-activity;sid:83681984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.193.21.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818887/; classtype:trojan-activity;sid:83681987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.10.183.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818888/; classtype:trojan-activity;sid:83681988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.0.69.42"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818889/; classtype:trojan-activity;sid:83681989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"98.124.87.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818880/; classtype:trojan-activity;sid:83681980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.119.95.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818881/; classtype:trojan-activity;sid:83681981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.79.233.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818883/; classtype:trojan-activity;sid:83681983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.111.182.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818876/; classtype:trojan-activity;sid:83681976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.120.28.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818878/; classtype:trojan-activity;sid:83681978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"139.255.17.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818872/; classtype:trojan-activity;sid:83681972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.127.112.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818874/; classtype:trojan-activity;sid:83681974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.94.9.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818867/; classtype:trojan-activity;sid:83681967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.111.14.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818868/; classtype:trojan-activity;sid:83681968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.215.23.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818865/; classtype:trojan-activity;sid:83681965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.127.105.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818866/; classtype:trojan-activity;sid:83681966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.31.28.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818864/; classtype:trojan-activity;sid:83681964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.100.63.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818857/; classtype:trojan-activity;sid:83681957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.113.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818852/; classtype:trojan-activity;sid:83681952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.122.210.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818845/; classtype:trojan-activity;sid:83681945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.101.187.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818847/; classtype:trojan-activity;sid:83681947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.187.36.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818851/; classtype:trojan-activity;sid:83681951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.194.46.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818833/; classtype:trojan-activity;sid:83681933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.52.94.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818837/; classtype:trojan-activity;sid:83681937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.122.43.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818838/; classtype:trojan-activity;sid:83681938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.210.35.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818840/; classtype:trojan-activity;sid:83681940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"76.76.195.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818843/; classtype:trojan-activity;sid:83681943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.77.128.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818830/; classtype:trojan-activity;sid:83681930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.176.113.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818832/; classtype:trojan-activity;sid:83681932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.25.133.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818829/; classtype:trojan-activity;sid:83681929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.102.177.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818823/; classtype:trojan-activity;sid:83681923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.81.93.24"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818824/; classtype:trojan-activity;sid:83681924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"136.169.119.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818826/; classtype:trojan-activity;sid:83681926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.216.69.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818820/; classtype:trojan-activity;sid:83681920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"139.60.191.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818821/; classtype:trojan-activity;sid:83681921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.110.124.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818795/; classtype:trojan-activity;sid:83681895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.145.168.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818798/; classtype:trojan-activity;sid:83681898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.40.84.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818800/; classtype:trojan-activity;sid:83681900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.62.233.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818804/; classtype:trojan-activity;sid:83681904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.153.20.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818806/; classtype:trojan-activity;sid:83681906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"108.162.187.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818807/; classtype:trojan-activity;sid:83681907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.202.206.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818789/; classtype:trojan-activity;sid:83681889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.219.119.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818786/; classtype:trojan-activity;sid:83681886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"134.249.186.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818787/; classtype:trojan-activity;sid:83681887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.136.240.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818773/; classtype:trojan-activity;sid:83681873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"63.78.214.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818777/; classtype:trojan-activity;sid:83681877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.114.200.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818778/; classtype:trojan-activity;sid:83681878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.17.36.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818770/; classtype:trojan-activity;sid:83681870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.203.218.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818772/; classtype:trojan-activity;sid:83681872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.83.245.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818768/; classtype:trojan-activity;sid:83681868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.181.0.20"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818757/; classtype:trojan-activity;sid:83681857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.180.35.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818758/; classtype:trojan-activity;sid:83681858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.248.150.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818759/; classtype:trojan-activity;sid:83681859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.233.242.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818761/; classtype:trojan-activity;sid:83681861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.85.48.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818755/; classtype:trojan-activity;sid:83681855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.247.163.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818753/; classtype:trojan-activity;sid:83681853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.81.131.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818754/; classtype:trojan-activity;sid:83681854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.79.114.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818276/; classtype:trojan-activity;sid:83681376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.69.219.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818271/; classtype:trojan-activity;sid:83681371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.115.254.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818269/; classtype:trojan-activity;sid:83681369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.105.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818240/; classtype:trojan-activity;sid:83681340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.231.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818237/; classtype:trojan-activity;sid:83681337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.98.123.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818233/; classtype:trojan-activity;sid:83681333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.251.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818229/; classtype:trojan-activity;sid:83681329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817434)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817434/; classtype:trojan-activity;sid:83680534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817435)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817435/; classtype:trojan-activity;sid:83680535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817436)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817436/; classtype:trojan-activity;sid:83680536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817433)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817433/; classtype:trojan-activity;sid:83680533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817422)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817422/; classtype:trojan-activity;sid:83680522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817423)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817423/; classtype:trojan-activity;sid:83680523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817426)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817426/; classtype:trojan-activity;sid:83680526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817416)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817416/; classtype:trojan-activity;sid:83680516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817360)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|resid=4e6f63f4c3c86180%21112|7c|26|7c|authkey=!aji85fsyq6pgubw"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817360/; classtype:trojan-activity;sid:83680460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817357)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1w6j0xeptoliyrblijhnxbm_qnnoptzfw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817357/; classtype:trojan-activity;sid:83680457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817239)"; flow:established,from_client; content:"GET"; http_method; content:"/pbhhdf/12/raw/main/keepvid-pro_full2578.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817239/; classtype:trojan-activity;sid:83680339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817148)"; flow:established,from_client; content:"GET"; http_method; content:"/coolismoney/laughing-octo-tribble/releases/download/v2/crazycore.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817148/; classtype:trojan-activity;sid:83680248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815161)"; flow:established,from_client; content:"GET"; http_method; content:"/men/prefer%20quotation.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"firstviewautoservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815161/; classtype:trojan-activity;sid:83678261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814939)"; flow:established,from_client; content:"GET"; http_method; content:"/tsrj_v11.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"47.111.180.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814939/; classtype:trojan-activity;sid:83678039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814938)"; flow:established,from_client; content:"GET"; http_method; content:"/tsrj_v12.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"47.111.180.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814938/; classtype:trojan-activity;sid:83678038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814937)"; flow:established,from_client; content:"GET"; http_method; content:"/logindll.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"47.111.180.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814937/; classtype:trojan-activity;sid:83678037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.222.45.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814131/; classtype:trojan-activity;sid:83677231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.162.141.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814129/; classtype:trojan-activity;sid:83677229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.89.129.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814126/; classtype:trojan-activity;sid:83677226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.21.223.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814127/; classtype:trojan-activity;sid:83677227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.250.160.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814128/; classtype:trojan-activity;sid:83677228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.193.88.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814125/; classtype:trojan-activity;sid:83677225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.228.134.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814116/; classtype:trojan-activity;sid:83677216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.2.213.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814118/; classtype:trojan-activity;sid:83677218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.168.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814119/; classtype:trojan-activity;sid:83677219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.101.246.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814121/; classtype:trojan-activity;sid:83677221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.12.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814108/; classtype:trojan-activity;sid:83677208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.133.214.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814109/; classtype:trojan-activity;sid:83677209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.38.18.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814102/; classtype:trojan-activity;sid:83677202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.76.195.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814103/; classtype:trojan-activity;sid:83677203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.126.186.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814105/; classtype:trojan-activity;sid:83677205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.231.226.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814093/; classtype:trojan-activity;sid:83677193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.128.195.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814095/; classtype:trojan-activity;sid:83677195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.93.41.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814086/; classtype:trojan-activity;sid:83677186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.254.173.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814087/; classtype:trojan-activity;sid:83677187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.22.48.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814080/; classtype:trojan-activity;sid:83677180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.34.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814082/; classtype:trojan-activity;sid:83677182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.189.218.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814083/; classtype:trojan-activity;sid:83677183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813931)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"47.116.25.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813931/; classtype:trojan-activity;sid:83677031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.217.148.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813794/; classtype:trojan-activity;sid:83676894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.67.115.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813793/; classtype:trojan-activity;sid:83676893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.67.227.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813787/; classtype:trojan-activity;sid:83676887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.174.99.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813152/; classtype:trojan-activity;sid:83676252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.247.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813151/; classtype:trojan-activity;sid:83676251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.153.22.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813148/; classtype:trojan-activity;sid:83676248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.28.123.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813150/; classtype:trojan-activity;sid:83676250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.36.229.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813138/; classtype:trojan-activity;sid:83676238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.218.249.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813140/; classtype:trojan-activity;sid:83676240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.30.85.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813143/; classtype:trojan-activity;sid:83676243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.210.217.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813146/; classtype:trojan-activity;sid:83676246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.253.154.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813147/; classtype:trojan-activity;sid:83676247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.58.145.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813136/; classtype:trojan-activity;sid:83676236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.89.245.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813137/; classtype:trojan-activity;sid:83676237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.91.144.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813133/; classtype:trojan-activity;sid:83676233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.43.59.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813134/; classtype:trojan-activity;sid:83676234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.100.50.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813128/; classtype:trojan-activity;sid:83676228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.198.242.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813129/; classtype:trojan-activity;sid:83676229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.248.81.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813122/; classtype:trojan-activity;sid:83676222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.216.100.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813125/; classtype:trojan-activity;sid:83676225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.91.182.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813126/; classtype:trojan-activity;sid:83676226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.162.59.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813115/; classtype:trojan-activity;sid:83676215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.29.14.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813111/; classtype:trojan-activity;sid:83676211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.101.130.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813112/; classtype:trojan-activity;sid:83676212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.151.56.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813107/; classtype:trojan-activity;sid:83676207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.165.209.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813108/; classtype:trojan-activity;sid:83676208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.120.179.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813091/; classtype:trojan-activity;sid:83676191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.30.234.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813093/; classtype:trojan-activity;sid:83676193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.141.135.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813098/; classtype:trojan-activity;sid:83676198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.179.121.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813100/; classtype:trojan-activity;sid:83676200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813101/; classtype:trojan-activity;sid:83676201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.190.142.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813103/; classtype:trojan-activity;sid:83676203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.29.249.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813084/; classtype:trojan-activity;sid:83676184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.211.44.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813085/; classtype:trojan-activity;sid:83676185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.39.242.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813081/; classtype:trojan-activity;sid:83676181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.163.57.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813078/; classtype:trojan-activity;sid:83676178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.238.132.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813074/; classtype:trojan-activity;sid:83676174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.111.213.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813067/; classtype:trojan-activity;sid:83676167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.22.136.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813068/; classtype:trojan-activity;sid:83676168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.249.52.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813070/; classtype:trojan-activity;sid:83676170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.228.64.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813057/; classtype:trojan-activity;sid:83676157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.77.74.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813060/; classtype:trojan-activity;sid:83676160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.189.125.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813064/; classtype:trojan-activity;sid:83676164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.171.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813046/; classtype:trojan-activity;sid:83676146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.120.179.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813047/; classtype:trojan-activity;sid:83676147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.109.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813048/; classtype:trojan-activity;sid:83676148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.108.84.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813049/; classtype:trojan-activity;sid:83676149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"144.48.169.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813051/; classtype:trojan-activity;sid:83676151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.244.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813052/; classtype:trojan-activity;sid:83676152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.42.122.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813053/; classtype:trojan-activity;sid:83676153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.230.153.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813037/; classtype:trojan-activity;sid:83676137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.68.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813039/; classtype:trojan-activity;sid:83676139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.70.204.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813040/; classtype:trojan-activity;sid:83676140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.58.21.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813041/; classtype:trojan-activity;sid:83676141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.19.251.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813028/; classtype:trojan-activity;sid:83676128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.29.137.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813029/; classtype:trojan-activity;sid:83676129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.54.15.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813030/; classtype:trojan-activity;sid:83676130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.169.235.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813024/; classtype:trojan-activity;sid:83676124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812539)"; flow:established,from_client; content:"GET"; http_method; content:"/dinsherman202/solid-lamp/releases/download/download/github.software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812539/; classtype:trojan-activity;sid:83675639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.177.251.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812241/; classtype:trojan-activity;sid:83675341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.177.251.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811482/; classtype:trojan-activity;sid:83674582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810327)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.81.93.24"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810327/; classtype:trojan-activity;sid:83673427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.113.68.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809352/; classtype:trojan-activity;sid:83672452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.69.79.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809237/; classtype:trojan-activity;sid:83672337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.255.164.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809236/; classtype:trojan-activity;sid:83672336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.239.105.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809231/; classtype:trojan-activity;sid:83672331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.175.223.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809227/; classtype:trojan-activity;sid:83672327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.211.197.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809228/; classtype:trojan-activity;sid:83672328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.58.39.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809230/; classtype:trojan-activity;sid:83672330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.81.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809223/; classtype:trojan-activity;sid:83672323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.100.241.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809224/; classtype:trojan-activity;sid:83672324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.60.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809225/; classtype:trojan-activity;sid:83672325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.244.169.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809226/; classtype:trojan-activity;sid:83672326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.9.192.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809221/; classtype:trojan-activity;sid:83672321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.211.8.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809208/; classtype:trojan-activity;sid:83672308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.93.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809209/; classtype:trojan-activity;sid:83672309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.95.186.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809204/; classtype:trojan-activity;sid:83672304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.21.19.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809206/; classtype:trojan-activity;sid:83672306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.4.124.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809202/; classtype:trojan-activity;sid:83672302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.122.96.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809203/; classtype:trojan-activity;sid:83672303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.5.36.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809188/; classtype:trojan-activity;sid:83672288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.71.69.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809190/; classtype:trojan-activity;sid:83672290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.143.195.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809192/; classtype:trojan-activity;sid:83672292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.89.188.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809193/; classtype:trojan-activity;sid:83672293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809180)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.186.22.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809180/; classtype:trojan-activity;sid:83672280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809182)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.114.109.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809182/; classtype:trojan-activity;sid:83672282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.254.223.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809184/; classtype:trojan-activity;sid:83672284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.54.121.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809177/; classtype:trojan-activity;sid:83672277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.215.61.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809173/; classtype:trojan-activity;sid:83672273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.140.99.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809171/; classtype:trojan-activity;sid:83672271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.65.45.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809167/; classtype:trojan-activity;sid:83672267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809162/; classtype:trojan-activity;sid:83672262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.42.201.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809158/; classtype:trojan-activity;sid:83672258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.101.191.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809160/; classtype:trojan-activity;sid:83672260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.34.22.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809142/; classtype:trojan-activity;sid:83672242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.130.70.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809143/; classtype:trojan-activity;sid:83672243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"208.89.168.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809146/; classtype:trojan-activity;sid:83672246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809136/; classtype:trojan-activity;sid:83672236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.98.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809139/; classtype:trojan-activity;sid:83672239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.53.164.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809140/; classtype:trojan-activity;sid:83672240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.49.47.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809130/; classtype:trojan-activity;sid:83672230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.180.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809132/; classtype:trojan-activity;sid:83672232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.115.114.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809127/; classtype:trojan-activity;sid:83672227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.32.86.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809128/; classtype:trojan-activity;sid:83672228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.71.131.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809129/; classtype:trojan-activity;sid:83672229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.254.255.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809123/; classtype:trojan-activity;sid:83672223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.94.29.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809115/; classtype:trojan-activity;sid:83672215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.38.60.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809116/; classtype:trojan-activity;sid:83672216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.193.120.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809117/; classtype:trojan-activity;sid:83672217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.235.189.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809118/; classtype:trojan-activity;sid:83672218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.58.83.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809120/; classtype:trojan-activity;sid:83672220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.50.10.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809107/; classtype:trojan-activity;sid:83672207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.195.141.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809109/; classtype:trojan-activity;sid:83672209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.43.201.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809113/; classtype:trojan-activity;sid:83672213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.7.153.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809105/; classtype:trojan-activity;sid:83672205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.165.120.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809097/; classtype:trojan-activity;sid:83672197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.248.150.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809098/; classtype:trojan-activity;sid:83672198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.42.121.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809100/; classtype:trojan-activity;sid:83672200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.185.20.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809092/; classtype:trojan-activity;sid:83672192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.151.82.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809095/; classtype:trojan-activity;sid:83672195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.200.63.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809084/; classtype:trojan-activity;sid:83672184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.165.112.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809088/; classtype:trojan-activity;sid:83672188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.251.5.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809089/; classtype:trojan-activity;sid:83672189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.200.72.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809091/; classtype:trojan-activity;sid:83672191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.103.250.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809070/; classtype:trojan-activity;sid:83672170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.158.175.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809071/; classtype:trojan-activity;sid:83672171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.28.58.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809073/; classtype:trojan-activity;sid:83672173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809076)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.176.138.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809076/; classtype:trojan-activity;sid:83672176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.248.56.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809077/; classtype:trojan-activity;sid:83672177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.156.143.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809065/; classtype:trojan-activity;sid:83672165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.181.0.146"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809059/; classtype:trojan-activity;sid:83672159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.240.37.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809056/; classtype:trojan-activity;sid:83672156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.222.45.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809054/; classtype:trojan-activity;sid:83672154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.29.19.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809011/; classtype:trojan-activity;sid:83672111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.140.100.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809006/; classtype:trojan-activity;sid:83672106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.70.237.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809003/; classtype:trojan-activity;sid:83672103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"165.165.183.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809004/; classtype:trojan-activity;sid:83672104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.227.118.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809005/; classtype:trojan-activity;sid:83672105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"141.105.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808999/; classtype:trojan-activity;sid:83672099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.72.31.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808994/; classtype:trojan-activity;sid:83672094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.18.148.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808988/; classtype:trojan-activity;sid:83672088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.212.51.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808984/; classtype:trojan-activity;sid:83672084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.28.11.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808985/; classtype:trojan-activity;sid:83672085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.228.135.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808986/; classtype:trojan-activity;sid:83672086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.154.131.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808981/; classtype:trojan-activity;sid:83672081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.31.135.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808982/; classtype:trojan-activity;sid:83672082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.237.157.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808972/; classtype:trojan-activity;sid:83672072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.19.174.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808973/; classtype:trojan-activity;sid:83672073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.184.84.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808975/; classtype:trojan-activity;sid:83672075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.184.188.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808976/; classtype:trojan-activity;sid:83672076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.92.229.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808971/; classtype:trojan-activity;sid:83672071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.170.251.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808962/; classtype:trojan-activity;sid:83672062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.69.88.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808963/; classtype:trojan-activity;sid:83672063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.57.183.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808964/; classtype:trojan-activity;sid:83672064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.210.50.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808966/; classtype:trojan-activity;sid:83672066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.57.33.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808967/; classtype:trojan-activity;sid:83672067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.105.79.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808968/; classtype:trojan-activity;sid:83672068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.192.78.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808970/; classtype:trojan-activity;sid:83672070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.105.159.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808955/; classtype:trojan-activity;sid:83672055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.223.44.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808952/; classtype:trojan-activity;sid:83672052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.210.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808948/; classtype:trojan-activity;sid:83672048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.252.167.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808950/; classtype:trojan-activity;sid:83672050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.139.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808947/; classtype:trojan-activity;sid:83672047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.238.118.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808943/; classtype:trojan-activity;sid:83672043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808945)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.49.214.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808945/; classtype:trojan-activity;sid:83672045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.121.161.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808946/; classtype:trojan-activity;sid:83672046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.245.112.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808929/; classtype:trojan-activity;sid:83672029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.208.145.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808931/; classtype:trojan-activity;sid:83672031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.232.241.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808932/; classtype:trojan-activity;sid:83672032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.101.81.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808933/; classtype:trojan-activity;sid:83672033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.227.118.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808935/; classtype:trojan-activity;sid:83672035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.18.223.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808936/; classtype:trojan-activity;sid:83672036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.234.203.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808937/; classtype:trojan-activity;sid:83672037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.162.113.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808924/; classtype:trojan-activity;sid:83672024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.253.241.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808926/; classtype:trojan-activity;sid:83672026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.70.245.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808927/; classtype:trojan-activity;sid:83672027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.116.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808928/; classtype:trojan-activity;sid:83672028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.175.138.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808915/; classtype:trojan-activity;sid:83672015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"69.70.215.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808917/; classtype:trojan-activity;sid:83672017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.115.232.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808920/; classtype:trojan-activity;sid:83672020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.175.189.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808921/; classtype:trojan-activity;sid:83672021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.151.29.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808906/; classtype:trojan-activity;sid:83672006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.84.212.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808907/; classtype:trojan-activity;sid:83672007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.188.215.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808909/; classtype:trojan-activity;sid:83672009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.154.135.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808910/; classtype:trojan-activity;sid:83672010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.74.128.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808911/; classtype:trojan-activity;sid:83672011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.189.199.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808912/; classtype:trojan-activity;sid:83672012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.99.201.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808902/; classtype:trojan-activity;sid:83672002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.220.212.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808904/; classtype:trojan-activity;sid:83672004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.99.218.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808905/; classtype:trojan-activity;sid:83672005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.20.122.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808895/; classtype:trojan-activity;sid:83671995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.195.160.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808897/; classtype:trojan-activity;sid:83671997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"70.166.80.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808899/; classtype:trojan-activity;sid:83671999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.64.96.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808900/; classtype:trojan-activity;sid:83672000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.193.118.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808889/; classtype:trojan-activity;sid:83671989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.202.245.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808890/; classtype:trojan-activity;sid:83671990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.95.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808888/; classtype:trojan-activity;sid:83671988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.6.101.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808886/; classtype:trojan-activity;sid:83671986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.144.235.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808882/; classtype:trojan-activity;sid:83671982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.201.184.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808879/; classtype:trojan-activity;sid:83671979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.48.119.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808880/; classtype:trojan-activity;sid:83671980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.5.61.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808876/; classtype:trojan-activity;sid:83671976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.190.70.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808877/; classtype:trojan-activity;sid:83671977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.201.25.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808872/; classtype:trojan-activity;sid:83671972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808873)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.16.75.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808873/; classtype:trojan-activity;sid:83671973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.93.177.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808864/; classtype:trojan-activity;sid:83671964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"164.215.113.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808865/; classtype:trojan-activity;sid:83671965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.130.41.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808868/; classtype:trojan-activity;sid:83671968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.177.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808869/; classtype:trojan-activity;sid:83671969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.52.164.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808870/; classtype:trojan-activity;sid:83671970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.69.89.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808858/; classtype:trojan-activity;sid:83671958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.234.253.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808862/; classtype:trojan-activity;sid:83671962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.42.113.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808850/; classtype:trojan-activity;sid:83671950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.89.11.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808851/; classtype:trojan-activity;sid:83671951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.204.177.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808852/; classtype:trojan-activity;sid:83671952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.34.22.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808853/; classtype:trojan-activity;sid:83671953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.44.110.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808854/; classtype:trojan-activity;sid:83671954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.202.9.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808856/; classtype:trojan-activity;sid:83671956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.4.139"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808848/; classtype:trojan-activity;sid:83671948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.247.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808842/; classtype:trojan-activity;sid:83671942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.236.114.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808840/; classtype:trojan-activity;sid:83671940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.4.110.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808832/; classtype:trojan-activity;sid:83671932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.236.113.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808833/; classtype:trojan-activity;sid:83671933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.218.142.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808834/; classtype:trojan-activity;sid:83671934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.93.92.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808835/; classtype:trojan-activity;sid:83671935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.60.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808836/; classtype:trojan-activity;sid:83671936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.228.134.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808822/; classtype:trojan-activity;sid:83671922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.245.10.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808823/; classtype:trojan-activity;sid:83671923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.179.41.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808824/; classtype:trojan-activity;sid:83671924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.189.172.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808826/; classtype:trojan-activity;sid:83671926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.177.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808827/; classtype:trojan-activity;sid:83671927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"174.78.254.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808829/; classtype:trojan-activity;sid:83671929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.93.83.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808819/; classtype:trojan-activity;sid:83671919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.112.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808820/; classtype:trojan-activity;sid:83671920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.154.93.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808814/; classtype:trojan-activity;sid:83671914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.98.86.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808806/; classtype:trojan-activity;sid:83671906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.92.181.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808808/; classtype:trojan-activity;sid:83671908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.187.151.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808809/; classtype:trojan-activity;sid:83671909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.210.197.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808799/; classtype:trojan-activity;sid:83671899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.243.216.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808801/; classtype:trojan-activity;sid:83671901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.81.127.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808802/; classtype:trojan-activity;sid:83671902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808792/; classtype:trojan-activity;sid:83671892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.164.252.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808793/; classtype:trojan-activity;sid:83671893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.122.211.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808794/; classtype:trojan-activity;sid:83671894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.107.205.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808795/; classtype:trojan-activity;sid:83671895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.129.195.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808796/; classtype:trojan-activity;sid:83671896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.20.51.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808797/; classtype:trojan-activity;sid:83671897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.217.148.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808798/; classtype:trojan-activity;sid:83671898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71.83.248.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808786/; classtype:trojan-activity;sid:83671886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.170.48.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808787/; classtype:trojan-activity;sid:83671887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.84.143.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808783/; classtype:trojan-activity;sid:83671883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.173.163.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808778/; classtype:trojan-activity;sid:83671878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"173.215.77.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808780/; classtype:trojan-activity;sid:83671880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.120.241.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808781/; classtype:trojan-activity;sid:83671881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.24.131.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808782/; classtype:trojan-activity;sid:83671882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.43.34.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808770/; classtype:trojan-activity;sid:83671870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.165.79.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808771/; classtype:trojan-activity;sid:83671871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.202.220.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808760/; classtype:trojan-activity;sid:83671860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.210.198.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808761/; classtype:trojan-activity;sid:83671861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.139.153.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808767/; classtype:trojan-activity;sid:83671867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.183.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808756/; classtype:trojan-activity;sid:83671856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.157.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808758/; classtype:trojan-activity;sid:83671858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.10.63.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808759/; classtype:trojan-activity;sid:83671859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.17.23.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808754/; classtype:trojan-activity;sid:83671854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.175.42.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808746/; classtype:trojan-activity;sid:83671846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.75.222.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808747/; classtype:trojan-activity;sid:83671847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.147.93.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808748/; classtype:trojan-activity;sid:83671848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.248.150.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808750/; classtype:trojan-activity;sid:83671850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.120.98.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808751/; classtype:trojan-activity;sid:83671851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.215.69.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808743/; classtype:trojan-activity;sid:83671843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.84.131.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808744/; classtype:trojan-activity;sid:83671844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.214.241.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808734/; classtype:trojan-activity;sid:83671834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.111.116.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808735/; classtype:trojan-activity;sid:83671835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.159.74.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808737/; classtype:trojan-activity;sid:83671837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.197.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808739/; classtype:trojan-activity;sid:83671839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.114.97.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808740/; classtype:trojan-activity;sid:83671840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.244.120.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808724/; classtype:trojan-activity;sid:83671824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.175.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808726/; classtype:trojan-activity;sid:83671826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.192.33.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808729/; classtype:trojan-activity;sid:83671829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.13.221.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808731/; classtype:trojan-activity;sid:83671831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.248.150.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808719/; classtype:trojan-activity;sid:83671819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.248.46.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808720/; classtype:trojan-activity;sid:83671820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.93.28.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808721/; classtype:trojan-activity;sid:83671821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.113.124.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808710/; classtype:trojan-activity;sid:83671810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.152.23.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808711/; classtype:trojan-activity;sid:83671811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.105.205.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808712/; classtype:trojan-activity;sid:83671812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.62.179.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808715/; classtype:trojan-activity;sid:83671815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.73.121.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808716/; classtype:trojan-activity;sid:83671816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.129.106.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808717/; classtype:trojan-activity;sid:83671817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.42.121.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808705/; classtype:trojan-activity;sid:83671805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.38.241.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808702/; classtype:trojan-activity;sid:83671802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.199.144.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808704/; classtype:trojan-activity;sid:83671804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.65.205.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808697/; classtype:trojan-activity;sid:83671797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.120.179.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808659/; classtype:trojan-activity;sid:83671759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.34.7.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808652/; classtype:trojan-activity;sid:83671752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.230.158.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808646/; classtype:trojan-activity;sid:83671746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.131.244.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808644/; classtype:trojan-activity;sid:83671744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.212.109.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808643/; classtype:trojan-activity;sid:83671743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.191.123.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808637/; classtype:trojan-activity;sid:83671737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.60.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808636/; classtype:trojan-activity;sid:83671736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.28.58.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808631/; classtype:trojan-activity;sid:83671731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.165.172.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808632/; classtype:trojan-activity;sid:83671732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.176.137.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808630/; classtype:trojan-activity;sid:83671730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.17.9.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808624/; classtype:trojan-activity;sid:83671724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.66.164.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808625/; classtype:trojan-activity;sid:83671725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.127.76.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808628/; classtype:trojan-activity;sid:83671728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"210.4.69.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808616/; classtype:trojan-activity;sid:83671716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.101.130.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808619/; classtype:trojan-activity;sid:83671719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.98.13.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808615/; classtype:trojan-activity;sid:83671715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.120.173.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808609/; classtype:trojan-activity;sid:83671709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.6.74.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808610/; classtype:trojan-activity;sid:83671710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.218.152.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808603/; classtype:trojan-activity;sid:83671703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.171.55.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808606/; classtype:trojan-activity;sid:83671706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.80.244.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808594/; classtype:trojan-activity;sid:83671694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.82.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808599/; classtype:trojan-activity;sid:83671699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.186.115.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808601/; classtype:trojan-activity;sid:83671701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.38.241.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808586/; classtype:trojan-activity;sid:83671686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.11.95.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808579/; classtype:trojan-activity;sid:83671679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.190.69.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808575/; classtype:trojan-activity;sid:83671675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.1.157.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808564/; classtype:trojan-activity;sid:83671664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.115.174.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808565/; classtype:trojan-activity;sid:83671665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.41.91.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808566/; classtype:trojan-activity;sid:83671666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.73.242.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808563/; classtype:trojan-activity;sid:83671663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.0.4.86"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808561/; classtype:trojan-activity;sid:83671661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.7.27.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808562/; classtype:trojan-activity;sid:83671662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.181.44.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808555/; classtype:trojan-activity;sid:83671655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.118.45.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808557/; classtype:trojan-activity;sid:83671657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.186.54.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808560/; classtype:trojan-activity;sid:83671660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.142.114.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808540/; classtype:trojan-activity;sid:83671640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.190.70.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808542/; classtype:trojan-activity;sid:83671642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.234.147.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808544/; classtype:trojan-activity;sid:83671644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.189.222.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808545/; classtype:trojan-activity;sid:83671645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.141.122.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808546/; classtype:trojan-activity;sid:83671646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.98.156.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808547/; classtype:trojan-activity;sid:83671647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.18.162.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808548/; classtype:trojan-activity;sid:83671648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.101.187.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808549/; classtype:trojan-activity;sid:83671649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.239.22.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808550/; classtype:trojan-activity;sid:83671650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.180.9.57"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808551/; classtype:trojan-activity;sid:83671651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.29.147.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808552/; classtype:trojan-activity;sid:83671652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.115.254.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808536/; classtype:trojan-activity;sid:83671636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.34.209.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808520/; classtype:trojan-activity;sid:83671620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.191.218.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808521/; classtype:trojan-activity;sid:83671621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.140.176.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808522/; classtype:trojan-activity;sid:83671622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.171.80.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808524/; classtype:trojan-activity;sid:83671624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.91.186.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808526/; classtype:trojan-activity;sid:83671626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.244.112.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808511/; classtype:trojan-activity;sid:83671611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.198.193.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808512/; classtype:trojan-activity;sid:83671612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808515/; classtype:trojan-activity;sid:83671615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.187.82.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808504/; classtype:trojan-activity;sid:83671604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.248.150.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808498/; classtype:trojan-activity;sid:83671598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.111.119.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808502/; classtype:trojan-activity;sid:83671602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.251.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808495/; classtype:trojan-activity;sid:83671595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.139.249.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808496/; classtype:trojan-activity;sid:83671596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.89.178.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808489/; classtype:trojan-activity;sid:83671589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.63.108.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808484/; classtype:trojan-activity;sid:83671584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.19.172.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808485/; classtype:trojan-activity;sid:83671585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.199.144.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808486/; classtype:trojan-activity;sid:83671586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.92.28.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808481/; classtype:trojan-activity;sid:83671581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.68.161.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808482/; classtype:trojan-activity;sid:83671582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.172.170.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808483/; classtype:trojan-activity;sid:83671583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.69.88.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808475/; classtype:trojan-activity;sid:83671575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.242.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808467/; classtype:trojan-activity;sid:83671567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.78.215.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808468/; classtype:trojan-activity;sid:83671568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.140.105.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808470/; classtype:trojan-activity;sid:83671570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.36.68.156"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808474/; classtype:trojan-activity;sid:83671574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.174.82.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808461/; classtype:trojan-activity;sid:83671561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.55.243.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808462/; classtype:trojan-activity;sid:83671562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.202.83.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808456/; classtype:trojan-activity;sid:83671556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.17.61.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808457/; classtype:trojan-activity;sid:83671557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.154.84.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808459/; classtype:trojan-activity;sid:83671559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.4.199"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808460/; classtype:trojan-activity;sid:83671560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.248.150.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808453/; classtype:trojan-activity;sid:83671553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.237.174.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808452/; classtype:trojan-activity;sid:83671552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.234.218.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808447/; classtype:trojan-activity;sid:83671547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.92.143.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808448/; classtype:trojan-activity;sid:83671548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.247.222.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808431/; classtype:trojan-activity;sid:83671531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.237.174.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808434/; classtype:trojan-activity;sid:83671534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.25.214.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808442/; classtype:trojan-activity;sid:83671542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.0.136.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808443/; classtype:trojan-activity;sid:83671543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.247.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808444/; classtype:trojan-activity;sid:83671544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.156.46.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808445/; classtype:trojan-activity;sid:83671545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.185.127.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808422/; classtype:trojan-activity;sid:83671522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.213.157.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808423/; classtype:trojan-activity;sid:83671523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.89.199.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808424/; classtype:trojan-activity;sid:83671524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.246.214.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808425/; classtype:trojan-activity;sid:83671525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.212.237.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808426/; classtype:trojan-activity;sid:83671526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.116.68.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808427/; classtype:trojan-activity;sid:83671527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.174.152.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808429/; classtype:trojan-activity;sid:83671529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.73.70.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808430/; classtype:trojan-activity;sid:83671530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.209.255.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808413/; classtype:trojan-activity;sid:83671513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.119.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808416/; classtype:trojan-activity;sid:83671516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.168.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808417/; classtype:trojan-activity;sid:83671517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.216.28.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808418/; classtype:trojan-activity;sid:83671518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.194.25.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808420/; classtype:trojan-activity;sid:83671520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.249.54.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808421/; classtype:trojan-activity;sid:83671521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.248.150.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808411/; classtype:trojan-activity;sid:83671511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.91.171.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808408/; classtype:trojan-activity;sid:83671508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.59.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808405/; classtype:trojan-activity;sid:83671505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.195.100.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808400/; classtype:trojan-activity;sid:83671500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.91.96.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808403/; classtype:trojan-activity;sid:83671503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"47.50.169.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808390/; classtype:trojan-activity;sid:83671490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.94.100.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808392/; classtype:trojan-activity;sid:83671492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.248.150.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808394/; classtype:trojan-activity;sid:83671494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.89.240.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808396/; classtype:trojan-activity;sid:83671496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.182.214.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808376/; classtype:trojan-activity;sid:83671476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.159.72.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808377/; classtype:trojan-activity;sid:83671477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.230.158.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808380/; classtype:trojan-activity;sid:83671480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.190.76.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808383/; classtype:trojan-activity;sid:83671483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"104.192.201.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808384/; classtype:trojan-activity;sid:83671484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.38.171.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808388/; classtype:trojan-activity;sid:83671488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.80.242.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808369/; classtype:trojan-activity;sid:83671469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.72.39.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808371/; classtype:trojan-activity;sid:83671471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.114.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808366/; classtype:trojan-activity;sid:83671466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.136.83.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808360/; classtype:trojan-activity;sid:83671460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808309)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808309/; classtype:trojan-activity;sid:83671409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808300)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808300/; classtype:trojan-activity;sid:83671400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808307)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808307/; classtype:trojan-activity;sid:83671407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808284/; classtype:trojan-activity;sid:83671384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808286)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808286/; classtype:trojan-activity;sid:83671386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808287/; classtype:trojan-activity;sid:83671387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808289)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.78.215.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808289/; classtype:trojan-activity;sid:83671389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808291)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808291/; classtype:trojan-activity;sid:83671391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808281)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808281/; classtype:trojan-activity;sid:83671381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808271)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808271/; classtype:trojan-activity;sid:83671371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808280)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808280/; classtype:trojan-activity;sid:83671380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808266)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"78.38.98.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808266/; classtype:trojan-activity;sid:83671366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808231)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808231/; classtype:trojan-activity;sid:83671331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808232)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808232/; classtype:trojan-activity;sid:83671332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.190.70.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808233/; classtype:trojan-activity;sid:83671333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808235)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808235/; classtype:trojan-activity;sid:83671335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808236/; classtype:trojan-activity;sid:83671336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.79.233.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808240/; classtype:trojan-activity;sid:83671340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808241)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808241/; classtype:trojan-activity;sid:83671341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808242/; classtype:trojan-activity;sid:83671342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808244/; classtype:trojan-activity;sid:83671344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.78.215.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808245/; classtype:trojan-activity;sid:83671345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808246)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.79.233.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808246/; classtype:trojan-activity;sid:83671346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808248)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808248/; classtype:trojan-activity;sid:83671348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808217)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808217/; classtype:trojan-activity;sid:83671317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808219)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808219/; classtype:trojan-activity;sid:83671319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808221/; classtype:trojan-activity;sid:83671321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808199)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.78.215.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808199/; classtype:trojan-activity;sid:83671299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808198/; classtype:trojan-activity;sid:83671298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808187)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808187/; classtype:trojan-activity;sid:83671287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808189)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808189/; classtype:trojan-activity;sid:83671289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808196)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808196/; classtype:trojan-activity;sid:83671296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808176)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808176/; classtype:trojan-activity;sid:83671276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808178)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808178/; classtype:trojan-activity;sid:83671278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808180)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.79.233.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808180/; classtype:trojan-activity;sid:83671280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808181)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.79.233.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808181/; classtype:trojan-activity;sid:83671281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808183/; classtype:trojan-activity;sid:83671283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808184/; classtype:trojan-activity;sid:83671284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808171)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.38.98.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808171/; classtype:trojan-activity;sid:83671271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808167/; classtype:trojan-activity;sid:83671267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808168)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808168/; classtype:trojan-activity;sid:83671268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807492)"; flow:established,from_client; content:"GET"; http_method; content:"/ping"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.57.122.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807492/; classtype:trojan-activity;sid:83670592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807300)"; flow:established,from_client; content:"GET"; http_method; content:"/http.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.93.248.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807300/; classtype:trojan-activity;sid:83670400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806884)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.231.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806884/; classtype:trojan-activity;sid:83669984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806527)"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"138.36.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806527/; classtype:trojan-activity;sid:83669627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806342)"; flow:established,from_client; content:"GET"; http_method; content:"/wavelength54/topu/downloads/was.ps1"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806342/; classtype:trojan-activity;sid:83669442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804806)"; flow:established,from_client; content:"GET"; http_method; content:"/slitaz/sources/packages/c/cross-compiler-armv6l.tar.bz2"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"distro.ibiblio.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804806/; classtype:trojan-activity;sid:83667906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803517)"; flow:established,from_client; content:"GET"; http_method; content:"/printspoofer.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"35.185.187.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803517/; classtype:trojan-activity;sid:83666617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801750)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1dc4iab_hlm_nomzlujetqj0bazv82w9u"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801750/; classtype:trojan-activity;sid:83664850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801063)"; flow:established,from_client; content:"GET"; http_method; content:"/pidoras883/-/releases/download/huesos/ijerkoff.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_04; reference:url, urlhaus.abuse.ch/url/2801063/; classtype:trojan-activity;sid:83664163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2800910)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1psjfkavxoi-3yv-87eskdpuwzjd5jomd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_04; reference:url, urlhaus.abuse.ch/url/2800910/; classtype:trojan-activity;sid:83664010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2800895)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1i33affjfkkztyuz_nusrz4jqs45gwzjs"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_04; reference:url, urlhaus.abuse.ch/url/2800895/; classtype:trojan-activity;sid:83663995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2800893)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1pssupirwdhnwaztrwz6_7dw9r4h_zau9"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_04; reference:url, urlhaus.abuse.ch/url/2800893/; classtype:trojan-activity;sid:83663993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2800582)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.64.200.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_04; reference:url, urlhaus.abuse.ch/url/2800582/; classtype:trojan-activity;sid:83663682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799349)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1b3zgfh-ofoq4nkifk7j0manbu5aqvhet"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799349/; classtype:trojan-activity;sid:83662449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799230)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1oe1ixppk9tdxfmairsjhsacdgh2litag"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799230/; classtype:trojan-activity;sid:83662330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799205)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1dh3my7h6mtgih5btwmhre7gu6wkxw4ny"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799205/; classtype:trojan-activity;sid:83662305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799188)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1osqxhd1ncdyo-hhavradwbm9_itb2p49"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799188/; classtype:trojan-activity;sid:83662288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798785)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.209.41.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2798785/; classtype:trojan-activity;sid:83661885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798784)"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.209.41.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2798784/; classtype:trojan-activity;sid:83661884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798232)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_gv_k0ynz9_n6h6n7bvistk9oi2njezj"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_01; reference:url, urlhaus.abuse.ch/url/2798232/; classtype:trojan-activity;sid:83661332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2795504)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/letmatros.snp"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"dnvk1.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_03_29; reference:url, urlhaus.abuse.ch/url/2795504/; classtype:trojan-activity;sid:83658604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2795467)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/oy8858iq8qolsts57wfbt/cheatrun.zip|3f|rlkey=dfm1xos8di7odkk5j9krzlo02|7c|26|7c|dl=0"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_29; reference:url, urlhaus.abuse.ch/url/2795467/; classtype:trojan-activity;sid:83658567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2795397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.66.18.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_29; reference:url, urlhaus.abuse.ch/url/2795397/; classtype:trojan-activity;sid:83658497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2795037)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=171-yky-j89krighojrmmetm69vbmd5m4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2795037/; classtype:trojan-activity;sid:83658137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794950)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.66.18.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794950/; classtype:trojan-activity;sid:83658050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794625)"; flow:established,from_client; content:"GET"; http_method; content:"/static/pt.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"telegram.ninja"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794625/; classtype:trojan-activity;sid:83657725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794611)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1l-zoyasmfcwfa655dud7ekudjq3ywquk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794611/; classtype:trojan-activity;sid:83657711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794606)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1smjsns4djerxm11i8rx6ldttpsynidio"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794606/; classtype:trojan-activity;sid:83657706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794563)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uzj6rbkjyyfcvpddyaduabxfay7w4_9w"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794563/; classtype:trojan-activity;sid:83657663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793641)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1t36pjqs33b0q_k78zbmxjrlbrzkssrbu"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_27; reference:url, urlhaus.abuse.ch/url/2793641/; classtype:trojan-activity;sid:83656741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793611)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1x6cd0z6l79ciefoo627uiws_6yscm_xn"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_27; reference:url, urlhaus.abuse.ch/url/2793611/; classtype:trojan-activity;sid:83656711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793603)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1qxwff0k49bjdhwzotirkvqlqhebzgphg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_27; reference:url, urlhaus.abuse.ch/url/2793603/; classtype:trojan-activity;sid:83656703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2792751)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.105.159.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_26; reference:url, urlhaus.abuse.ch/url/2792751/; classtype:trojan-activity;sid:83655851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2792395)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/kioway.smi"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dnvk1.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_03_25; reference:url, urlhaus.abuse.ch/url/2792395/; classtype:trojan-activity;sid:83655495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2792394)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/wlbkszoxpvyovh65.bin"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"dnvk1.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_03_25; reference:url, urlhaus.abuse.ch/url/2792394/; classtype:trojan-activity;sid:83655494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2792375)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1p5myromjprou5-vehst_hpzb7pbwagjw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_25; reference:url, urlhaus.abuse.ch/url/2792375/; classtype:trojan-activity;sid:83655475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790578)"; flow:established,from_client; content:"GET"; http_method; content:"/.index/scan.tar"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.216.207.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790578/; classtype:trojan-activity;sid:83653678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790529)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1v3jbapne_tx5mxdrzl6653nhp0vavggc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790529/; classtype:trojan-activity;sid:83653629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790532)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1rvq8pgkasyh7eicu7wn2_qp6isv2y2wf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790532/; classtype:trojan-activity;sid:83653632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790513)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1m1lfr5wjwb9drg6ei-ycwhailqyfrwni"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790513/; classtype:trojan-activity;sid:83653613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790512)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1xoop133uf_qyhg-61tr5l1domkwkn0j5|7c|26|7c|export=download|7c|26|7c|authuser=0"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790512/; classtype:trojan-activity;sid:83653612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790510)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=18x-_ydaarhwgayekdpgl9e53aixtkfp-"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790510/; classtype:trojan-activity;sid:83653610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790507)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1q5cjdgzphbzwuklpcb-lvnv88rrbfve_|7c|26|7c|export=download|7c|26|7c|authuser=0"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790507/; classtype:trojan-activity;sid:83653607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2789957)"; flow:established,from_client; content:"GET"; http_method; content:"/gretmeet/nbc938sdu42/raw/main/test.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_03_22; reference:url, urlhaus.abuse.ch/url/2789957/; classtype:trojan-activity;sid:83653057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2789955)"; flow:established,from_client; content:"GET"; http_method; content:"/incoper887/tua/raw/main/build.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_03_22; reference:url, urlhaus.abuse.ch/url/2789955/; classtype:trojan-activity;sid:83653055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2789734)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ugl_xjshxerwwbal1fatflznekorqco5"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_22; reference:url, urlhaus.abuse.ch/url/2789734/; classtype:trojan-activity;sid:83652834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2788866)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"198.55.111.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_21; reference:url, urlhaus.abuse.ch/url/2788866/; classtype:trojan-activity;sid:83651966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2788863)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"109.74.12.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_21; reference:url, urlhaus.abuse.ch/url/2788863/; classtype:trojan-activity;sid:83651963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787791)"; flow:established,from_client; content:"GET"; http_method; content:"/ykwsyyt/help/hddrive1095_xinanplug3030_20230619_inno.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"60.22.23.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787791/; classtype:trojan-activity;sid:83650891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787397)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hditwve1kadzeycbldxttxi4mmhddgyp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787397/; classtype:trojan-activity;sid:83650497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787027)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.205.212.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787027/; classtype:trojan-activity;sid:83650127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787024)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"65.49.44.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787024/; classtype:trojan-activity;sid:83650124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787026)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.223.90.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787026/; classtype:trojan-activity;sid:83650126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787023)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.113.35.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787023/; classtype:trojan-activity;sid:83650123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786866)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1udpahhkabfdjz32b558xh_lwxs0snowc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786866/; classtype:trojan-activity;sid:83649966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786838)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.70.203.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786838/; classtype:trojan-activity;sid:83649938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786829)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1re9cqjrafya6wcb5e0zcolwdorvsf9pi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786829/; classtype:trojan-activity;sid:83649929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786674)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"47.101.206.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786674/; classtype:trojan-activity;sid:83649774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786672)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.96.147.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786672/; classtype:trojan-activity;sid:83649772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786665)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"46.44.203.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786665/; classtype:trojan-activity;sid:83649765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786663)"; flow:established,from_client; content:"GET"; http_method; content:"/washywashy14/7zip-bin/master/win/er5thygfd.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786663/; classtype:trojan-activity;sid:83649763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786661)"; flow:established,from_client; content:"GET"; http_method; content:"/washywashy14/7zip-bin/master/win/uemlxaw.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786661/; classtype:trojan-activity;sid:83649761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786660)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.43.116.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786660/; classtype:trojan-activity;sid:83649760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786649)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"2.42.168.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786649/; classtype:trojan-activity;sid:83649749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786332)"; flow:established,from_client; content:"GET"; http_method; content:"/exploit.class"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"39.98.107.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2786332/; classtype:trojan-activity;sid:83649432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786333)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.98.107.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2786333/; classtype:trojan-activity;sid:83649433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786326)"; flow:established,from_client; content:"GET"; http_method; content:"/jndi-injection-exploit-1.0-snapshot-all.jar"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"47.97.18.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2786326/; classtype:trojan-activity;sid:83649426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786325)"; flow:established,from_client; content:"GET"; http_method; content:"/exploit.java"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"47.97.18.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2786325/; classtype:trojan-activity;sid:83649425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786322)"; flow:established,from_client; content:"GET"; http_method; content:"/jndi_injection_exploit%20.py"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"47.97.18.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2786322/; classtype:trojan-activity;sid:83649422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786323)"; flow:established,from_client; content:"GET"; http_method; content:"/jndi_marshalsec.py"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.97.18.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2786323/; classtype:trojan-activity;sid:83649423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785768)"; flow:established,from_client; content:"GET"; http_method; content:"/zev3n/ubuntu-gnome-privilege-escalation/main/cve-2020-1612%5b6_7%5d_exploit.sh"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785768/; classtype:trojan-activity;sid:83648868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785751)"; flow:established,from_client; content:"GET"; http_method; content:"/wtk/ckeditor/skins/.s/strscan.tgz"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"62.21.103.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785751/; classtype:trojan-activity;sid:83648851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785466)"; flow:established,from_client; content:"GET"; http_method; content:"/licensing/deployment/yellow%20pages%20scraper.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"www.blackhattoolz.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785466/; classtype:trojan-activity;sid:83648566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785447)"; flow:established,from_client; content:"GET"; http_method; content:"/licensing/updates/tinder%20bot.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"www.blackhattoolz.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785447/; classtype:trojan-activity;sid:83648547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785441)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.113.68.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785441/; classtype:trojan-activity;sid:83648541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785235)"; flow:established,from_client; content:"GET"; http_method; content:"/ransomware.wannacry_plus.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"14.224.174.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_17; reference:url, urlhaus.abuse.ch/url/2785235/; classtype:trojan-activity;sid:83648335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2784476)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.82.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_16; reference:url, urlhaus.abuse.ch/url/2784476/; classtype:trojan-activity;sid:83647576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2783294)"; flow:established,from_client; content:"GET"; http_method; content:"/d/test"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"20.205.11.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_15; reference:url, urlhaus.abuse.ch/url/2783294/; classtype:trojan-activity;sid:83646394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782882)"; flow:established,from_client; content:"GET"; http_method; content:"/driveapplet.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"noithaticon.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_14; reference:url, urlhaus.abuse.ch/url/2782882/; classtype:trojan-activity;sid:83645982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782434)"; flow:established,from_client; content:"GET"; http_method; content:"/17c4755d1d45ed1bb454/8703634058188758823"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"f24-zfcloud.zdn.vn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782434/; classtype:trojan-activity;sid:83645534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782286)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1cbzrekgr3qfqlniab3cpysqnzafff|3f|content_disposition=attachment|7c|3b|7c|filename=%22upload_20240311-130634.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"public.adobecc.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782286/; classtype:trojan-activity;sid:83645386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2780261)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.72.39.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_11; reference:url, urlhaus.abuse.ch/url/2780261/; classtype:trojan-activity;sid:83643361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2780255)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"oys0ro.static.otenet.gr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_03_11; reference:url, urlhaus.abuse.ch/url/2780255/; classtype:trojan-activity;sid:83643355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777942)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_08; reference:url, urlhaus.abuse.ch/url/2777942/; classtype:trojan-activity;sid:83641042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777824)"; flow:established,from_client; content:"GET"; http_method; content:"/m.py"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.93.248.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_08; reference:url, urlhaus.abuse.ch/url/2777824/; classtype:trojan-activity;sid:83640924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777823)"; flow:established,from_client; content:"GET"; http_method; content:"/p"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.93.248.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_08; reference:url, urlhaus.abuse.ch/url/2777823/; classtype:trojan-activity;sid:83640923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777822)"; flow:established,from_client; content:"GET"; http_method; content:"/d"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.93.248.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_08; reference:url, urlhaus.abuse.ch/url/2777822/; classtype:trojan-activity;sid:83640922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777441)"; flow:established,from_client; content:"GET"; http_method; content:"/greenpackage.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"bitkiselurunsiparis.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_03_07; reference:url, urlhaus.abuse.ch/url/2777441/; classtype:trojan-activity;sid:83640541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776125)"; flow:established,from_client; content:"GET"; http_method; content:"/junlionserto/dfgdbfgndbdsfbhry/raw/main/momsstiflersdgjboigfnbio.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776125/; classtype:trojan-activity;sid:83639225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776124)"; flow:established,from_client; content:"GET"; http_method; content:"/junlionserto/dfbhdfioughfdsiu/raw/main/poolsdnkjfdbndklsnfgb.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776124/; classtype:trojan-activity;sid:83639224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776111)"; flow:established,from_client; content:"GET"; http_method; content:"/update/cheat.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.183.113.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776111/; classtype:trojan-activity;sid:83639211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776110)"; flow:established,from_client; content:"GET"; http_method; content:"/update/main.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.183.113.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776110/; classtype:trojan-activity;sid:83639210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776109)"; flow:established,from_client; content:"GET"; http_method; content:"/update/zverify.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.183.113.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776109/; classtype:trojan-activity;sid:83639209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776108)"; flow:established,from_client; content:"GET"; http_method; content:"/update/mhpverify.dll"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.183.113.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776108/; classtype:trojan-activity;sid:83639208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776051)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"20.205.11.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776051/; classtype:trojan-activity;sid:83639151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776052)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"20.205.11.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776052/; classtype:trojan-activity;sid:83639152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776053)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mips64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"20.205.11.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776053/; classtype:trojan-activity;sid:83639153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776054)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"20.205.11.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776054/; classtype:trojan-activity;sid:83639154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776055)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"20.205.11.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776055/; classtype:trojan-activity;sid:83639155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776060)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"20.205.11.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776060/; classtype:trojan-activity;sid:83639160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776044)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"20.205.11.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776044/; classtype:trojan-activity;sid:83639144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776045)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"20.205.11.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776045/; classtype:trojan-activity;sid:83639145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776046)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"20.205.11.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776046/; classtype:trojan-activity;sid:83639146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776049)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"20.205.11.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776049/; classtype:trojan-activity;sid:83639149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776050)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"20.205.11.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776050/; classtype:trojan-activity;sid:83639150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776042)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"20.205.11.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776042/; classtype:trojan-activity;sid:83639142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2775569)"; flow:established,from_client; content:"GET"; http_method; content:"/fwefwe324234234rgeffwehtrwyrhtrhtqwfqwd31443wefefwwfer3232fewwefwefwefqgrqwtherergqefwefqweqfwqf32fefwsda/uploads/lum"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"licocojambamarketplace.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2775569/; classtype:trojan-activity;sid:83638669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2773685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.219.216.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_03_01; reference:url, urlhaus.abuse.ch/url/2773685/; classtype:trojan-activity;sid:83636785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2773332)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.127.92.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_01; reference:url, urlhaus.abuse.ch/url/2773332/; classtype:trojan-activity;sid:83636432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2772697)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/x.rar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"106.254.250.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_29; reference:url, urlhaus.abuse.ch/url/2772697/; classtype:trojan-activity;sid:83635797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2772689)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/met111.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.254.250.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_29; reference:url, urlhaus.abuse.ch/url/2772689/; classtype:trojan-activity;sid:83635789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2772612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.219.216.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_02_29; reference:url, urlhaus.abuse.ch/url/2772612/; classtype:trojan-activity;sid:83635712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2772590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.219.216.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_02_29; reference:url, urlhaus.abuse.ch/url/2772590/; classtype:trojan-activity;sid:83635690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"209.42.55.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769196/; classtype:trojan-activity;sid:83632296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.198.199.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769198/; classtype:trojan-activity;sid:83632298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.194.8.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769199/; classtype:trojan-activity;sid:83632299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.153.218.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769186/; classtype:trojan-activity;sid:83632286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.140.100.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769165/; classtype:trojan-activity;sid:83632265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"65.132.139.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769166/; classtype:trojan-activity;sid:83632266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.183.54.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769162/; classtype:trojan-activity;sid:83632262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765933)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2024/e_r1.bmp"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"catbaparadisehotel.com.vn"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765933/; classtype:trojan-activity;sid:83629033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765918)"; flow:established,from_client; content:"GET"; http_method; content:"/aminer.gz"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.64.128.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765918/; classtype:trojan-activity;sid:83629018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765915)"; flow:established,from_client; content:"GET"; http_method; content:"/install.tgz"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.64.128.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765915/; classtype:trojan-activity;sid:83629015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765626)"; flow:established,from_client; content:"GET"; http_method; content:"/hitmanpro.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hitman-pro.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765626/; classtype:trojan-activity;sid:83628726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764586)"; flow:established,from_client; content:"GET"; http_method; content:"/jailtonoliveira301018/working/raw/main/visualizador.msi"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764586/; classtype:trojan-activity;sid:83627686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"158.255.82.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764518/; classtype:trojan-activity;sid:83627618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764512)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764512/; classtype:trojan-activity;sid:83627612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764507)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764507/; classtype:trojan-activity;sid:83627607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764508)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764508/; classtype:trojan-activity;sid:83627608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764509)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764509/; classtype:trojan-activity;sid:83627609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764510)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764510/; classtype:trojan-activity;sid:83627610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764511)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764511/; classtype:trojan-activity;sid:83627611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764488)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.188.215.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764488/; classtype:trojan-activity;sid:83627588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2760208)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1idr2kutygbqp_loxqdocuzvjalp19zpp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_12; reference:url, urlhaus.abuse.ch/url/2760208/; classtype:trojan-activity;sid:83623308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2759466)"; flow:established,from_client; content:"GET"; http_method; content:"/ikun10.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"8.219.229.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_02_11; reference:url, urlhaus.abuse.ch/url/2759466/; classtype:trojan-activity;sid:83622566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2759467)"; flow:established,from_client; content:"GET"; http_method; content:"/payload_x64.bin"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"8.219.229.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_02_11; reference:url, urlhaus.abuse.ch/url/2759467/; classtype:trojan-activity;sid:83622567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2759465)"; flow:established,from_client; content:"GET"; http_method; content:"/payload_x64.txt"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"8.219.229.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_02_11; reference:url, urlhaus.abuse.ch/url/2759465/; classtype:trojan-activity;sid:83622565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758716)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1xs8pro01qbtxyw-svqnnkvejhdsdmydt"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_09; reference:url, urlhaus.abuse.ch/url/2758716/; classtype:trojan-activity;sid:83621816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758306)"; flow:established,from_client; content:"GET"; http_method; content:"/sobaka212/n/releases/download/rr/dcratbuild.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_02_08; reference:url, urlhaus.abuse.ch/url/2758306/; classtype:trojan-activity;sid:83621406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758301)"; flow:established,from_client; content:"GET"; http_method; content:"/sobaka212/n/releases/download/rr/ce0b953269c74bc.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_02_08; reference:url, urlhaus.abuse.ch/url/2758301/; classtype:trojan-activity;sid:83621401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757963)"; flow:established,from_client; content:"GET"; http_method; content:"/mobileanjian.apk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.6.5.3"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_02_07; reference:url, urlhaus.abuse.ch/url/2757963/; classtype:trojan-activity;sid:83621063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.231.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_06; reference:url, urlhaus.abuse.ch/url/2757722/; classtype:trojan-activity;sid:83620822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.150.231.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_05; reference:url, urlhaus.abuse.ch/url/2757163/; classtype:trojan-activity;sid:83620263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.231.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_05; reference:url, urlhaus.abuse.ch/url/2757155/; classtype:trojan-activity;sid:83620255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2755280)"; flow:established,from_client; content:"GET"; http_method; content:"/den4ikyt/spoofer/raw/main/hwid%20spoofer.rar"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_02_02; reference:url, urlhaus.abuse.ch/url/2755280/; classtype:trojan-activity;sid:83618380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754788)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754788/; classtype:trojan-activity;sid:83617888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754787)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754787/; classtype:trojan-activity;sid:83617887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754786)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754786/; classtype:trojan-activity;sid:83617886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754784)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754784/; classtype:trojan-activity;sid:83617884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754785)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754785/; classtype:trojan-activity;sid:83617885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754783)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754783/; classtype:trojan-activity;sid:83617883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754749)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uqg1nqa_xwers1_ysieimfiz-pnax2qw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754749/; classtype:trojan-activity;sid:83617849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754299)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wuy2y3vbxibdfqcs6-kx96nocarzixfd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_31; reference:url, urlhaus.abuse.ch/url/2754299/; classtype:trojan-activity;sid:83617399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754083)"; flow:established,from_client; content:"GET"; http_method; content:"/hackwardev/globalnet/raw/main/files/pc/user%20oobe%20broker.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_31; reference:url, urlhaus.abuse.ch/url/2754083/; classtype:trojan-activity;sid:83617183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754082)"; flow:established,from_client; content:"GET"; http_method; content:"/hackwardev/globalnet/raw/main/files/pc/presentationfontcache.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_31; reference:url, urlhaus.abuse.ch/url/2754082/; classtype:trojan-activity;sid:83617182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754081)"; flow:established,from_client; content:"GET"; http_method; content:"/hackwardev/globalnet/raw/main/files/pc/igfxcuiservice%20module.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_31; reference:url, urlhaus.abuse.ch/url/2754081/; classtype:trojan-activity;sid:83617181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2752947)"; flow:established,from_client; content:"GET"; http_method; content:"/app/view/ta.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"118.26.174.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_01_29; reference:url, urlhaus.abuse.ch/url/2752947/; classtype:trojan-activity;sid:83616047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2752721)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.82.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_01_28; reference:url, urlhaus.abuse.ch/url/2752721/; classtype:trojan-activity;sid:83615821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2752434)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/main/build6_unencrypted.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_28; reference:url, urlhaus.abuse.ch/url/2752434/; classtype:trojan-activity;sid:83615534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2752294)"; flow:established,from_client; content:"GET"; http_method; content:"/neverhodeqqp/dskas77/raw/main/dsdasda.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_27; reference:url, urlhaus.abuse.ch/url/2752294/; classtype:trojan-activity;sid:83615394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751248)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gzckgqlufkfpmlzsd4dlrp8-nrdeju1w"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_24; reference:url, urlhaus.abuse.ch/url/2751248/; classtype:trojan-activity;sid:83614348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2750554)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/main/first.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_22; reference:url, urlhaus.abuse.ch/url/2750554/; classtype:trojan-activity;sid:83613654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749981)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/main/windows.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_21; reference:url, urlhaus.abuse.ch/url/2749981/; classtype:trojan-activity;sid:83613081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749973)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/main/eszop.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_21; reference:url, urlhaus.abuse.ch/url/2749973/; classtype:trojan-activity;sid:83613073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749975)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/main/wefhrf.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_21; reference:url, urlhaus.abuse.ch/url/2749975/; classtype:trojan-activity;sid:83613075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749345)"; flow:established,from_client; content:"GET"; http_method; content:"/adobe_acrobat_installer.7z"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"pub-97694a1358de4edbb16efd939f516a29.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_01_18; reference:url, urlhaus.abuse.ch/url/2749345/; classtype:trojan-activity;sid:83612445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749076)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1veoquekmvfj3rhpvfogdclmsu31vpjuz"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_16; reference:url, urlhaus.abuse.ch/url/2749076/; classtype:trojan-activity;sid:83612176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749054)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1lrviuk1wka4di3qh7ach-b7m1ics2hbp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_16; reference:url, urlhaus.abuse.ch/url/2749054/; classtype:trojan-activity;sid:83612154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748820)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/main/client-built.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_15; reference:url, urlhaus.abuse.ch/url/2748820/; classtype:trojan-activity;sid:83611920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748808)"; flow:established,from_client; content:"GET"; http_method; content:"/kseniakucherksenia/.github.io/raw/main/cayv0deo9jst417.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_15; reference:url, urlhaus.abuse.ch/url/2748808/; classtype:trojan-activity;sid:83611908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748809)"; flow:established,from_client; content:"GET"; http_method; content:"/kseniakucherksenia/.github.io/main/cayv0deo9jst417.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_15; reference:url, urlhaus.abuse.ch/url/2748809/; classtype:trojan-activity;sid:83611909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748605)"; flow:established,from_client; content:"GET"; http_method; content:"/ssslllap1/asdasd/raw/main/crypted.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_13; reference:url, urlhaus.abuse.ch/url/2748605/; classtype:trojan-activity;sid:83611705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748365)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ifvzub1blhmwsirshbe2wu5b1tus3ls-"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748365/; classtype:trojan-activity;sid:83611465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748363)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yydiodtw09banou13ro8ielf9rcmljxy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748363/; classtype:trojan-activity;sid:83611463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748360)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=11cbyky_wegqjut6afr8jannw7vub-xxf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748360/; classtype:trojan-activity;sid:83611460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748350)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1rqhgsr779gyzvi15p-bmkx8txq4bj-yi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748350/; classtype:trojan-activity;sid:83611450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747826)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1u-vaalebjnomuhbyimsdjqctjqfyiwna"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_10; reference:url, urlhaus.abuse.ch/url/2747826/; classtype:trojan-activity;sid:83610926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747824)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ff79_1umnp7iyibpg169gupnkiz0zfr_"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_10; reference:url, urlhaus.abuse.ch/url/2747824/; classtype:trojan-activity;sid:83610924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747088)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.165.120.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_01_07; reference:url, urlhaus.abuse.ch/url/2747088/; classtype:trojan-activity;sid:83610188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2746783)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.180.35.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_01_06; reference:url, urlhaus.abuse.ch/url/2746783/; classtype:trojan-activity;sid:83609883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2746190)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.82.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_01_03; reference:url, urlhaus.abuse.ch/url/2746190/; classtype:trojan-activity;sid:83609290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2744516)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.149.127.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_12_26; reference:url, urlhaus.abuse.ch/url/2744516/; classtype:trojan-activity;sid:83607616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2744370)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.91.54.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_12_25; reference:url, urlhaus.abuse.ch/url/2744370/; classtype:trojan-activity;sid:83607470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2744000)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"123.193.21.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_24; reference:url, urlhaus.abuse.ch/url/2744000/; classtype:trojan-activity;sid:83607100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743461)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12rmvuwgpj0dzbb3haoaww2lviavhvb4r"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_22; reference:url, urlhaus.abuse.ch/url/2743461/; classtype:trojan-activity;sid:83606561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743460)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1rfsmrzeanvap2tnmtwrptlepwarwlkge"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_22; reference:url, urlhaus.abuse.ch/url/2743460/; classtype:trojan-activity;sid:83606560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743125)"; flow:established,from_client; content:"GET"; http_method; content:"/it-alert-2023/update/downloads/sns_24.apk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_21; reference:url, urlhaus.abuse.ch/url/2743125/; classtype:trojan-activity;sid:83606225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742518)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1k0bqhrtnu4v1yexoni5p1utyjuohmfzm"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742518/; classtype:trojan-activity;sid:83605618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742516)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1fhqpevblkipshqumjmsbzeetdzhzxv-j"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742516/; classtype:trojan-activity;sid:83605616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2741199)"; flow:established,from_client; content:"GET"; http_method; content:"/testing77777/appdevlompent55555555/downloads/v2.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_15; reference:url, urlhaus.abuse.ch/url/2741199/; classtype:trojan-activity;sid:83604299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2741198)"; flow:established,from_client; content:"GET"; http_method; content:"/testing77777/appdevlompent55555555/downloads/m5traider.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_15; reference:url, urlhaus.abuse.ch/url/2741198/; classtype:trojan-activity;sid:83604298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2740641)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.85.48.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_12_15; reference:url, urlhaus.abuse.ch/url/2740641/; classtype:trojan-activity;sid:83603741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2740068)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.91.182.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_12_13; reference:url, urlhaus.abuse.ch/url/2740068/; classtype:trojan-activity;sid:83603168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2739307)"; flow:established,from_client; content:"GET"; http_method; content:"/bodywawe/downwawe/downloads/fort.rar"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_10; reference:url, urlhaus.abuse.ch/url/2739307/; classtype:trojan-activity;sid:83602407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2738412)"; flow:established,from_client; content:"GET"; http_method; content:"/kyango01/steam/raw/main/soft.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_12_07; reference:url, urlhaus.abuse.ch/url/2738412/; classtype:trojan-activity;sid:83601512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2737035)"; flow:established,from_client; content:"GET"; http_method; content:"/o1lov/repo1lov/downloads/kidi.rar"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_03; reference:url, urlhaus.abuse.ch/url/2737035/; classtype:trojan-activity;sid:83600135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2737036)"; flow:established,from_client; content:"GET"; http_method; content:"/download-hack/download/downloads/kiddions_menu.rar"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_03; reference:url, urlhaus.abuse.ch/url/2737036/; classtype:trojan-activity;sid:83600136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2736560)"; flow:established,from_client; content:"GET"; http_method; content:"/tautata-hacks/download/downloads/kiddions_menu.rar"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_01; reference:url, urlhaus.abuse.ch/url/2736560/; classtype:trojan-activity;sid:83599660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2736424)"; flow:established,from_client; content:"GET"; http_method; content:"/georgy1ss1s/geoasdfasdf/downloads/fortnite_hack.rar"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_30; reference:url, urlhaus.abuse.ch/url/2736424/; classtype:trojan-activity;sid:83599524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735895)"; flow:established,from_client; content:"GET"; http_method; content:"/inseller31/loverskit1/downloads/fort.rar"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_28; reference:url, urlhaus.abuse.ch/url/2735895/; classtype:trojan-activity;sid:83598995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735896)"; flow:established,from_client; content:"GET"; http_method; content:"/tautara-dwnl/download/downloads/kiddions_menu.rar"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_28; reference:url, urlhaus.abuse.ch/url/2735896/; classtype:trojan-activity;sid:83598996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735584)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1qvag-koyy2l8h5lwvaeaw35hnuwbm3xo"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_27; reference:url, urlhaus.abuse.ch/url/2735584/; classtype:trojan-activity;sid:83598684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735400)"; flow:established,from_client; content:"GET"; http_method; content:"/chdyz/chdyz.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"47.110.247.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_26; reference:url, urlhaus.abuse.ch/url/2735400/; classtype:trojan-activity;sid:83598500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735399)"; flow:established,from_client; content:"GET"; http_method; content:"/chdyz/chdyz.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"47.110.247.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_26; reference:url, urlhaus.abuse.ch/url/2735399/; classtype:trojan-activity;sid:83598499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735077)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/store.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.globallaborsupply.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2735077/; classtype:trojan-activity;sid:83598177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734988)"; flow:established,from_client; content:"GET"; http_method; content:"/lti_ruby/av/development/insertionsortpro.js"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"lti.cs.vt.edu"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734988/; classtype:trojan-activity;sid:83598088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734983)"; flow:established,from_client; content:"GET"; http_method; content:"/wei"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"80.68.196.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734983/; classtype:trojan-activity;sid:83598083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734981)"; flow:established,from_client; content:"GET"; http_method; content:"/vendor/bin/nobody/clean.it"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"xiangshunjy.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734981/; classtype:trojan-activity;sid:83598081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734979)"; flow:established,from_client; content:"GET"; http_method; content:"/404"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.184.194.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734979/; classtype:trojan-activity;sid:83598079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734870)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=17bsqdb9hpmi35bdhkfrcxc41lgj02zd3|7c|26|7c|export=download"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_23; reference:url, urlhaus.abuse.ch/url/2734870/; classtype:trojan-activity;sid:83597970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733771)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.139.249.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_23; reference:url, urlhaus.abuse.ch/url/2733771/; classtype:trojan-activity;sid:83596871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733662)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.100.63.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_22; reference:url, urlhaus.abuse.ch/url/2733662/; classtype:trojan-activity;sid:83596762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2731357)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"115.165.209.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_16; reference:url, urlhaus.abuse.ch/url/2731357/; classtype:trojan-activity;sid:83594457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2731319)"; flow:established,from_client; content:"GET"; http_method; content:"/georgy1ss1s/geoasdfasdf/downloads/kiddions_mod_menu.rar"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_16; reference:url, urlhaus.abuse.ch/url/2731319/; classtype:trojan-activity;sid:83594419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2731262)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.136.83.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_11_16; reference:url, urlhaus.abuse.ch/url/2731262/; classtype:trojan-activity;sid:83594362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2730213)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sjm5t0ktlepibtv3kgaousspnw3zonom"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_13; reference:url, urlhaus.abuse.ch/url/2730213/; classtype:trojan-activity;sid:83593313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2730069)"; flow:established,from_client; content:"GET"; http_method; content:"/cronusxd/update/releases/download/programa/universal.cheat.all.games.rar"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_11_12; reference:url, urlhaus.abuse.ch/url/2730069/; classtype:trojan-activity;sid:83593169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2729116)"; flow:established,from_client; content:"GET"; http_method; content:"/oto"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"sos.vivi.sg"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_11_09; reference:url, urlhaus.abuse.ch/url/2729116/; classtype:trojan-activity;sid:83592216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2729115)"; flow:established,from_client; content:"GET"; http_method; content:"/ns3.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sos.vivi.sg"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_11_09; reference:url, urlhaus.abuse.ch/url/2729115/; classtype:trojan-activity;sid:83592215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2728916)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jmvlc342a-9khhwqofk1aticown34bxe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_08; reference:url, urlhaus.abuse.ch/url/2728916/; classtype:trojan-activity;sid:83592016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726994)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1lhnnwoydntgqibsykxwgd32s5xftxvfh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726994/; classtype:trojan-activity;sid:83590094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726929)"; flow:established,from_client; content:"GET"; http_method; content:"/u/0/uc|3f|id=1r8ha5a1gtjvb-3-1be7hpndhbv5yyonu|7c|26|7c|export=download"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726929/; classtype:trojan-activity;sid:83590029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726927)"; flow:established,from_client; content:"GET"; http_method; content:"/u/0/uc|3f|id=1txdqckk-lg72vbxwzaisonda3smn8tg8|7c|26|7c|export=download"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726927/; classtype:trojan-activity;sid:83590027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726921)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1oxpqeutyreby186exx4zeofyz0rjocsp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726921/; classtype:trojan-activity;sid:83590021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726920)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1e2y5yppu_zjj4o3wmuo-2j8n9lbthkzc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726920/; classtype:trojan-activity;sid:83590020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726917)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1heka7sgmbcessdhxtvmfwxownz7sipbb"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726917/; classtype:trojan-activity;sid:83590017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726906)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_ldguopt2cg7fblntw3ltxgtxqtmlflc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726906/; classtype:trojan-activity;sid:83590006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726907)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=10lygpyju_dlg3x6r9oslzgblshakstl-"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726907/; classtype:trojan-activity;sid:83590007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726789)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1zte2ty_wldnnepgomzi6zqqad7moc4kk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_31; reference:url, urlhaus.abuse.ch/url/2726789/; classtype:trojan-activity;sid:83589889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726777)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sqvm1xsoranfnvqst_kkdmn8yhgulm4k"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_31; reference:url, urlhaus.abuse.ch/url/2726777/; classtype:trojan-activity;sid:83589877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726774)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1cz1lqyxis4wvr7nlc71ukekxyhj5xu-l"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_31; reference:url, urlhaus.abuse.ch/url/2726774/; classtype:trojan-activity;sid:83589874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726693)"; flow:established,from_client; content:"GET"; http_method; content:"/u/0/uc|3f|id=1apbgg8cyhbx3l2qaezfjnk9krbmumfbf|7c|26|7c|export=download"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_30; reference:url, urlhaus.abuse.ch/url/2726693/; classtype:trojan-activity;sid:83589793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726592)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1zqzivoxid6wgvjstzd0lg2vxnpnc-puf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_30; reference:url, urlhaus.abuse.ch/url/2726592/; classtype:trojan-activity;sid:83589692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726576)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.15.176.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_30; reference:url, urlhaus.abuse.ch/url/2726576/; classtype:trojan-activity;sid:83589676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726432)"; flow:established,from_client; content:"GET"; http_method; content:"/drakeo03/rbxfpsunlocker-x64-hotfix1/zip/refs/heads/main"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_10_28; reference:url, urlhaus.abuse.ch/url/2726432/; classtype:trojan-activity;sid:83589532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726089)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gfn3lqd1rvybut4ha-ldl92wt8ysrzfc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_26; reference:url, urlhaus.abuse.ch/url/2726089/; classtype:trojan-activity;sid:83589189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2725971)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ctnmusyjuqkrxgvd6uph5ttb4-sb1zxr"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_26; reference:url, urlhaus.abuse.ch/url/2725971/; classtype:trojan-activity;sid:83589071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2724594)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.91.96.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_10_24; reference:url, urlhaus.abuse.ch/url/2724594/; classtype:trojan-activity;sid:83587694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2724547)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.187.36.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_10_23; reference:url, urlhaus.abuse.ch/url/2724547/; classtype:trojan-activity;sid:83587647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2723186)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nx37rcyoclifch3waaddhuzclyj4ouue"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_23; reference:url, urlhaus.abuse.ch/url/2723186/; classtype:trojan-activity;sid:83586286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2721818)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.181.0.146"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_10_18; reference:url, urlhaus.abuse.ch/url/2721818/; classtype:trojan-activity;sid:83584918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2720834)"; flow:established,from_client; content:"GET"; http_method; content:"/wp/chromium/launcherchromium.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"hwthurmann.de"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_15; reference:url, urlhaus.abuse.ch/url/2720834/; classtype:trojan-activity;sid:83583934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2720676)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.210.35.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_15; reference:url, urlhaus.abuse.ch/url/2720676/; classtype:trojan-activity;sid:83583776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2720427)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.213.157.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_14; reference:url, urlhaus.abuse.ch/url/2720427/; classtype:trojan-activity;sid:83583527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2719389)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1satmexzn3qpvqzfxnc-5dtnnn8lihdxh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_12; reference:url, urlhaus.abuse.ch/url/2719389/; classtype:trojan-activity;sid:83582489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2719281)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jxxc4l7icdzs0zx0iz7hayfglrujm8ro"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_10_11; reference:url, urlhaus.abuse.ch/url/2719281/; classtype:trojan-activity;sid:83582381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2719171)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1gwsdcu5mxxo0oq3kiaerlwqqcpxbg74p|7c|26|7c|export=download|7c|26|7c|authuser=0"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_11; reference:url, urlhaus.abuse.ch/url/2719171/; classtype:trojan-activity;sid:83582271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2717655)"; flow:established,from_client; content:"GET"; http_method; content:"/tautaracheats-dwnld/tautaracheats/downloads/fortnite_cheat.rar"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_06; reference:url, urlhaus.abuse.ch/url/2717655/; classtype:trojan-activity;sid:83580755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2717652)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1nmo38gwdllgzyd-hnhpvh9gq81wetj3x|7c|26|7c|export=download"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_06; reference:url, urlhaus.abuse.ch/url/2717652/; classtype:trojan-activity;sid:83580752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2717636)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.92.126.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_10_06; reference:url, urlhaus.abuse.ch/url/2717636/; classtype:trojan-activity;sid:83580736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2717631)"; flow:established,from_client; content:"GET"; http_method; content:"/112s"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.249.172.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_06; reference:url, urlhaus.abuse.ch/url/2717631/; classtype:trojan-activity;sid:83580731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715888)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12zhu5cy9mntlhoz9fq7v9q_-xi-iozmj"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_02; reference:url, urlhaus.abuse.ch/url/2715888/; classtype:trojan-activity;sid:83578988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715548)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|confirm=no_antivirus|7c|26|7c|id=1-5tfbyc52tepabxjdszg1dcqgaizf0m6"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715548/; classtype:trojan-activity;sid:83578648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714956)"; flow:established,from_client; content:"GET"; http_method; content:"/112"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"43.249.172.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714956/; classtype:trojan-activity;sid:83578056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713178)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.82.211.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713178/; classtype:trojan-activity;sid:83576278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713150)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.131.101.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713150/; classtype:trojan-activity;sid:83576250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2712695)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1re8ewllfl3pjf1m1ywjwjwbitzqqmhjs|7c|26|7c|export=download"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_20; reference:url, urlhaus.abuse.ch/url/2712695/; classtype:trojan-activity;sid:83575795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2712484)"; flow:established,from_client; content:"GET"; http_method; content:"/test/test.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pouya.blob.core.windows.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2023_09_19; reference:url, urlhaus.abuse.ch/url/2712484/; classtype:trojan-activity;sid:83575584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2712386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.126.203.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_18; reference:url, urlhaus.abuse.ch/url/2712386/; classtype:trojan-activity;sid:83575486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2708293)"; flow:established,from_client; content:"GET"; http_method; content:"/!api/2.0/snippets/mounmeinlylo/6qaezk/68ca2fb6aac2a81f027f3153f0d611c70af8c116/files/file"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_08_30; reference:url, urlhaus.abuse.ch/url/2708293/; classtype:trojan-activity;sid:83571393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2708266)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1ekcinmskddduir6reyjrjyzvcyw-1idj|7c|26|7c|export=download"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_08_30; reference:url, urlhaus.abuse.ch/url/2708266/; classtype:trojan-activity;sid:83571366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2707384)"; flow:established,from_client; content:"GET"; http_method; content:"/!api/2.0/snippets/mounmeinlylo/6qano5/2aa998bdd45ea12f5552d98e8e28825a5a95cc86/files/file"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_08_26; reference:url, urlhaus.abuse.ch/url/2707384/; classtype:trojan-activity;sid:83570484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2706939)"; flow:established,from_client; content:"GET"; http_method; content:"/!api/2.0/snippets/mounmeinlylo/bqaeer/5b924a1aa7fee2cb51377a9085ed3793f6a749a7/files/file"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_08_25; reference:url, urlhaus.abuse.ch/url/2706939/; classtype:trojan-activity;sid:83570039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2705989)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"115.94.9.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_08_21; reference:url, urlhaus.abuse.ch/url/2705989/; classtype:trojan-activity;sid:83569089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2705628)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"90.68.161.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_08_20; reference:url, urlhaus.abuse.ch/url/2705628/; classtype:trojan-activity;sid:83568728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2704162)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.36.68.156"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_08_13; reference:url, urlhaus.abuse.ch/url/2704162/; classtype:trojan-activity;sid:83567262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2703942)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.126.203.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_08_11; reference:url, urlhaus.abuse.ch/url/2703942/; classtype:trojan-activity;sid:83567042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2703301)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/twentytwenty/html.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"fetchdesignprint.co.za"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_08_09; reference:url, urlhaus.abuse.ch/url/2703301/; classtype:trojan-activity;sid:83566401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2699237)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.135.142.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_08_05; reference:url, urlhaus.abuse.ch/url/2699237/; classtype:trojan-activity;sid:83562337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2698183)"; flow:established,from_client; content:"GET"; http_method; content:"/gif"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"y.shavsl.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_08_04; reference:url, urlhaus.abuse.ch/url/2698183/; classtype:trojan-activity;sid:83561283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2698184)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"z.shavsl.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_08_04; reference:url, urlhaus.abuse.ch/url/2698184/; classtype:trojan-activity;sid:83561284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2693150)"; flow:established,from_client; content:"GET"; http_method; content:"/housenetshare.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"stdown.dinju.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_07_31; reference:url, urlhaus.abuse.ch/url/2693150/; classtype:trojan-activity;sid:83556250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2689489)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jvqaqhw3wrdy09sf69rsggxmk_jl7lz5"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_07_25; reference:url, urlhaus.abuse.ch/url/2689489/; classtype:trojan-activity;sid:83552589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2688262)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.194.46.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_07_23; reference:url, urlhaus.abuse.ch/url/2688262/; classtype:trojan-activity;sid:83551362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2687872)"; flow:established,from_client; content:"GET"; http_method; content:"/new.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"resourceedge.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_07_22; reference:url, urlhaus.abuse.ch/url/2687872/; classtype:trojan-activity;sid:83550972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2687083)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"24.153.218.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_07_21; reference:url, urlhaus.abuse.ch/url/2687083/; classtype:trojan-activity;sid:83550183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2685030)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1kavuowl0c1mms_vtxozw-cwq7hwto0el|7c|26|7c|export=download|7c|26|7c|authuser=0"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_07_18; reference:url, urlhaus.abuse.ch/url/2685030/; classtype:trojan-activity;sid:83548130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2684828)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.100.50.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_07_18; reference:url, urlhaus.abuse.ch/url/2684828/; classtype:trojan-activity;sid:83547928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2682047)"; flow:established,from_client; content:"GET"; http_method; content:"/yfrfklulpjtnvv25.bin"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"diclegrup.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_07_13; reference:url, urlhaus.abuse.ch/url/2682047/; classtype:trojan-activity;sid:83545147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678477)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"83.234.203.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678477/; classtype:trojan-activity;sid:83541577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2677397)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dll"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"193.142.147.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_07_06; reference:url, urlhaus.abuse.ch/url/2677397/; classtype:trojan-activity;sid:83540497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2677394)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/freebl3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"193.142.147.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_07_06; reference:url, urlhaus.abuse.ch/url/2677394/; classtype:trojan-activity;sid:83540494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2677395)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/msvcp140.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"193.142.147.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_07_06; reference:url, urlhaus.abuse.ch/url/2677395/; classtype:trojan-activity;sid:83540495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2677396)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"193.142.147.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_07_06; reference:url, urlhaus.abuse.ch/url/2677396/; classtype:trojan-activity;sid:83540496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2677393)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/mozglue.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"193.142.147.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_07_06; reference:url, urlhaus.abuse.ch/url/2677393/; classtype:trojan-activity;sid:83540493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2677391)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/softokn3.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"193.142.147.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_07_06; reference:url, urlhaus.abuse.ch/url/2677391/; classtype:trojan-activity;sid:83540491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2677392)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/vcruntime140.dll"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"193.142.147.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_07_06; reference:url, urlhaus.abuse.ch/url/2677392/; classtype:trojan-activity;sid:83540492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2677015)"; flow:established,from_client; content:"GET"; http_method; content:"/workker300066/partners/downloads/project_8.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_07_05; reference:url, urlhaus.abuse.ch/url/2677015/; classtype:trojan-activity;sid:83540115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2676880)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/id3/qmydsnl.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"lostheaven.com.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_07_05; reference:url, urlhaus.abuse.ch/url/2676880/; classtype:trojan-activity;sid:83539980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2676879)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/id3/apctntoca.bmp"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"lostheaven.com.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_07_05; reference:url, urlhaus.abuse.ch/url/2676879/; classtype:trojan-activity;sid:83539979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2675825)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uh8squz6doag3ywzn7rpx0k5jfze9r6d"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_07_03; reference:url, urlhaus.abuse.ch/url/2675825/; classtype:trojan-activity;sid:83538925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2674155)"; flow:established,from_client; content:"GET"; http_method; content:"/samesaaa/123/downloads/tjeajweeeh.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_30; reference:url, urlhaus.abuse.ch/url/2674155/; classtype:trojan-activity;sid:83537255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2672273)"; flow:established,from_client; content:"GET"; http_method; content:"/u/0/uc|3f|id=1vi2wqh_zcpd3b6thl70mdflfywpajesa|7c|26|7c|export=download"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_26; reference:url, urlhaus.abuse.ch/url/2672273/; classtype:trojan-activity;sid:83535373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2668530)"; flow:established,from_client; content:"GET"; http_method; content:"/frozenthrone1337/yeah/downloads/64.dll"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_21; reference:url, urlhaus.abuse.ch/url/2668530/; classtype:trojan-activity;sid:83531630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2662089)"; flow:established,from_client; content:"GET"; http_method; content:"/worldofsoft1/soft/downloads/soft.rar"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2662089/; classtype:trojan-activity;sid:83525189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2662056)"; flow:established,from_client; content:"GET"; http_method; content:"/_framework/abc.client.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"pagamento.afya.com.br"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2662056/; classtype:trojan-activity;sid:83525156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661661)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661661/; classtype:trojan-activity;sid:83524761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661657)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661657/; classtype:trojan-activity;sid:83524757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661658)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661658/; classtype:trojan-activity;sid:83524758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661659)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661659/; classtype:trojan-activity;sid:83524759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661660)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661660/; classtype:trojan-activity;sid:83524760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661653)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661653/; classtype:trojan-activity;sid:83524753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661654)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661654/; classtype:trojan-activity;sid:83524754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661655)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661655/; classtype:trojan-activity;sid:83524755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661656)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661656/; classtype:trojan-activity;sid:83524756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661553)"; flow:established,from_client; content:"GET"; http_method; content:"/apilogic2023/api/downloads/password_2022_installer.rar"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661553/; classtype:trojan-activity;sid:83524653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2658185)"; flow:established,from_client; content:"GET"; http_method; content:"/contore/update/downloads/password_2022_installer.rar"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_12; reference:url, urlhaus.abuse.ch/url/2658185/; classtype:trojan-activity;sid:83521285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2640781)"; flow:established,from_client; content:"GET"; http_method; content:"/public/f1.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"servisaludocupacional.pe"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2023_05_25; reference:url, urlhaus.abuse.ch/url/2640781/; classtype:trojan-activity;sid:83503881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2640280)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"98.14.183.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_05_24; reference:url, urlhaus.abuse.ch/url/2640280/; classtype:trojan-activity;sid:83503380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2637944)"; flow:established,from_client; content:"GET"; http_method; content:"/ldr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.38.23.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_05_21; reference:url, urlhaus.abuse.ch/url/2637944/; classtype:trojan-activity;sid:83501044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2636860)"; flow:established,from_client; content:"GET"; http_method; content:"/fdfffdfdd/sasa/downloads/crypted.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_05_19; reference:url, urlhaus.abuse.ch/url/2636860/; classtype:trojan-activity;sid:83499960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2632406)"; flow:established,from_client; content:"GET"; http_method; content:"/myworkescxz/meyca/downloads/soft.rar"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_05_15; reference:url, urlhaus.abuse.ch/url/2632406/; classtype:trojan-activity;sid:83495506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2629977)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|confirm=t|7c|26|7c|id=145b1fbjtyee3w1rjsazo7hzcoiiaxzum|7c|26|7c|uuid=eb581596-9566-4a21-b3b6-e6909eb42ff6|7c|26|7c|at=akkf8vzrltviqrn7wljfjcwisgcc:1683793107077"; http_uri; depth:193; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_05_11; reference:url, urlhaus.abuse.ch/url/2629977/; classtype:trojan-activity;sid:83493077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2621766)"; flow:established,from_client; content:"GET"; http_method; content:"/jwgo-software/software_good/downloads/svcpjuhbt.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_05_01; reference:url, urlhaus.abuse.ch/url/2621766/; classtype:trojan-activity;sid:83484866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2618340)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_26; reference:url, urlhaus.abuse.ch/url/2618340/; classtype:trojan-activity;sid:83481440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615901)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.59.133.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_22; reference:url, urlhaus.abuse.ch/url/2615901/; classtype:trojan-activity;sid:83479001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615316)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.177.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615316/; classtype:trojan-activity;sid:83478416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615314)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"194.208.56.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615314/; classtype:trojan-activity;sid:83478414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615296)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.195.141.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615296/; classtype:trojan-activity;sid:83478396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615287)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.49.47.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615287/; classtype:trojan-activity;sid:83478387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615283)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.65.45.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615283/; classtype:trojan-activity;sid:83478383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615280)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.93.41.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615280/; classtype:trojan-activity;sid:83478380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615268)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.210.197.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615268/; classtype:trojan-activity;sid:83478368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615266)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.166.220.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615266/; classtype:trojan-activity;sid:83478366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615262)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.81.127.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615262/; classtype:trojan-activity;sid:83478362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615260)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.22.237.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615260/; classtype:trojan-activity;sid:83478360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615259)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"201.20.122.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615259/; classtype:trojan-activity;sid:83478359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615258)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.153.20.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615258/; classtype:trojan-activity;sid:83478358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615245)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.235.189.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615245/; classtype:trojan-activity;sid:83478345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2612791)"; flow:established,from_client; content:"GET"; http_method; content:"/foxxlrep/repo/downloads/za.xlsx"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_18; reference:url, urlhaus.abuse.ch/url/2612791/; classtype:trojan-activity;sid:83475891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2612792)"; flow:established,from_client; content:"GET"; http_method; content:"/foxxlrep/repo/downloads/zip.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_18; reference:url, urlhaus.abuse.ch/url/2612792/; classtype:trojan-activity;sid:83475892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2612790)"; flow:established,from_client; content:"GET"; http_method; content:"/foxxlrep/repo/downloads/newf.dotm"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_18; reference:url, urlhaus.abuse.ch/url/2612790/; classtype:trojan-activity;sid:83475890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2604132)"; flow:established,from_client; content:"GET"; http_method; content:"/rpvpov0nqt/rpvpov0nqt/downloads/fortnite_hack.rar"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_10; reference:url, urlhaus.abuse.ch/url/2604132/; classtype:trojan-activity;sid:83467232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2604131)"; flow:established,from_client; content:"GET"; http_method; content:"/rpvpov0nqt/rpvpov0nqt/downloads/roblox_doors_src.rar"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_10; reference:url, urlhaus.abuse.ch/url/2604131/; classtype:trojan-activity;sid:83467231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2603691)"; flow:established,from_client; content:"GET"; http_method; content:"/rpvpov0nqt/rpvpov0nqt/downloads/new_kiddions.rar"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_09; reference:url, urlhaus.abuse.ch/url/2603691/; classtype:trojan-activity;sid:83466791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2601085)"; flow:established,from_client; content:"GET"; http_method; content:"/softwarefiles/fulldownloadhere/downloads/main_setups_full_version.rar"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_07; reference:url, urlhaus.abuse.ch/url/2601085/; classtype:trojan-activity;sid:83464185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2598926)"; flow:established,from_client; content:"GET"; http_method; content:"/4afziyfqzm/afziyfqzm/downloads/new_kiddions.rar"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_05; reference:url, urlhaus.abuse.ch/url/2598926/; classtype:trojan-activity;sid:83462026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2582583)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.57.183.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_03_23; reference:url, urlhaus.abuse.ch/url/2582583/; classtype:trojan-activity;sid:83445683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2581006)"; flow:established,from_client; content:"GET"; http_method; content:"/salatikochen/salatapps/archive/refs/heads/main.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_03_22; reference:url, urlhaus.abuse.ch/url/2581006/; classtype:trojan-activity;sid:83444106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2580812)"; flow:established,from_client; content:"GET"; http_method; content:"/download-aa/download_aaa/downloads/kiddions_mod_menu.rar"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_22; reference:url, urlhaus.abuse.ch/url/2580812/; classtype:trojan-activity;sid:83443912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2580185)"; flow:established,from_client; content:"GET"; http_method; content:"/forum/vjak1cx/"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"techniguitare.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_03_21; reference:url, urlhaus.abuse.ch/url/2580185/; classtype:trojan-activity;sid:83443285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2577714)"; flow:established,from_client; content:"GET"; http_method; content:"/neironner/app/downloads/appwesoft.rar"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_19; reference:url, urlhaus.abuse.ch/url/2577714/; classtype:trojan-activity;sid:83440814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2568556)"; flow:established,from_client; content:"GET"; http_method; content:"/jhjhhjhjjhhj/regge/downloads/f%d0%bertnit%d0%b5_h%d0%a1.rar"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_13; reference:url, urlhaus.abuse.ch/url/2568556/; classtype:trojan-activity;sid:83431656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2567740)"; flow:established,from_client; content:"GET"; http_method; content:"/aneex/gtavnew/downloads/kiddions_menu.rar"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_12; reference:url, urlhaus.abuse.ch/url/2567740/; classtype:trojan-activity;sid:83430840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2566099)"; flow:established,from_client; content:"GET"; http_method; content:"/aneex/warzone_2.0_unlock_tool_aim_esp/downloads/warzone_2.0_unlock_tool_aim_esp.rar"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_11; reference:url, urlhaus.abuse.ch/url/2566099/; classtype:trojan-activity;sid:83429199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2563159)"; flow:established,from_client; content:"GET"; http_method; content:"/u/1/uc|3f|id=1uq00qoghsvrdaayru6cjrd9pctx-dknv|7c|26|7c|export=download"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_08; reference:url, urlhaus.abuse.ch/url/2563159/; classtype:trojan-activity;sid:83426259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2556466)"; flow:established,from_client; content:"GET"; http_method; content:"/zesoftwares/zesoft/downloads/zesoftapp.rar"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_03; reference:url, urlhaus.abuse.ch/url/2556466/; classtype:trojan-activity;sid:83419566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2555659)"; flow:established,from_client; content:"GET"; http_method; content:"/u/0/uc|3f|id=1prfxr7v6xwfvjnk9nlcnb5u0leqydzlg|7c|26|7c|export=download/|3f|q="; http_uri; depth:79; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_02; reference:url, urlhaus.abuse.ch/url/2555659/; classtype:trojan-activity;sid:83418759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2554979)"; flow:established,from_client; content:"GET"; http_method; content:"/valentinomaseratti/symphitems/downloads/passw_items_applicationsetupfile14.1.rar"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_02; reference:url, urlhaus.abuse.ch/url/2554979/; classtype:trojan-activity;sid:83418079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2554059)"; flow:established,from_client; content:"GET"; http_method; content:"/download-aa/download_aaa/downloads/fortnite_hack.rar"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_01; reference:url, urlhaus.abuse.ch/url/2554059/; classtype:trojan-activity;sid:83417159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2553981)"; flow:established,from_client; content:"GET"; http_method; content:"/shgz2/sghz3/downloads/fortnie_hack.rar"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_01; reference:url, urlhaus.abuse.ch/url/2553981/; classtype:trojan-activity;sid:83417081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2551753)"; flow:established,from_client; content:"GET"; http_method; content:"/easy-s0ft/easys0ft/downloads/fortnite_hack.rar"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_27; reference:url, urlhaus.abuse.ch/url/2551753/; classtype:trojan-activity;sid:83414853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2545788)"; flow:established,from_client; content:"GET"; http_method; content:"/tedburke/commandcam/archive/refs/heads/master.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_20; reference:url, urlhaus.abuse.ch/url/2545788/; classtype:trojan-activity;sid:83408888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2540038)"; flow:established,from_client; content:"GET"; http_method; content:"/shgz2/sghz3/downloads/kiddions_mod_menu.rar"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_14; reference:url, urlhaus.abuse.ch/url/2540038/; classtype:trojan-activity;sid:83403138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2540034)"; flow:established,from_client; content:"GET"; http_method; content:"/unlockteame/unlimited/zip/refs/heads/main"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_14; reference:url, urlhaus.abuse.ch/url/2540034/; classtype:trojan-activity;sid:83403134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530828)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_05; reference:url, urlhaus.abuse.ch/url/2530828/; classtype:trojan-activity;sid:83393928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2524967)"; flow:established,from_client; content:"GET"; http_method; content:"/neonbatsv4/neonbats2/downloads/neonbatsloader.rar"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_01; reference:url, urlhaus.abuse.ch/url/2524967/; classtype:trojan-activity;sid:83388067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2524963)"; flow:established,from_client; content:"GET"; http_method; content:"/adobeofficial/adobeofficiall/downloads/setup_en_x64.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_01; reference:url, urlhaus.abuse.ch/url/2524963/; classtype:trojan-activity;sid:83388063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2517803)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_25; reference:url, urlhaus.abuse.ch/url/2517803/; classtype:trojan-activity;sid:83380903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2517462)"; flow:established,from_client; content:"GET"; http_method; content:"/kb824105-x86-enu.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"microsecurityupdate.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2023_01_24; reference:url, urlhaus.abuse.ch/url/2517462/; classtype:trojan-activity;sid:83380562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2504339)"; flow:established,from_client; content:"GET"; http_method; content:"/admin/89wkr/"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"coadymarine.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_01_11; reference:url, urlhaus.abuse.ch/url/2504339/; classtype:trojan-activity;sid:83367439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2496330)"; flow:established,from_client; content:"GET"; http_method; content:"/lucianoeasy1/whythefuckareutryingtotrackthishttpdebuggerlol/raw/67c59c70dfb800fa2bf21b3217e2485221c20428/fund.exe"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_01_04; reference:url, urlhaus.abuse.ch/url/2496330/; classtype:trojan-activity;sid:83359430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2466408)"; flow:established,from_client; content:"GET"; http_method; content:"/sys.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"194.38.23.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_12_16; reference:url, urlhaus.abuse.ch/url/2466408/; classtype:trojan-activity;sid:83329508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2453522)"; flow:established,from_client; content:"GET"; http_method; content:"/wfwfwe2/2/downloads/softinstall.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_12_10; reference:url, urlhaus.abuse.ch/url/2453522/; classtype:trojan-activity;sid:83316622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2448650)"; flow:established,from_client; content:"GET"; http_method; content:"/x/3sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"113.106.167.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_12_06; reference:url, urlhaus.abuse.ch/url/2448650/; classtype:trojan-activity;sid:83311750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2448651)"; flow:established,from_client; content:"GET"; http_method; content:"/x/1sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"113.106.167.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_12_06; reference:url, urlhaus.abuse.ch/url/2448651/; classtype:trojan-activity;sid:83311751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2445055)"; flow:established,from_client; content:"GET"; http_method; content:"/112download/browser/downloads/onionbrowser.rar"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_12_05; reference:url, urlhaus.abuse.ch/url/2445055/; classtype:trojan-activity;sid:83308155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2444693)"; flow:established,from_client; content:"GET"; http_method; content:"/aneex/rust-aim-esp/downloads/rust_aimesp.rar"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_12_05; reference:url, urlhaus.abuse.ch/url/2444693/; classtype:trojan-activity;sid:83307793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2441528)"; flow:established,from_client; content:"GET"; http_method; content:"/aneex/kiddions_menu/downloads/kiddions_menu.rar"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_12_02; reference:url, urlhaus.abuse.ch/url/2441528/; classtype:trojan-activity;sid:83304628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2441027)"; flow:established,from_client; content:"GET"; http_method; content:"/dl/idr/v3/pub/idrb5event.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"update.itopvpn.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2022_12_01; reference:url, urlhaus.abuse.ch/url/2441027/; classtype:trojan-activity;sid:83304127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2440082)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/raw/master/discord%20rat/resources/token%20grabber.dll"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_11_30; reference:url, urlhaus.abuse.ch/url/2440082/; classtype:trojan-activity;sid:83303182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2440081)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/raw/master/discord%20rat/resources/passwordstealer.dll"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_11_30; reference:url, urlhaus.abuse.ch/url/2440081/; classtype:trojan-activity;sid:83303181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2439091)"; flow:established,from_client; content:"GET"; http_method; content:"/pavelalekseev11/346346/downloads/socks5-clean.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_30; reference:url, urlhaus.abuse.ch/url/2439091/; classtype:trojan-activity;sid:83302191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2435505)"; flow:established,from_client; content:"GET"; http_method; content:"/aneex/gtaaaaa/downloads/kiddions_menu.rar"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_28; reference:url, urlhaus.abuse.ch/url/2435505/; classtype:trojan-activity;sid:83298605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2433701)"; flow:established,from_client; content:"GET"; http_method; content:"/slack-files/windows/downloads/siacksetupwin.iso"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_26; reference:url, urlhaus.abuse.ch/url/2433701/; classtype:trojan-activity;sid:83296801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2433294)"; flow:established,from_client; content:"GET"; http_method; content:"/upd/loaderavx.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"updates.ultimate-fakkers.co.network"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2022_11_26; reference:url, urlhaus.abuse.ch/url/2433294/; classtype:trojan-activity;sid:83296394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2423598)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_11_17; reference:url, urlhaus.abuse.ch/url/2423598/; classtype:trojan-activity;sid:83286698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2414734)"; flow:established,from_client; content:"GET"; http_method; content:"/core"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cnom.sante.gov.ml"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_11_16; reference:url, urlhaus.abuse.ch/url/2414734/; classtype:trojan-activity;sid:83277834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2414733)"; flow:established,from_client; content:"GET"; http_method; content:"/12"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"cnom.sante.gov.ml"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_11_16; reference:url, urlhaus.abuse.ch/url/2414733/; classtype:trojan-activity;sid:83277833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2414398)"; flow:established,from_client; content:"GET"; http_method; content:"/greeeengo/xcaseasd/downloads/%d0%a1s_g%d0%9e_ch%d0%90ng%d0%95r.rar"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_16; reference:url, urlhaus.abuse.ch/url/2414398/; classtype:trojan-activity;sid:83277498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2414362)"; flow:established,from_client; content:"GET"; http_method; content:"/greeeengo/xcaseasd/downloads/sonic_frontiers_cracked.rar"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_16; reference:url, urlhaus.abuse.ch/url/2414362/; classtype:trojan-activity;sid:83277462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2414361)"; flow:established,from_client; content:"GET"; http_method; content:"/greeeengo/xcaseasd/downloads/g%d0%bed_of_war_ragnar%d0%bek_cr%d0%b0%d1%81k.rar"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_16; reference:url, urlhaus.abuse.ch/url/2414361/; classtype:trojan-activity;sid:83277461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2414174)"; flow:established,from_client; content:"GET"; http_method; content:"/greeeengo/xcaseasd/downloads/5m_mod_menu.rar"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_16; reference:url, urlhaus.abuse.ch/url/2414174/; classtype:trojan-activity;sid:83277274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2412427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.91.54.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_11_15; reference:url, urlhaus.abuse.ch/url/2412427/; classtype:trojan-activity;sid:83275527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2408626)"; flow:established,from_client; content:"GET"; http_method; content:"/downcloud-load-ad/ads1022/downloads/afterburner.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_12; reference:url, urlhaus.abuse.ch/url/2408626/; classtype:trojan-activity;sid:83271726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2408069)"; flow:established,from_client; content:"GET"; http_method; content:"/analytics/zy5ntk/"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"fromthetrenchesworldreport.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2022_11_11; reference:url, urlhaus.abuse.ch/url/2408069/; classtype:trojan-activity;sid:83271169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2407720)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/eaeuutop/"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.globallaborsupply.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2022_11_11; reference:url, urlhaus.abuse.ch/url/2407720/; classtype:trojan-activity;sid:83270820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2406518)"; flow:established,from_client; content:"GET"; http_method; content:"/osaka123/mahoa1/downloads/suburbanskamacite.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_10; reference:url, urlhaus.abuse.ch/url/2406518/; classtype:trojan-activity;sid:83269618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2312083)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.91.54.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_09_23; reference:url, urlhaus.abuse.ch/url/2312083/; classtype:trojan-activity;sid:83175183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2303232)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.81.131.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_09_15; reference:url, urlhaus.abuse.ch/url/2303232/; classtype:trojan-activity;sid:83166332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2301947)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.201.176.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_09_13; reference:url, urlhaus.abuse.ch/url/2301947/; classtype:trojan-activity;sid:83165047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2296313)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.180.9.57"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_09_07; reference:url, urlhaus.abuse.ch/url/2296313/; classtype:trojan-activity;sid:83159413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2289762)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.174.82.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_09_02; reference:url, urlhaus.abuse.ch/url/2289762/; classtype:trojan-activity;sid:83152862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2277626)"; flow:established,from_client; content:"GET"; http_method; content:"/f84nls2/plugins/cred.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_08_25; reference:url, urlhaus.abuse.ch/url/2277626/; classtype:trojan-activity;sid:83140726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2274787)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_08_19; reference:url, urlhaus.abuse.ch/url/2274787/; classtype:trojan-activity;sid:83137887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2274783)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_08_19; reference:url, urlhaus.abuse.ch/url/2274783/; classtype:trojan-activity;sid:83137883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2267284)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.38.24.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_08_06; reference:url, urlhaus.abuse.ch/url/2267284/; classtype:trojan-activity;sid:83130384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2261300)"; flow:established,from_client; content:"GET"; http_method; content:"/opencart/system/library/cache/.cache/loader.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"www.maxmoney.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_07_26; reference:url, urlhaus.abuse.ch/url/2261300/; classtype:trojan-activity;sid:83124400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2260566)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.65.205.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_07_24; reference:url, urlhaus.abuse.ch/url/2260566/; classtype:trojan-activity;sid:83123666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2258802)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.131.84.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_07_19; reference:url, urlhaus.abuse.ch/url/2258802/; classtype:trojan-activity;sid:83121902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2255098)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.173.39.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_07_07; reference:url, urlhaus.abuse.ch/url/2255098/; classtype:trojan-activity;sid:83118198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2253022)"; flow:established,from_client; content:"GET"; http_method; content:"/lkb2dxj3/plugins/cred.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_07_01; reference:url, urlhaus.abuse.ch/url/2253022/; classtype:trojan-activity;sid:83116122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2252729)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=11mi132ptx9rjlbgex4ep7qabji8v7urn"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_30; reference:url, urlhaus.abuse.ch/url/2252729/; classtype:trojan-activity;sid:83115829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2252574)"; flow:established,from_client; content:"GET"; http_method; content:"/updates1/up.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"1717.1000uc.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_30; reference:url, urlhaus.abuse.ch/url/2252574/; classtype:trojan-activity;sid:83115674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2246119)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.169.235.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_20; reference:url, urlhaus.abuse.ch/url/2246119/; classtype:trojan-activity;sid:83109219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2237418)"; flow:established,from_client; content:"GET"; http_method; content:"/system/gbh/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"airhobi.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_14; reference:url, urlhaus.abuse.ch/url/2237418/; classtype:trojan-activity;sid:83100518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2236625)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sm02zsvdywdotb7rql/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"dhnconstrucciones.com.ar"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_13; reference:url, urlhaus.abuse.ch/url/2236625/; classtype:trojan-activity;sid:83099725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2233031)"; flow:established,from_client; content:"GET"; http_method; content:"/.l/pty4|3f|ddos"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"106.246.224.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_10; reference:url, urlhaus.abuse.ch/url/2233031/; classtype:trojan-activity;sid:83096131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2232167)"; flow:established,from_client; content:"GET"; http_method; content:"/images/vaj7fuqye5y9.old/"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bruiserbodies.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_09; reference:url, urlhaus.abuse.ch/url/2232167/; classtype:trojan-activity;sid:83095267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2232148)"; flow:established,from_client; content:"GET"; http_method; content:"/images/vaj7fuqye5y9.bak/"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bruiserbodies.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_09; reference:url, urlhaus.abuse.ch/url/2232148/; classtype:trojan-activity;sid:83095248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2230406)"; flow:established,from_client; content:"GET"; http_method; content:"/down/newsales/adm_atu.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"palharesinformatica.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2022_06_08; reference:url, urlhaus.abuse.ch/url/2230406/; classtype:trojan-activity;sid:83093506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2227709)"; flow:established,from_client; content:"GET"; http_method; content:"/img/rm0xpx/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"jobcity.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_06; reference:url, urlhaus.abuse.ch/url/2227709/; classtype:trojan-activity;sid:83090809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2211781)"; flow:established,from_client; content:"GET"; http_method; content:"/accesorios/xqp/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tecni-soft.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_05_26; reference:url, urlhaus.abuse.ch/url/2211781/; classtype:trojan-activity;sid:83074881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2204168)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.233.242.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_05_20; reference:url, urlhaus.abuse.ch/url/2204168/; classtype:trojan-activity;sid:83067268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2192744)"; flow:established,from_client; content:"GET"; http_method; content:"/crt/xe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pns.org.pk"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_05_13; reference:url, urlhaus.abuse.ch/url/2192744/; classtype:trojan-activity;sid:83055844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2191248)"; flow:established,from_client; content:"GET"; http_method; content:"/application/phebceg4tx/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"www.ingonherbal.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_05_12; reference:url, urlhaus.abuse.ch/url/2191248/; classtype:trojan-activity;sid:83054348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2186950)"; flow:established,from_client; content:"GET"; http_method; content:"/photoback"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"compan.oss-cn-hongkong.aliyuncs.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2022_05_09; reference:url, urlhaus.abuse.ch/url/2186950/; classtype:trojan-activity;sid:83050050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2160307)"; flow:established,from_client; content:"GET"; http_method; content:"/dos/gaa/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"famesa.com.ar"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_04_22; reference:url, urlhaus.abuse.ch/url/2160307/; classtype:trojan-activity;sid:83023407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2160004)"; flow:established,from_client; content:"GET"; http_method; content:"/dos/gaa/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"famesa.com.ar"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_04_22; reference:url, urlhaus.abuse.ch/url/2160004/; classtype:trojan-activity;sid:83023104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2150451)"; flow:established,from_client; content:"GET"; http_method; content:"/.vi"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.216.133.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_04_16; reference:url, urlhaus.abuse.ch/url/2150451/; classtype:trojan-activity;sid:83013551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2143816)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/server.txt"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"linkvilleplayers.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2022_04_12; reference:url, urlhaus.abuse.ch/url/2143816/; classtype:trojan-activity;sid:83006916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2134110)"; flow:established,from_client; content:"GET"; http_method; content:"/0011b9cd240249c3aeb520ea1205eaf1.jpg"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zhengxinpeixun.oss-cn-qingdao.aliyuncs.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2022_04_06; reference:url, urlhaus.abuse.ch/url/2134110/; classtype:trojan-activity;sid:82997210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2126325)"; flow:established,from_client; content:"GET"; http_method; content:"/paginamasvieja1321654/vxbzo/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"sd-1684625-h00001.ferozo.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2022_04_01; reference:url, urlhaus.abuse.ch/url/2126325/; classtype:trojan-activity;sid:82989425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2124302)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.10.0/xmrig-6.10.0-linux-static-x64.tar.gz"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_03_31; reference:url, urlhaus.abuse.ch/url/2124302/; classtype:trojan-activity;sid:82987402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2123445)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/yq7iksjiep9r/"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"sd-1093121-h00002.ferozo.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2022_03_30; reference:url, urlhaus.abuse.ch/url/2123445/; classtype:trojan-activity;sid:82986545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2120576)"; flow:established,from_client; content:"GET"; http_method; content:"/64prpldhbugztyb2zl/xjvfxpux7xeopwtqsq2/|3f|i=1"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"www.chemsky.tn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_03_29; reference:url, urlhaus.abuse.ch/url/2120576/; classtype:trojan-activity;sid:82983676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2120577)"; flow:established,from_client; content:"GET"; http_method; content:"/64prpldhbugztyb2zl/xjvfxpux7xeopwtqsq2/"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"www.chemsky.tn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_03_29; reference:url, urlhaus.abuse.ch/url/2120577/; classtype:trojan-activity;sid:82983677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2114972)"; flow:established,from_client; content:"GET"; http_method; content:"/paginamasvieja1321654/f1m5dbu8axuqkx0p8/"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"sd-1684625-h00001.ferozo.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2022_03_25; reference:url, urlhaus.abuse.ch/url/2114972/; classtype:trojan-activity;sid:82978072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2113865)"; flow:established,from_client; content:"GET"; http_method; content:"/.l/pty3|3f|ddos"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"106.246.224.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_03_24; reference:url, urlhaus.abuse.ch/url/2113865/; classtype:trojan-activity;sid:82976965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086600)"; flow:established,from_client; content:"GET"; http_method; content:"/logfiles/u2o/"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.25.223.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086600/; classtype:trojan-activity;sid:82949700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086476)"; flow:established,from_client; content:"GET"; http_method; content:"/.l/pty4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"106.246.224.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086476/; classtype:trojan-activity;sid:82949576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086449)"; flow:established,from_client; content:"GET"; http_method; content:"/.l/pty3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"106.246.224.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086449/; classtype:trojan-activity;sid:82949549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gvnzexvvs3vpv0-ihflwnmzmhij3qqly"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086235/; classtype:trojan-activity;sid:82949335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2076705)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.158.95.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_03_04; reference:url, urlhaus.abuse.ch/url/2076705/; classtype:trojan-activity;sid:82939805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2066122)"; flow:established,from_client; content:"GET"; http_method; content:"/images/vin1.jpg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"namthaibinh.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_02_28; reference:url, urlhaus.abuse.ch/url/2066122/; classtype:trojan-activity;sid:82929222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2057408)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.38.98.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_02_24; reference:url, urlhaus.abuse.ch/url/2057408/; classtype:trojan-activity;sid:82920508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2051389)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.142.114.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_02_21; reference:url, urlhaus.abuse.ch/url/2051389/; classtype:trojan-activity;sid:82914489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2048755)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.34.209.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_02_19; reference:url, urlhaus.abuse.ch/url/2048755/; classtype:trojan-activity;sid:82911855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2043048)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.231.226.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_02_14; reference:url, urlhaus.abuse.ch/url/2043048/; classtype:trojan-activity;sid:82906148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003780)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.92.28.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003780/; classtype:trojan-activity;sid:82866880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1996626)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.92.181.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_21; reference:url, urlhaus.abuse.ch/url/1996626/; classtype:trojan-activity;sid:82859726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1988943)"; flow:established,from_client; content:"GET"; http_method; content:"/ldr.sh|3f|le0943_http"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"194.145.227.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_19; reference:url, urlhaus.abuse.ch/url/1988943/; classtype:trojan-activity;sid:82852043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1978480)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.22.136.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_15; reference:url, urlhaus.abuse.ch/url/1978480/; classtype:trojan-activity;sid:82841580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1961882)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_10; reference:url, urlhaus.abuse.ch/url/1961882/; classtype:trojan-activity;sid:82824982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1960874)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_09; reference:url, urlhaus.abuse.ch/url/1960874/; classtype:trojan-activity;sid:82823974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1915732)"; flow:established,from_client; content:"GET"; http_method; content:"/5w/%e4%ba%94%e5%91%b3%e4%bc%a0%e5%a5%87.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"xz888.oss-cn-hangzhou.aliyuncs.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2021_12_24; reference:url, urlhaus.abuse.ch/url/1915732/; classtype:trojan-activity;sid:82778832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1915365)"; flow:established,from_client; content:"GET"; http_method; content:"/5j1ae/apmyyqsc6q3p5y/"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"aosafrica.co.za"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_23; reference:url, urlhaus.abuse.ch/url/1915365/; classtype:trojan-activity;sid:82778465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1901636)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.247.222.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_20; reference:url, urlhaus.abuse.ch/url/1901636/; classtype:trojan-activity;sid:82764736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1887133)"; flow:established,from_client; content:"GET"; http_method; content:"/autokey/update/autokey.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"api.52kkg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1887133/; classtype:trojan-activity;sid:82750233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1761107)"; flow:established,from_client; content:"GET"; http_method; content:"/svr_netchecker/server.asp|3f|v_command=3002|7c|26|7c|v_progname=sjptmanagerlauncher.exe"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"server.toeicswt.co.kr"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2021_11_07; reference:url, urlhaus.abuse.ch/url/1761107/; classtype:trojan-activity;sid:82624207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1666548)"; flow:established,from_client; content:"GET"; http_method; content:"/setup/%e5%88%9d%e5%a6%86%e5%8a%a9%e6%89%8b.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"static.cz01.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_10_11; reference:url, urlhaus.abuse.ch/url/1666548/; classtype:trojan-activity;sid:82529648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1657096)"; flow:established,from_client; content:"GET"; http_method; content:"/update/ana/update.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.teknoarge.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_06; reference:url, urlhaus.abuse.ch/url/1657096/; classtype:trojan-activity;sid:82520196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1653848)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/23s"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"101.51.121.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_10_04; reference:url, urlhaus.abuse.ch/url/1653848/; classtype:trojan-activity;sid:82516948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1653849)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/23"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"101.51.121.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_10_04; reference:url, urlhaus.abuse.ch/url/1653849/; classtype:trojan-activity;sid:82516949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1647561)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12ma_yvbmprts6e_vkfnmwikrnwsarqbw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_29; reference:url, urlhaus.abuse.ch/url/1647561/; classtype:trojan-activity;sid:82510661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1624890)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1o9jg3oqyewncoptigwscdbtfmvtfqygj"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_16; reference:url, urlhaus.abuse.ch/url/1624890/; classtype:trojan-activity;sid:82487990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1560761)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/safmanager/safman_setup.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"www.saf-oil.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_08_24; reference:url, urlhaus.abuse.ch/url/1560761/; classtype:trojan-activity;sid:82423861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1506064)"; flow:established,from_client; content:"GET"; http_method; content:"/ortakmodul/nbys%20asm.net.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"files5.uludagbilisim.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2021_08_04; reference:url, urlhaus.abuse.ch/url/1506064/; classtype:trojan-activity;sid:82369164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1506027)"; flow:established,from_client; content:"GET"; http_method; content:"/nbys.aspx|3f|f=aile_hekimligi/nbys%20ah.net.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"files5.uludagbilisim.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2021_08_04; reference:url, urlhaus.abuse.ch/url/1506027/; classtype:trojan-activity;sid:82369127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1497194)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.223.44.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_08_01; reference:url, urlhaus.abuse.ch/url/1497194/; classtype:trojan-activity;sid:82360294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1459190)"; flow:established,from_client; content:"GET"; http_method; content:"/cliopmq/cluton.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"protechasia.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_16; reference:url, urlhaus.abuse.ch/url/1459190/; classtype:trojan-activity;sid:82322290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1434520)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.205.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_07; reference:url, urlhaus.abuse.ch/url/1434520/; classtype:trojan-activity;sid:82297620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1422022)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1n8_s6gijerearczwh74blkygodig64eo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_07_03; reference:url, urlhaus.abuse.ch/url/1422022/; classtype:trojan-activity;sid:82285122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1422010)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yfqtugahqhqrulwugdekeavffktsl8ci"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_07_03; reference:url, urlhaus.abuse.ch/url/1422010/; classtype:trojan-activity;sid:82285110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1402229)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.230.153.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_26; reference:url, urlhaus.abuse.ch/url/1402229/; classtype:trojan-activity;sid:82265329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1393270)"; flow:established,from_client; content:"GET"; http_method; content:"/downfile.asp|3f|sid=276663/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"www.ysbaojia.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_24; reference:url, urlhaus.abuse.ch/url/1393270/; classtype:trojan-activity;sid:82256370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1391235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sbd1rnw8luztjmsh6gdlzupvyupbopa0|7c|26|7c|revid=0b3yyjts_woklr2vnyxvqohlidxbxn1l2wwjntxfnwvi5v0h3pq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_23; reference:url, urlhaus.abuse.ch/url/1391235/; classtype:trojan-activity;sid:82254335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1378480)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ctmywlj5wouiug1wgizy3ke7yj1u0yor|7c|26|7c|revid=0b_t0-zked1mgagxwmxcwywq5q0q1uk1uoxcwaup6l2ovmtdjpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_19; reference:url, urlhaus.abuse.ch/url/1378480/; classtype:trojan-activity;sid:82241580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1372338)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1alq8r5tnr6wwiftqa3l6d9fymv7y0g9m"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_17; reference:url, urlhaus.abuse.ch/url/1372338/; classtype:trojan-activity;sid:82235438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1350517)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1tilqozot07vylvdmmsfs7ia452jwhktj|7c|26|7c|revid=0b7gsmqzks4xkcdjcwhuvatj2qvlvchnmnnovu2ldzstek2jzpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1350517/; classtype:trojan-activity;sid:82213617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1348672)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1etpmpb2shvuny5dxj5awfpxklxqpbzgx"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1348672/; classtype:trojan-activity;sid:82211772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1331376)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1b6t1mjnjcvndcy-mdqq0neqrbocqyju4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_06; reference:url, urlhaus.abuse.ch/url/1331376/; classtype:trojan-activity;sid:82194476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1327898)"; flow:established,from_client; content:"GET"; http_method; content:"/inst77player/inst77player_1.0.0.1.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"softdl.360tpcdn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_06_05; reference:url, urlhaus.abuse.ch/url/1327898/; classtype:trojan-activity;sid:82190998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1319551)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nw1gmzg6lwtuhs0tte969xcfpp9_dc5q"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_03; reference:url, urlhaus.abuse.ch/url/1319551/; classtype:trojan-activity;sid:82182651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1283230)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/xzgj/3839/%e6%85%95%e8%af%be%e7%bd%91%e8%a7%86%e9%a2%91%e8%a7%a3%e6%9e%90%e5%b7%a5%e5%85%b7_2015.exe"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"d1.udashi.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_25; reference:url, urlhaus.abuse.ch/url/1283230/; classtype:trojan-activity;sid:82146330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1283186)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/wlyy/16396/jxszdjp.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"d1.udashi.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_25; reference:url, urlhaus.abuse.ch/url/1283186/; classtype:trojan-activity;sid:82146286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1283187)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/wlyy/11070/%e6%9a%97%e5%b7%b7%e8%a7%86%e9%a2%91%e8%a7%a3%e6%9e%90%e5%8a%a9%e6%89%8b.exe"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"d1.udashi.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_25; reference:url, urlhaus.abuse.ch/url/1283187/; classtype:trojan-activity;sid:82146287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1283183)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/aqsd/5084/%e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88.exe"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"d1.udashi.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_25; reference:url, urlhaus.abuse.ch/url/1283183/; classtype:trojan-activity;sid:82146283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1268362)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.243.216.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_22; reference:url, urlhaus.abuse.ch/url/1268362/; classtype:trojan-activity;sid:82131462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1237693)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1z7qhwcozjwehksdhw-yuivac2jzwjqia"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_15; reference:url, urlhaus.abuse.ch/url/1237693/; classtype:trojan-activity;sid:82100793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1237690)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1m8jszvq-ztfrul7vgsb6q-n3ftgnkbdj|7c|26|7c|revid=0bxrhybf9__wnmgjlnmxmunzznlu0v204azc4edmzcep6a0hzpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_15; reference:url, urlhaus.abuse.ch/url/1237690/; classtype:trojan-activity;sid:82100790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1233306)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gv_nk9llqw4fxudo-khja7nuuj1kevvw|7c|26|7c|revid=0b7zefp-g6n7vm0zhowo4be9pvus4mmh0ymxvd3r6zlu3ylznpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_14; reference:url, urlhaus.abuse.ch/url/1233306/; classtype:trojan-activity;sid:82096406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1228961)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1a7jwdzayvxw_d3cgv_n7tjf4sty3ufor|7c|26|7c|export=download"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_13; reference:url, urlhaus.abuse.ch/url/1228961/; classtype:trojan-activity;sid:82092061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1227129)"; flow:established,from_client; content:"GET"; http_method; content:"/setup/%e9%a3%9e%e8%9b%be%e5%b7%a5%e5%85%b7%e7%ae%b1.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"static.cz01.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_12; reference:url, urlhaus.abuse.ch/url/1227129/; classtype:trojan-activity;sid:82090229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1223122)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"218.38.241.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_12; reference:url, urlhaus.abuse.ch/url/1223122/; classtype:trojan-activity;sid:82086222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1220349)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1h_dyp_d5lst4akyf2qezxl7j1scvbtvs|7c|26|7c|revid=0b5thckui5i0mdk5moelbnm9vuhnydvjnvwpyq01vrg5xvwhrpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_11; reference:url, urlhaus.abuse.ch/url/1220349/; classtype:trojan-activity;sid:82083449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1199812)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uygnpwzzyzn2rodsrimg0-sloxy_letg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_06; reference:url, urlhaus.abuse.ch/url/1199812/; classtype:trojan-activity;sid:82062912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1184754)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ygn4gkmy9musdp_lgnpyjjh6rskt39vp|7c|26|7c|revid=0b8rbgp2bpeofmk5ta3n3mgjtefbzdevwtk5wwhpjd3yruejjpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_30; reference:url, urlhaus.abuse.ch/url/1184754/; classtype:trojan-activity;sid:82047854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181763)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=mep5euraznm5lmjsb2cuzgf1bs5uzxq6l0lnqudflzavns5legu=|7c|26|7c|filename=%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8.exe"; http_uri; depth:199; isdataat:!1,relative; nocase; content:"cfs9.blog.daum.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181763/; classtype:trojan-activity;sid:82044863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181758)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzze5mtk5nubmczezlnrpc3rvcnkuy29toi9hdhrhy2gvmc8xnzawmdawmdawmdauzxhl|7c|26|7c|filename=oleaut32.dll%bf%c0%b7%f9%c7%d8%b0%e1%c7%cf%b1%e2.exe"; http_uri; depth:184; isdataat:!1,relative; nocase; content:"cfs13.tistory.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181758/; classtype:trojan-activity;sid:82044858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181756)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=mdczafhaznmxmc5ibg9nlmrhdw0ubmv0oi9jtufhrs8wlzkwlmv4zq==|7c|26|7c|filename=xp_sp3_%ed%85%8c%eb%a7%88%ed%8c%a8%ec%b9%98.exe"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"cfs10.blog.daum.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181756/; classtype:trojan-activity;sid:82044856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181754)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzze5mtk5nubmczezlnrpc3rvcnkuy29toi9hdhrhy2gvmc8xnzawmdawmdawmdauzxhl|7c|26|7c|filename=oleaut32.dll%ef%bf%bd%ef%bf%bd%ef%bf%bd%ef%bf%bd%ef%bf%bd%d8%b0%ef%bf%bd%ef%bf%bd%cf%b1%ef%bf%bd.exe"; http_uri; depth:232; isdataat:!1,relative; nocase; content:"cfs13.tistory.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181754/; classtype:trojan-activity;sid:82044854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181755)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=metnwe5aznm3lmjsb2cuzgf1bs5uzxq6l0lnqudflzavmc5legu=|7c|26|7c|filename=%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8-cksal16.exe/%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8-cksal16.exe"; http_uri; depth:303; isdataat:!1,relative; nocase; content:"cfs7.blog.daum.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181755/; classtype:trojan-activity;sid:82044855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1167210)"; flow:established,from_client; content:"GET"; http_method; content:"/ldr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.145.227.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_04_25; reference:url, urlhaus.abuse.ch/url/1167210/; classtype:trojan-activity;sid:82030310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1152444)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jpl-uouydm5hypqm67uokyddrblbpxvw|7c|26|7c|revid=0b7zpiprmoc5ubhpwclq0cxdyte5vwtrbymnidznhtgm3bzvrpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_22; reference:url, urlhaus.abuse.ch/url/1152444/; classtype:trojan-activity;sid:82015544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1091105)"; flow:established,from_client; content:"GET"; http_method; content:"/r6x7x6rf.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"travelwithmanta.co.za"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2021_03_25; reference:url, urlhaus.abuse.ch/url/1091105/; classtype:trojan-activity;sid:81954205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1090482)"; flow:established,from_client; content:"GET"; http_method; content:"/r6x7x6rf.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"travelwithmanta.co.za"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2021_03_25; reference:url, urlhaus.abuse.ch/url/1090482/; classtype:trojan-activity;sid:81953582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1061608)"; flow:established,from_client; content:"GET"; http_method; content:"/dos/nemesy13.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"dl.packetstormsecurity.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2021_03_11; reference:url, urlhaus.abuse.ch/url/1061608/; classtype:trojan-activity;sid:81924708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1040535)"; flow:established,from_client; content:"GET"; http_method; content:"/agha25.tar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"spaceframe.mobi.space-frame.co.za"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2021_03_01; reference:url, urlhaus.abuse.ch/url/1040535/; classtype:trojan-activity;sid:81903635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1040097)"; flow:established,from_client; content:"GET"; http_method; content:"/rpez546n.rar"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"test.typoten.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_03_01; reference:url, urlhaus.abuse.ch/url/1040097/; classtype:trojan-activity;sid:81903197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1009349)"; flow:established,from_client; content:"GET"; http_method; content:"/2017/06/radbxnzdxbd.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"360down7.miiyun.cn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_02_14; reference:url, urlhaus.abuse.ch/url/1009349/; classtype:trojan-activity;sid:81872449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (995049)"; flow:established,from_client; content:"GET"; http_method; content:"/txs9e9.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"buscascolegios.diit.cl"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2021_02_08; reference:url, urlhaus.abuse.ch/url/995049/; classtype:trojan-activity;sid:81858149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (995040)"; flow:established,from_client; content:"GET"; http_method; content:"/txs9e9.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"buscascolegios.diit.cl"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2021_02_08; reference:url, urlhaus.abuse.ch/url/995040/; classtype:trojan-activity;sid:81858140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (986697)"; flow:established,from_client; content:"GET"; http_method; content:"/dcbl8fi.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"library.arihantmbainstitute.ac.in"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2021_02_01; reference:url, urlhaus.abuse.ch/url/986697/; classtype:trojan-activity;sid:81849797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (957784)"; flow:established,from_client; content:"GET"; http_method; content:"/gamewd/yhdl.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"download.caihong.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_13; reference:url, urlhaus.abuse.ch/url/957784/; classtype:trojan-activity;sid:81820884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (946607)"; flow:established,from_client; content:"GET"; http_method; content:"/css/wwyxh5cctn/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_01_01; reference:url, urlhaus.abuse.ch/url/946607/; classtype:trojan-activity;sid:81809707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (936427)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/bxjesdj7w3meuh7iatiurbsgh/"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_12_21; reference:url, urlhaus.abuse.ch/url/936427/; classtype:trojan-activity;sid:81799527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (935817)"; flow:established,from_client; content:"GET"; http_method; content:"/css/bg4n3/"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_12_21; reference:url, urlhaus.abuse.ch/url/935817/; classtype:trojan-activity;sid:81798917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (935625)"; flow:established,from_client; content:"GET"; http_method; content:"/u0eukz.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"abissnet.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_12_21; reference:url, urlhaus.abuse.ch/url/935625/; classtype:trojan-activity;sid:81798725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (920450)"; flow:established,from_client; content:"GET"; http_method; content:"/hceioc.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"api-ms.cobainaja.id"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_12_15; reference:url, urlhaus.abuse.ch/url/920450/; classtype:trojan-activity;sid:81783550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (788214)"; flow:established,from_client; content:"GET"; http_method; content:"/v2x2vexx.jpg"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"yzkzixun.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_11_05; reference:url, urlhaus.abuse.ch/url/788214/; classtype:trojan-activity;sid:81651314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (754857)"; flow:established,from_client; content:"GET"; http_method; content:"/gfl7i3kp.rar"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"karer.by"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_10_27; reference:url, urlhaus.abuse.ch/url/754857/; classtype:trojan-activity;sid:81617957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (723755)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sites/ci6p05scnuonqslqmehm/"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/723755/; classtype:trojan-activity;sid:81586855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (723711)"; flow:established,from_client; content:"GET"; http_method; content:"/css/attachments/"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/723711/; classtype:trojan-activity;sid:81586811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (637433)"; flow:established,from_client; content:"GET"; http_method; content:"/paetools.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"soft.110route.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_10_01; reference:url, urlhaus.abuse.ch/url/637433/; classtype:trojan-activity;sid:81500533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (611407)"; flow:established,from_client; content:"GET"; http_method; content:"/css/3u/"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_25; reference:url, urlhaus.abuse.ch/url/611407/; classtype:trojan-activity;sid:81474507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (598684)"; flow:established,from_client; content:"GET"; http_method; content:"/css/6qv2o2ehwzh1d/"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_22; reference:url, urlhaus.abuse.ch/url/598684/; classtype:trojan-activity;sid:81461784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (554647)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/file/x7z9wbk77tt6v9/"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_18; reference:url, urlhaus.abuse.ch/url/554647/; classtype:trojan-activity;sid:81417747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (552113)"; flow:established,from_client; content:"GET"; http_method; content:"/css/llc/fa1torcvwmvsw1ioua/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_18; reference:url, urlhaus.abuse.ch/url/552113/; classtype:trojan-activity;sid:81415213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (490516)"; flow:established,from_client; content:"GET"; http_method; content:"/hmatrix/data/hack1226.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cd.textfiles.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_14; reference:url, urlhaus.abuse.ch/url/490516/; classtype:trojan-activity;sid:81353616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (466425)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.185.23.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_12; reference:url, urlhaus.abuse.ch/url/466425/; classtype:trojan-activity;sid:81329525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (466312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.185.23.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_12; reference:url, urlhaus.abuse.ch/url/466312/; classtype:trojan-activity;sid:81329412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (463460)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.185.23.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_11; reference:url, urlhaus.abuse.ch/url/463460/; classtype:trojan-activity;sid:81326560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (463309)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.185.23.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_11; reference:url, urlhaus.abuse.ch/url/463309/; classtype:trojan-activity;sid:81326409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (452932)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"111.185.23.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_04; reference:url, urlhaus.abuse.ch/url/452932/; classtype:trojan-activity;sid:81316032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (444932)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/document/81828115/bkxjh/"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"hr2019.vrcom7.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_27; reference:url, urlhaus.abuse.ch/url/444932/; classtype:trojan-activity;sid:81308032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439389)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/statement/ul397wfyb/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"reifenquick.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439389/; classtype:trojan-activity;sid:81302489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (438705)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/file/21mnqlvi/oz88535657v7rbazasyth9x8i/"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_21; reference:url, urlhaus.abuse.ch/url/438705/; classtype:trojan-activity;sid:81301805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (438621)"; flow:established,from_client; content:"GET"; http_method; content:"/css/statement/sv8ah2oz31fj/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_21; reference:url, urlhaus.abuse.ch/url/438621/; classtype:trojan-activity;sid:81301721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (436727)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/statement/ul397wfyb/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_19; reference:url, urlhaus.abuse.ch/url/436727/; classtype:trojan-activity;sid:81299827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (434592)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/closed_957176_mxqsdoj6a4iz/close_warehouse/ql55hnq09iyn6lm_334stxvw03wyv/"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_17; reference:url, urlhaus.abuse.ch/url/434592/; classtype:trojan-activity;sid:81297692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (432815)"; flow:established,from_client; content:"GET"; http_method; content:"/css/doc/kbc9dts71991684654644570io07lx5tws9zd0q/"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_14; reference:url, urlhaus.abuse.ch/url/432815/; classtype:trojan-activity;sid:81295915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (432117)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/hl8-8w4cs-6325/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_13; reference:url, urlhaus.abuse.ch/url/432117/; classtype:trojan-activity;sid:81295217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (431601)"; flow:established,from_client; content:"GET"; http_method; content:"/homegrownorlando.com/scan/5k2b2y4/"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"exilum.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_13; reference:url, urlhaus.abuse.ch/url/431601/; classtype:trojan-activity;sid:81294701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429864)"; flow:established,from_client; content:"GET"; http_method; content:"/css/fqcfrfvwflt3/"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_12; reference:url, urlhaus.abuse.ch/url/429864/; classtype:trojan-activity;sid:81292964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428352)"; flow:established,from_client; content:"GET"; http_method; content:"/common/yz.vbs"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"yp.hnggzyjy.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428352/; classtype:trojan-activity;sid:81291452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427195)"; flow:established,from_client; content:"GET"; http_method; content:"/homegrownorlando.com/closed-section/additional-area/740331365-r4cxbyqtk/"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"exilum.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427195/; classtype:trojan-activity;sid:81290295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427189)"; flow:established,from_client; content:"GET"; http_method; content:"/css/private_module/test_cloud/z3gjv_w4zyu545ts846/"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427189/; classtype:trojan-activity;sid:81290289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426390)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/open-0627720493640-azq24pffjrm/guarded-space/gxkx9t42ra6yf-6x7uyx330389w/"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426390/; classtype:trojan-activity;sid:81289490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422458)"; flow:established,from_client; content:"GET"; http_method; content:"/invoice/aog-3515110/"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"lindnerelektroanlagen.de"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422458/; classtype:trojan-activity;sid:81285558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421897)"; flow:established,from_client; content:"GET"; http_method; content:"/css/reporting/po3x708837819192166196fun7k976gnpv/"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421897/; classtype:trojan-activity;sid:81284997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (420521)"; flow:established,from_client; content:"GET"; http_method; content:"/css/parts_service/ly944myw/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"hitstation.nl"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_28; reference:url, urlhaus.abuse.ch/url/420521/; classtype:trojan-activity;sid:81283621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (419853)"; flow:established,from_client; content:"GET"; http_method; content:"/homegrownorlando.com/djsv1tay8/"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"exilum.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_27; reference:url, urlhaus.abuse.ch/url/419853/; classtype:trojan-activity;sid:81282953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (411798)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"123.110.124.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_11; reference:url, urlhaus.abuse.ch/url/411798/; classtype:trojan-activity;sid:81274898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (363653)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"218.38.241.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_16; reference:url, urlhaus.abuse.ch/url/363653/; classtype:trojan-activity;sid:81226753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322758)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzzcxmzyyqgzzns50axn0b3j5lmnvbtovyxr0ywnolzavmtqwmdawmdawmdawlmv4zq%3d%3d|7c|26|7c|filename=crack-pro20.exe"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"cfs5.tistory.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_08; reference:url, urlhaus.abuse.ch/url/322758/; classtype:trojan-activity;sid:81185858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322467)"; flow:established,from_client; content:"GET"; http_method; content:"/scenic/scenic1/jet.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_07; reference:url, urlhaus.abuse.ch/url/322467/; classtype:trojan-activity;sid:81185567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322465)"; flow:established,from_client; content:"GET"; http_method; content:"/scenic/scenic1/sunset1.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_07; reference:url, urlhaus.abuse.ch/url/322465/; classtype:trojan-activity;sid:81185565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322462)"; flow:established,from_client; content:"GET"; http_method; content:"/flowers/flowers1/smell-the-roses.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_07; reference:url, urlhaus.abuse.ch/url/322462/; classtype:trojan-activity;sid:81185562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (318948)"; flow:established,from_client; content:"GET"; http_method; content:"/fuzzbunch/fuzzbunch/master/payloads/doublepulsar-1.3.1.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_02_26; reference:url, urlhaus.abuse.ch/url/318948/; classtype:trojan-activity;sid:81182048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (263107)"; flow:established,from_client; content:"GET"; http_method; content:"/dusers.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.53.120.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_12_03; reference:url, urlhaus.abuse.ch/url/263107/; classtype:trojan-activity;sid:81126207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (242615)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.224.242.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_10_10; reference:url, urlhaus.abuse.ch/url/242615/; classtype:trojan-activity;sid:81105715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (242568)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.4.124.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_10_10; reference:url, urlhaus.abuse.ch/url/242568/; classtype:trojan-activity;sid:81105668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (241993)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.175.138.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_09; reference:url, urlhaus.abuse.ch/url/241993/; classtype:trojan-activity;sid:81105093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240832)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.16.63.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240832/; classtype:trojan-activity;sid:81103932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240426)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.113.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240426/; classtype:trojan-activity;sid:81103526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240403)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.114.191.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240403/; classtype:trojan-activity;sid:81103503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240237)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"216.183.54.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240237/; classtype:trojan-activity;sid:81103337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240036)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.151.143.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240036/; classtype:trojan-activity;sid:81103136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (239977)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.126.178.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/239977/; classtype:trojan-activity;sid:81103077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (239019)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.139.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_10_06; reference:url, urlhaus.abuse.ch/url/239019/; classtype:trojan-activity;sid:81102119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (237890)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.12.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_05; reference:url, urlhaus.abuse.ch/url/237890/; classtype:trojan-activity;sid:81100990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222979)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/thirdupload/5d3e8177e87cc.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"src1.minibai.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_08_07; reference:url, urlhaus.abuse.ch/url/222979/; classtype:trojan-activity;sid:81086079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (217486)"; flow:established,from_client; content:"GET"; http_method; content:"/meteoradminz/hidden-tear/zip/master"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_07_17; reference:url, urlhaus.abuse.ch/url/217486/; classtype:trojan-activity;sid:81080586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (215077)"; flow:established,from_client; content:"GET"; http_method; content:"/doumai/news2/v1.0.7.01/news2_01.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"download.doumaibiji.cn"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_07_06; reference:url, urlhaus.abuse.ch/url/215077/; classtype:trojan-activity;sid:81078177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (210023)"; flow:established,from_client; content:"GET"; http_method; content:"/opolis.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.opolis.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_06_18; reference:url, urlhaus.abuse.ch/url/210023/; classtype:trojan-activity;sid:81073123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (203280)"; flow:established,from_client; content:"GET"; http_method; content:"/download/qt51crk.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.hseda.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_29; reference:url, urlhaus.abuse.ch/url/203280/; classtype:trojan-activity;sid:81066380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (203157)"; flow:established,from_client; content:"GET"; http_method; content:"/download/qt51crk.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"hseda.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_28; reference:url, urlhaus.abuse.ch/url/203157/; classtype:trojan-activity;sid:81066257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (202114)"; flow:established,from_client; content:"GET"; http_method; content:"/screenmate/cute/sm1302.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.starcountry.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_26; reference:url, urlhaus.abuse.ch/url/202114/; classtype:trojan-activity;sid:81065214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (201893)"; flow:established,from_client; content:"GET"; http_method; content:"/products/siplast/_vti_cnf/_vti_cnf.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"unicorpbrunei.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_25; reference:url, urlhaus.abuse.ch/url/201893/; classtype:trojan-activity;sid:81064993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200800)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/zorke_release/zorke_asciiverter_v1.00/zke-ascv.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200800/; classtype:trojan-activity;sid:81063900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200798)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/12.2013/nrv-ppwr.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200798/; classtype:trojan-activity;sid:81063898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200771)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/rzr-winner_intro.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"chiptune.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200771/; classtype:trojan-activity;sid:81063871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200770)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/zorke_release/zorke_nfo_file_viewer_v1.00/zke-nfoview.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200770/; classtype:trojan-activity;sid:81063870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (197801)"; flow:established,from_client; content:"GET"; http_method; content:"/hao123-soft-online-bcs/soft/d/2014-06-12_djylh.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"download.skycn.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197801/; classtype:trojan-activity;sid:81060901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (197800)"; flow:established,from_client; content:"GET"; http_method; content:"/hao123-soft-online-bcs/soft/p/pocketrar350sc.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"download.skycn.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197800/; classtype:trojan-activity;sid:81060900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (195911)"; flow:established,from_client; content:"GET"; http_method; content:"/soft_hair/pcsupport.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"support.clz.kr"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_14; reference:url, urlhaus.abuse.ch/url/195911/; classtype:trojan-activity;sid:81059011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (186282)"; flow:established,from_client; content:"GET"; http_method; content:"/pub/1003b/patch/patch_data/patch_0.3300/1003b.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"dl.1003b.56a.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_04_27; reference:url, urlhaus.abuse.ch/url/186282/; classtype:trojan-activity;sid:81049382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (175859)"; flow:established,from_client; content:"GET"; http_method; content:"/admin/swfupload/css/inf.inf"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"meeweb.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_04_11; reference:url, urlhaus.abuse.ch/url/175859/; classtype:trojan-activity;sid:81038959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (170262)"; flow:established,from_client; content:"GET"; http_method; content:"/eng/wp-content/plugins/featurific-for-wordpress/3"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"jointings.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_02; reference:url, urlhaus.abuse.ch/url/170262/; classtype:trojan-activity;sid:81033362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (170261)"; flow:established,from_client; content:"GET"; http_method; content:"/eng/wp-content/plugins/featurific-for-wordpress/2"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"jointings.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_02; reference:url, urlhaus.abuse.ch/url/170261/; classtype:trojan-activity;sid:81033361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (170260)"; flow:established,from_client; content:"GET"; http_method; content:"/eng/wp-content/plugins/featurific-for-wordpress/1"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"jointings.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_02; reference:url, urlhaus.abuse.ch/url/170260/; classtype:trojan-activity;sid:81033360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (121029)"; flow:established,from_client; content:"GET"; http_method; content:"/active/pcclear_eng_mini.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"down.pcclear.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_02_10; reference:url, urlhaus.abuse.ch/url/121029/; classtype:trojan-activity;sid:80984129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (101043)"; flow:established,from_client; content:"GET"; http_method; content:"/employeemasterimages/qace.jpg"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"livetrack.in"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_01_02; reference:url, urlhaus.abuse.ch/url/101043/; classtype:trojan-activity;sid:80964143; rev:1;)
# Number of entries: 28723